Ransomware has been widely adopted by cyber extortionists and bad-actor states, representing a possibly lethal risk to companies that fall victim. The latest variations of crypto-ransomware go after all vulnerable resources, including backup, making even selective recovery a long and expensive exercise. Novel variations of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Nephilim have made the headlines, replacing WannaCry, Cerber, and CryptoWall in prominence, elaborateness, and destructiveness.
Most ransomware infections come from innocent-seeming emails with dangerous links or file attachments, and a high percentage are so-called "zero-day" variants that can escape the defenses of traditional signature-matching antivirus (AV) tools. Although user education and up-front identification are important to defend your network against ransomware, leading practices demand that you assume some malware will eventually get through and that you deploy a solid backup solution that allows you to repair the damage quickly with little if any damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service built around an online discussion with a Progent security consultant skilled in ransomware protection and recovery. During this interview Progent will cooperate directly with your Baltimore network management staff to collect pertinent information about your cybersecurity setup and backup environment. Progent will use this data to create a Basic Security and Best Practices Assessment detailing how to follow best practices for configuring and administering your security and backup systems to prevent or recover from a ransomware attack.
Progent's Basic Security and Best Practices Report focuses on key areas related to ransomware defense and restoration recovery. The review covers:
- Effective use of administration accounts
- Assigning NTFS and SMB (Server Message Block) permissions
- Optimal firewall setup
- Safe RDP configuration
- Advice about AntiVirus filtering selection and deployment
The remote interview included with the ProSight Ransomware Vulnerability Report service takes about one hour for a typical small company and requires more time for bigger or more complex IT environments. The written report includes recommendations for enhancing your ability to ward off or clean up after a ransomware incident and Progent can provide as-needed consulting services to assist your business to create a cost-effective cybersecurity/backup solution tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting key servers such as AD
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or deletes files so they are unusable or are publicized. Crypto-ransomware often locks the victim's computer. To prevent the carnage, the target is asked to pay a specified amount of money, usually via a crypto currency such as Bitcoin, within a brief period of time. There is no guarantee that paying the extortion price will recover the damaged data or avoid its exposure to the public. Files can be encrypted or deleted throughout a network based on the victim's write permissions, and you cannot reverse engineer the strong encryption technologies used on the compromised files. A common ransomware attack vector is spoofed email, in which the user is lured into interacting with by means of a social engineering technique called spear phishing. This causes the email to look as though it came from a familiar sender. Another common attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
CryptoLocker opened the new age of crypto-ransomware in 2013, and the damage attributed to by the many strains of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Famous examples include WannaCry, and Petya. Current high-profile variants like Ryuk, DoppelPaymer and Cerber are more complex and have wreaked more havoc than older strains. Even if your backup procedures permit you to recover your ransomed files, you can still be threatened by exfiltration, where stolen documents are exposed to the public. Because additional variants of ransomware crop up every day, there is no guarantee that traditional signature-based anti-virus tools will detect the latest attack. If threat does appear in an email, it is critical that your users have learned to be aware of social engineering techniques. Your last line of protection is a sound process for scheduling and keeping remote backups and the use of dependable recovery platforms.
Contact Progent About the ProSight Ransomware Susceptibility Review in Baltimore
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Susceptibility Review can enhance your defense against ransomware in Baltimore, phone Progent at 800-462-8800 or visit Contact Progent.