Ransomware has been weaponized by the major cyber-crime organizations and bad-actor states, posing a possibly existential threat to businesses that are successfully attacked. Modern variations of ransomware target everything, including online backup, making even selective recovery a long and costly process. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Egregor have emerged, displacing Locky, Spora, and NotPetya in prominence, elaborateness, and destructiveness.
90% of ransomware breaches are the result of innocuous-looking emails that have dangerous hyperlinks or file attachments, and a high percentage are so-called "zero-day" attacks that elude detection by legacy signature-matching antivirus tools. While user education and frontline detection are important to defend your network against ransomware, leading practices dictate that you assume some attacks will eventually get through and that you prepare a strong backup mechanism that allows you to recover rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service centered around a remote discussion with a Progent cybersecurity expert skilled in ransomware defense and repair. During this assessment Progent will work directly with your Baltimore IT managers to collect pertinent information concerning your security profile and backup environment. Progent will use this information to generate a Basic Security and Best Practices Assessment documenting how to follow best practices for implementing and administering your cybersecurity and backup solution to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights key issues associated with ransomware defense and restoration recovery. The review covers:
- Effective allocation and use of administration accounts
- Appropriate NTFS and SMB permissions
- Optimal firewall settings
- Safe Remote Desktop Protocol (RDP) configuration
- Guidance for AntiVirus tools identification and deployment
The online interview included with the ProSight Ransomware Vulnerability Checkup service lasts about one hour for the average small business network and requires more time for bigger or more complicated IT environments. The report document features recommendations for improving your ability to block or clean up after a ransomware attack and Progent can provide as-needed expertise to assist you to create a cost-effective cybersecurity/data backup system customized for your business requirements.
- Split permission model for backup protection
- Backing up critical servers including Active Directory
- Offsite backups with cloud backup to Azure
Ransomware is a variety of malware that encrypts or deletes files so they cannot be used or are made publicly available. Ransomware sometimes locks the target's computer. To prevent the damage, the victim is required to pay a certain ransom, typically via a crypto currency like Bitcoin, within a short period of time. It is never certain that paying the ransom will restore the damaged files or avoid its publication. Files can be encrypted or erased across a network depending on the target's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the compromised files. A typical ransomware delivery package is spoofed email, in which the user is tricked into interacting with by means of a social engineering exploit called spear phishing. This makes the email message to look as though it came from a trusted source. Another common attack vector is an improperly secured RDP port.
The ransomware variant CryptoLocker ushered in the modern era of ransomware in 2013, and the monetary losses caused by different strains of ransomware is said to be billions of dollars annually, more than doubling every two years. Famous examples include WannaCry, and NotPetya. Current headline variants like Ryuk, Maze and Spora are more sophisticated and have caused more damage than older strains. Even if your backup/recovery procedures allow your business to restore your ransomed data, you can still be threatened by exfiltration, where ransomed documents are made public (known as "doxxing"). Because additional versions of ransomware crop up daily, there is no certainty that traditional signature-based anti-virus filters will detect the latest malware. If threat does show up in an email, it is critical that your end users have been taught to be aware of phishing techniques. Your ultimate protection is a solid process for scheduling and retaining offsite backups and the use of dependable restoration tools.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Report in Baltimore
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Review can enhance your protection against crypto-ransomware in Baltimore, call Progent at 800-993-9400 or visit Contact Progent.