Ransomware has been widely adopted by cyber extortionists and malicious states, representing a possibly existential risk to companies that are successfully attacked. Modern versions of crypto-ransomware target all vulnerable resources, including online backup, making even partial restoration a long and expensive exercise. Novel variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have made the headlines, replacing WannaCry, TeslaCrypt, and CryptoWall in prominence, sophistication, and destructiveness.
Most ransomware infections are caused by innocuous-seeming emails that include malicious hyperlinks or file attachments, and a high percentage are so-called "zero-day" attacks that can escape the defenses of traditional signature-matching antivirus tools. While user education and frontline identification are important to protect your network against ransomware attacks, best practices demand that you take for granted some malware will eventually succeed and that you implement a strong backup mechanism that permits you to repair the damage rapidly with minimal losses.
Progent's ProSight Ransomware Preparedness Report is a low-cost service centered around a remote discussion with a Progent cybersecurity consultant skilled in ransomware protection and recovery. During this assessment Progent will collaborate with your Austin network managers to gather critical information about your security setup and backup processes. Progent will utilize this data to produce a Basic Security and Best Practices Report documenting how to follow leading practices for implementing and managing your security and backup solution to block or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights key issues related to crypto-ransomware defense and restoration recovery. The report covers:
- Correct allocation and use of administration accounts
- Correct NTFS and SMB permissions
- Proper firewall setup
- Safe Remote Desktop Protocol connections
- Advice about AntiVirus filtering identification and configuration
The online interview for the ProSight Ransomware Vulnerability Checkup service lasts about an hour for the average small business network and requires more time for larger or more complicated environments. The report document contains suggestions for enhancing your ability to block or clean up after a ransomware attack and Progent can provide on-demand expertise to assist your business to create a cost-effective cybersecurity/backup solution tailored to your business requirements.
- Split permission model for backup integrity
- Backing up critical servers such as Active Directory
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or steals files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To avoid the carnage, the target is asked to send a specified amount of money (the ransom), typically in the form of a crypto currency like Bitcoin, within a short time window. It is never certain that paying the extortion price will recover the lost data or avoid its exposure to the public. Files can be altered or erased across a network based on the target's write permissions, and you cannot break the strong encryption technologies used on the compromised files. A typical ransomware delivery package is tainted email, whereby the user is lured into interacting with by a social engineering technique called spear phishing. This makes the email to look as though it came from a trusted source. Another common vulnerability is a poorly protected RDP port.
The ransomware variant CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the damage attributed to by different versions of ransomware is said to be billions of dollars annually, more than doubling every two years. Notorious attacks are Locky, and NotPetya. Current headline threats like Ryuk, Maze and Cerber are more elaborate and have caused more damage than earlier versions. Even if your backup procedures enable your business to restore your encrypted data, you can still be threatened by exfiltration, where stolen data are exposed to the public. Because additional variants of ransomware are launched daily, there is no guarantee that conventional signature-matching anti-virus filters will block the latest malware. If an attack does show up in an email, it is important that your end users have learned to be aware of phishing tricks. Your last line of protection is a solid process for performing and keeping offsite backups and the deployment of dependable restoration tools.
Ask Progent About the ProSight Crypto-Ransomware Vulnerability Assessment in Austin
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Testing can bolster your protection against ransomware in Austin, phone Progent at 800-462-8800 or see Contact Progent.