Ransomware has been widely adopted by cyber extortionists and bad-actor states, representing a potentially lethal threat to companies that are breached. The latest strains of ransomware target all vulnerable resources, including backup, making even partial restoration a long and expensive exercise. New variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Egregor have emerged, replacing Locky, TeslaCrypt, and NotPetya in notoriety, elaborateness, and destructiveness.
90% of ransomware penetrations are the result of innocuous-looking emails that include dangerous links or attachments, and many are "zero-day" strains that elude detection by traditional signature-matching antivirus tools. Although user training and frontline detection are critical to defend your network against ransomware attacks, leading practices demand that you assume some attacks will inevitably get through and that you put in place a strong backup solution that allows you to recover rapidly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service centered around a remote interview with a Progent cybersecurity consultant experienced in ransomware defense and repair. In the course of this assessment Progent will work with your Aurora network managers to gather pertinent data about your security configuration and backup environment. Progent will utilize this data to produce a Basic Security and Best Practices Assessment documenting how to follow best practices for configuring and managing your security and backup systems to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key areas associated with crypto-ransomware defense and restoration recovery. The review covers:
- Effective allocation and use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Secure RDP connections
- Guidance for AntiVirus tools selection and deployment
The remote interview included with the ProSight Ransomware Preparedness Assessment service takes about one hour for the average small company and longer for bigger or more complex IT environments. The report document includes suggestions for enhancing your ability to block or recover from a ransomware incident and Progent can provide as-needed consulting services to assist your business to create a cost-effective cybersecurity/backup system tailored to your business requirements.
- Split permission architecture for backup integrity
- Backing up critical servers including Active Directory
- Offsite backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals files so they cannot be used or are publicized. Ransomware sometimes locks the victim's computer. To avoid the carnage, the target is asked to send a certain ransom, usually via a crypto currency such as Bitcoin, within a brief period of time. It is never certain that delivering the ransom will restore the damaged files or avoid its publication. Files can be encrypted or erased throughout a network depending on the target's write permissions, and you cannot break the strong encryption algorithms used on the hostage files. A common ransomware attack vector is spoofed email, whereby the target is lured into responding to by means of a social engineering exploit known as spear phishing. This makes the email to appear to come from a trusted source. Another common attack vector is a poorly protected Remote Desktop Protocol port.
CryptoLocker ushered in the new age of ransomware in 2013, and the monetary losses caused by different strains of ransomware is estimated at billions of dollars annually, more than doubling every two years. Notorious examples are WannaCry, and NotPetya. Current high-profile threats like Ryuk, DoppelPaymer and CryptoWall are more sophisticated and have caused more havoc than earlier versions. Even if your backup/recovery processes enable you to restore your ransomed files, you can still be threatened by exfiltration, where ransomed data are exposed to the public. Because additional versions of ransomware are launched daily, there is no guarantee that conventional signature-based anti-virus filters will block the latest attack. If an attack does appear in an email, it is critical that your end users have learned to be aware of social engineering tricks. Your last line of protection is a solid scheme for performing and retaining offsite backups plus the use of dependable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Readiness Review in Aurora
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Preparedness Assessment can enhance your defense against crypto-ransomware in Aurora, phone Progent at 800-462-8800 or see Contact Progent.