Ransomware has been widely adopted by the major cyber-crime organizations and bad-actor states, posing a potentially existential risk to businesses that are victimized. The latest versions of crypto-ransomware target all vulnerable resources, including online backup, making even partial recovery a complex and costly exercise. Novel variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, LockBit and Egregor have made the headlines, replacing WannaCry, Cerber, and NotPetya in notoriety, elaborateness, and destructiveness.
90% of ransomware infections are the result of innocent-seeming emails that include dangerous hyperlinks or attachments, and a high percentage are "zero-day" strains that elude the defenses of legacy signature-matching antivirus (AV) tools. While user training and up-front detection are critical to defend your network against ransomware, leading practices dictate that you take for granted some attacks will eventually succeed and that you prepare a solid backup mechanism that permits you to recover quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service built around an online discussion with a Progent security expert experienced in ransomware defense and recovery. During this assessment Progent will collaborate directly with your Baltimore IT management staff to gather critical data about your cybersecurity setup and backup environment. Progent will use this data to generate a Basic Security and Best Practices Assessment detailing how to follow best practices for implementing and managing your security and backup solution to block or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights key issues associated with crypto-ransomware defense and restoration recovery. The review covers:
- Effective use of administration accounts
- Correct NTFS and SMB permissions
- Proper firewall setup
- Secure RDP access
- Advice about AntiVirus tools selection and deployment
The remote interview for the ProSight Ransomware Preparedness Report service lasts about one hour for a typical small business and requires more time for bigger or more complex IT environments. The report document features suggestions for enhancing your ability to block or recover from a ransomware incident and Progent can provide on-demand expertise to assist your business to design and deploy an efficient cybersecurity/data backup system tailored to your business requirements.
- Split permission architecture for backup protection
- Protecting critical servers such as AD
- Offsite backups including cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes a victim's files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To avoid the carnage, the target is required to send a specified ransom, usually via a crypto currency such as Bitcoin, within a brief time window. It is never certain that delivering the ransom will restore the lost files or prevent its exposure to the public. Files can be altered or deleted throughout a network based on the victim's write permissions, and you cannot reverse engineer the strong encryption technologies used on the hostage files. A common ransomware attack vector is spoofed email, in which the user is lured into responding to by means of a social engineering technique called spear phishing. This makes the email to look as though it came from a trusted sender. Another common vulnerability is an improperly protected Remote Desktop Protocol (RDP) port.
CryptoLocker opened the new age of crypto-ransomware in 2013, and the damage attributed to by the many versions of ransomware is said to be billions of dollars annually, roughly doubling every other year. Notorious examples are Locky, and Petya. Current headline variants like Ryuk, Maze and Spora are more complex and have caused more havoc than older versions. Even if your backup/recovery processes allow you to recover your ransomed files, you can still be threatened by so-called exfiltration, where ransomed documents are made public. Because additional variants of ransomware are launched daily, there is no certainty that conventional signature-matching anti-virus filters will block the latest malware. If threat does appear in an email, it is important that your users have been taught to identify phishing tricks. Your ultimate protection is a sound scheme for performing and keeping offsite backups plus the use of dependable recovery platforms.
Contact Progent About the ProSight Ransomware Readiness Testing in Baltimore
For pricing details and to learn more about how Progent's ProSight Ransomware Preparedness Report can enhance your defense against ransomware in Baltimore, phone Progent at 800-462-8800 or see Contact Progent.