Ransomware has become the weapon of choice for cybercriminals and rogue governments, posing a potentially lethal risk to companies that are successfully attacked. Modern variations of ransomware go after everything, including backup, making even selective recovery a long and expensive process. Novel strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Egregor have made the headlines, displacing Locky, TeslaCrypt, and Petya in prominence, sophistication, and destructive impact.
Most crypto-ransomware infections are the result of innocuous-seeming emails that include malicious links or attachments, and a high percentage are "zero-day" variants that elude detection by legacy signature-matching antivirus tools. Although user training and up-front detection are important to protect against ransomware attacks, leading practices dictate that you take for granted some attacks will eventually succeed and that you deploy a strong backup mechanism that allows you to repair the damage rapidly with little if any losses.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service centered around an online interview with a Progent security expert experienced in ransomware protection and recovery. In the course of this assessment Progent will cooperate with your Austin IT management staff to collect pertinent information concerning your security setup and backup environment. Progent will use this information to produce a Basic Security and Best Practices Report detailing how to follow best practices for configuring and managing your security and backup solution to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report focuses on key issues associated with crypto-ransomware prevention and restoration recovery. The review covers:
- Proper allocation and use of administration accounts
- Correct NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Optimal firewall settings
- Safe RDP connections
- Recommend AntiVirus (AV) tools selection and configuration
The online interview process included with the ProSight Ransomware Preparedness Checkup service takes about an hour for the average small company and longer for bigger or more complex IT environments. The written report includes recommendations for enhancing your ability to ward off or clean up after a ransomware incident and Progent offers on-demand consulting services to assist your business to create an efficient security/data backup system customized for your business needs.
- Split permission architecture for backup protection
- Protecting required servers including AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a form of malicious software that encrypts or deletes a victim's files so they are unusable or are publicized. Crypto-ransomware sometimes locks the target's computer. To prevent the carnage, the target is asked to pay a specified ransom, usually via a crypto currency like Bitcoin, within a brief period of time. It is never certain that delivering the extortion price will recover the damaged data or prevent its publication. Files can be altered or deleted throughout a network based on the target's write permissions, and you cannot reverse engineer the strong encryption technologies used on the compromised files. A typical ransomware attack vector is tainted email, whereby the user is lured into interacting with by a social engineering technique called spear phishing. This causes the email message to appear to come from a trusted source. Another popular attack vector is a poorly secured RDP port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the damage caused by the many versions of ransomware is said to be billions of dollars annually, roughly doubling every other year. Notorious examples are WannaCry, and NotPetya. Current high-profile threats like Ryuk, Sodinokibi and Cerber are more elaborate and have wreaked more havoc than earlier strains. Even if your backup processes permit your business to restore your encrypted data, you can still be threatened by so-called exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new versions of ransomware are launched daily, there is no guarantee that conventional signature-based anti-virus tools will detect a new attack. If an attack does show up in an email, it is critical that your end users have been taught to be aware of phishing tricks. Your last line of protection is a solid process for scheduling and keeping remote backups and the deployment of reliable recovery tools.
Contact Progent About the ProSight Ransomware Susceptibility Consultation in Austin
For pricing information and to find out more about how Progent's ProSight Ransomware Preparedness Assessment can bolster your defense against crypto-ransomware in Austin, phone Progent at 800-462-8800 or see Contact Progent.