Ransomware has become the weapon of choice for the major cyber-crime organizations and rogue governments, posing a potentially lethal risk to companies that are victimized. Current variations of crypto-ransomware go after everything, including backup, making even selective recovery a complex and costly process. New variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Snatch and Egregor have made the headlines, replacing Locky, Spora, and NotPetya in prominence, sophistication, and destructive impact.
Most crypto-ransomware breaches come from innocent-seeming emails with dangerous hyperlinks or attachments, and many are "zero-day" strains that elude detection by legacy signature-matching antivirus tools. While user training and frontline detection are important to defend your network against ransomware attacks, best practices dictate that you expect that some malware will inevitably get through and that you deploy a solid backup solution that allows you to repair the damage quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service centered around an online discussion with a Progent security expert skilled in ransomware defense and repair. In the course of this interview Progent will work directly with your Austin IT managers to gather pertinent information about your security posture and backup environment. Progent will utilize this data to create a Basic Security and Best Practices Report detailing how to apply best practices for configuring and administering your security and backup solution to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key areas associated with crypto-ransomware defense and restoration recovery. The review addresses:
- Proper use of admin accounts
- Appropriate NTFS and SMB (Server Message Block) permissions
- Proper firewall setup
- Secure RDP access
- Guidance for AntiVirus (AV) tools identification and deployment
The remote interview for the ProSight Ransomware Vulnerability Report service takes about one hour for the average small business network and longer for larger or more complex IT environments. The written report contains suggestions for improving your ability to block or recover from a ransomware attack and Progent can provide on-demand expertise to help your business to create a cost-effective cybersecurity/data backup system tailored to your specific requirements.
- Split permission architecture for backup integrity
- Protecting required servers such as AD
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a variety of malware that encrypts or deletes a victim's files so they cannot be used or are made publicly available. Crypto-ransomware often locks the target's computer. To avoid the carnage, the victim is asked to pay a specified ransom, typically in the form of a crypto currency like Bitcoin, within a brief time window. There is no guarantee that paying the extortion price will recover the damaged data or avoid its exposure to the public. Files can be encrypted or deleted throughout a network based on the target's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A common ransomware delivery package is spoofed email, whereby the target is lured into responding to by a social engineering exploit known as spear phishing. This makes the email to look as though it came from a familiar sender. Another common vulnerability is an improperly secured Remote Desktop Protocol port.
CryptoLocker opened the new age of crypto-ransomware in 2013, and the monetary losses caused by the many strains of ransomware is said to be billions of dollars annually, more than doubling every two years. Famous examples include Locky, and NotPetya. Recent headline threats like Ryuk, DoppelPaymer and Cerber are more complex and have caused more havoc than older versions. Even if your backup procedures permit your business to restore your ransomed data, you can still be threatened by so-called exfiltration, where stolen documents are exposed to the public. Because additional versions of ransomware are launched daily, there is no guarantee that conventional signature-based anti-virus filters will detect a new attack. If an attack does show up in an email, it is important that your users have been taught to identify social engineering tricks. Your last line of defense is a sound process for scheduling and retaining offsite backups plus the deployment of reliable recovery platforms.
Contact Progent About the ProSight Crypto-Ransomware Readiness Report in Austin
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Vulnerability Checkup can enhance your protection against ransomware in Austin, call Progent at 800-462-8800 or visit Contact Progent.