Ransomware has become the weapon of choice for the major cyber-crime organizations and bad-actor governments, representing a potentially lethal risk to companies that fall victim. The latest strains of crypto-ransomware target all vulnerable resources, including online backup, making even selective restoration a complex and costly exercise. Novel versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Nephilim have made the headlines, replacing Locky, TeslaCrypt, and Petya in notoriety, sophistication, and destructiveness.
90% of ransomware breaches are the result of innocuous-seeming emails that include malicious hyperlinks or file attachments, and many are "zero-day" attacks that can escape the defenses of legacy signature-matching antivirus filters. Although user education and up-front detection are critical to defend against ransomware, leading practices demand that you assume some malware will eventually get through and that you deploy a strong backup solution that permits you to repair the damage rapidly with little if any damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service centered around an online discussion with a Progent cybersecurity consultant skilled in ransomware protection and repair. During this interview Progent will collaborate directly with your Aurora IT management staff to gather critical information about your security profile and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Report documenting how to follow leading practices for implementing and administering your cybersecurity and backup solution to prevent or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights key issues associated with crypto-ransomware prevention and restoration recovery. The report covers:
- Proper use of admin accounts
- Correct NTFS and SMB (Server Message Block) authorizations
- Optimal firewall setup
- Secure RDP access
- Guidance for AntiVirus tools selection and configuration
The remote interview process included with the ProSight Ransomware Vulnerability Report service takes about an hour for the average small business network and requires more time for bigger or more complicated environments. The written report contains recommendations for improving your ability to ward off or clean up after a ransomware assault and Progent offers as-needed consulting services to assist you and your IT staff to design and deploy an efficient cybersecurity/data backup system tailored to your business needs.
- Split permission architecture for backup protection
- Protecting key servers including AD
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the victim's computer. To avoid the damage, the target is asked to pay a specified ransom, typically via a crypto currency such as Bitcoin, within a brief time window. It is not guaranteed that paying the extortion price will restore the damaged data or avoid its publication. Files can be altered or deleted throughout a network depending on the target's write permissions, and you cannot break the strong encryption algorithms used on the hostage files. A typical ransomware attack vector is tainted email, whereby the user is lured into interacting with by means of a social engineering technique called spear phishing. This makes the email message to look as though it came from a trusted source. Another common attack vector is a poorly secured Remote Desktop Protocol (RDP) port.
CryptoLocker ushered in the new age of ransomware in 2013, and the damage attributed to by different strains of ransomware is said to be billions of dollars annually, more than doubling every two years. Famous examples are Locky, and Petya. Current headline variants like Ryuk, Sodinokibi and Spora are more elaborate and have caused more havoc than older strains. Even if your backup procedures allow you to restore your ransomed data, you can still be threatened by exfiltration, where ransomed data are made public (known as "doxxing"). Because additional versions of ransomware crop up every day, there is no guarantee that conventional signature-based anti-virus filters will block a new attack. If an attack does appear in an email, it is critical that your users have been taught to identify social engineering techniques. Your ultimate protection is a solid process for performing and retaining remote backups plus the deployment of dependable recovery platforms.
Ask Progent About the ProSight Crypto-Ransomware Readiness Review in Aurora
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Vulnerability Testing can enhance your protection against ransomware in Aurora, call Progent at 800-462-8800 or visit Contact Progent.