Ransomware has become the weapon of choice for cyber extortionists and malicious governments, posing a possibly existential threat to companies that are victimized. The latest variations of crypto-ransomware go after all vulnerable resources, including online backup, making even selective recovery a long and costly exercise. Novel strains of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Egregor have emerged, replacing Locky, Cerber, and Petya in notoriety, elaborateness, and destructive impact.
90% of crypto-ransomware infections are caused by innocuous-seeming emails with malicious hyperlinks or file attachments, and a high percentage are "zero-day" strains that elude detection by legacy signature-matching antivirus (AV) filters. While user training and up-front detection are critical to protect your network against ransomware attacks, leading practices dictate that you take for granted some malware will eventually succeed and that you implement a strong backup solution that enables you to repair the damage quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Assessment is an ultra-affordable service centered around a remote discussion with a Progent security expert skilled in ransomware defense and repair. During this assessment Progent will collaborate with your Baltimore IT management staff to gather pertinent data concerning your security profile and backup environment. Progent will utilize this data to create a Basic Security and Best Practices Report documenting how to follow leading practices for configuring and administering your cybersecurity and backup systems to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report focuses on vital areas associated with crypto-ransomware prevention and restoration recovery. The report addresses:
- Proper use of administration accounts
- Appropriate NTFS and SMB permissions
- Optimal firewall setup
- Secure RDP access
- Advice about AntiVirus (AV) filtering identification and deployment
The remote interview for the ProSight Ransomware Preparedness Checkup service lasts about one hour for a typical small business and requires more time for larger or more complex environments. The report document contains suggestions for enhancing your ability to ward off or clean up after a ransomware attack and Progent can provide on-demand expertise to assist you to design and deploy a cost-effective security/backup system customized for your specific needs.
- Split permission model for backup integrity
- Backing up critical servers such as AD
- Offsite backups including cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the victim's computer. To prevent the damage, the target is required to pay a certain amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a brief period of time. There is no guarantee that paying the extortion price will recover the lost files or prevent its exposure to the public. Files can be altered or deleted across a network based on the target's write permissions, and you cannot solve the military-grade encryption technologies used on the hostage files. A typical ransomware delivery package is spoofed email, in which the victim is tricked into interacting with by a social engineering technique called spear phishing. This causes the email message to look as though it came from a trusted sender. Another popular attack vector is an improperly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the monetary losses caused by different versions of ransomware is said to be billions of dollars annually, more than doubling every two years. Famous attacks include WannaCry, and NotPetya. Current headline variants like Ryuk, Maze and TeslaCrypt are more complex and have caused more havoc than earlier versions. Even if your backup procedures permit your business to restore your encrypted data, you can still be hurt by so-called exfiltration, where stolen data are made public (known as "doxxing"). Because new versions of ransomware are launched every day, there is no guarantee that traditional signature-matching anti-virus filters will block a new malware. If threat does show up in an email, it is important that your end users have been taught to be aware of phishing tricks. Your ultimate protection is a solid scheme for performing and retaining offsite backups and the use of dependable recovery tools.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Assessment in Baltimore
For pricing details and to find out more about how Progent's ProSight Ransomware Preparedness Review can enhance your defense against ransomware in Baltimore, call Progent at 800-462-8800 or visit Contact Progent.