Ransomware has become the weapon of choice for cyber extortionists and bad-actor governments, posing a possibly lethal risk to businesses that fall victim. The latest versions of ransomware target everything, including backup, making even partial recovery a long and costly process. Novel strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Nephilim have made the headlines, displacing WannaCry, TeslaCrypt, and NotPetya in prominence, sophistication, and destructiveness.
Most crypto-ransomware breaches come from innocuous-seeming emails that have dangerous links or file attachments, and many are so-called "zero-day" strains that can escape detection by legacy signature-based antivirus (AV) tools. While user education and up-front identification are critical to protect your network against ransomware, best practices dictate that you expect that some attacks will eventually get through and that you prepare a solid backup mechanism that allows you to restore files and services rapidly with little if any losses.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service centered around an online interview with a Progent cybersecurity consultant experienced in ransomware protection and recovery. In the course of this interview Progent will cooperate directly with your Austin network managers to collect pertinent data concerning your security profile and backup processes. Progent will utilize this information to generate a Basic Security and Best Practices Assessment detailing how to adhere to leading practices for configuring and managing your security and backup solution to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights key areas related to ransomware prevention and restoration recovery. The report addresses:
- Proper allocation and use of administration accounts
- Correct NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall settings
- Secure Remote Desktop Protocol access
- Advice about AntiVirus filtering selection and deployment
The online interview process included with the ProSight Ransomware Preparedness Assessment service lasts about one hour for a typical small business and requires more time for bigger or more complex IT environments. The report document includes recommendations for improving your ability to block or clean up after a ransomware incident and Progent offers on-demand consulting services to assist you and your IT staff to design and deploy a cost-effective cybersecurity/backup solution tailored to your specific needs.
- Split permission model for backup integrity
- Protecting required servers such as AD
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or steals files so they are unusable or are publicized. Ransomware sometimes locks the victim's computer. To avoid the damage, the victim is asked to pay a certain amount of money, usually via a crypto currency like Bitcoin, within a short time window. There is no guarantee that delivering the extortion price will recover the lost data or avoid its publication. Files can be altered or deleted throughout a network depending on the victim's write permissions, and you cannot break the strong encryption algorithms used on the hostage files. A common ransomware attack vector is tainted email, in which the user is lured into interacting with by means of a social engineering exploit called spear phishing. This makes the email message to appear to come from a trusted source. Another popular attack vector is an improperly protected Remote Desktop Protocol port.
CryptoLocker opened the new age of ransomware in 2013, and the damage caused by different strains of ransomware is said to be billions of dollars annually, more than doubling every other year. Notorious attacks include Locky, and NotPetya. Current high-profile variants like Ryuk, Maze and TeslaCrypt are more complex and have caused more damage than older versions. Even if your backup/recovery processes enable your business to recover your encrypted data, you can still be hurt by exfiltration, where stolen data are made public. Because new variants of ransomware are launched daily, there is no guarantee that conventional signature-based anti-virus tools will block a new malware. If an attack does show up in an email, it is critical that your users have been taught to be aware of phishing tricks. Your ultimate defense is a solid process for scheduling and retaining offsite backups and the use of reliable restoration tools.
Ask Progent About the ProSight Ransomware Preparedness Assessment in Austin
For pricing details and to find out more about how Progent's ProSight Ransomware Preparedness Evaluation can bolster your defense against crypto-ransomware in Austin, phone Progent at 800-462-8800 or visit Contact Progent.