Ransomware has become the weapon of choice for cyber extortionists and bad-actor states, posing a possibly existential threat to businesses that are breached. The latest variations of ransomware target everything, including online backup, making even partial recovery a challenging and costly exercise. New strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Snatch and Egregor have made the headlines, replacing WannaCry, Spora, and NotPetya in prominence, sophistication, and destructiveness.
90% of ransomware breaches are caused by innocuous-looking emails that have malicious links or file attachments, and many are "zero-day" strains that elude detection by traditional signature-based antivirus tools. While user education and up-front detection are critical to protect your network against ransomware, leading practices demand that you assume some attacks will eventually succeed and that you prepare a strong backup mechanism that enables you to recover quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is a low-cost service centered around an online discussion with a Progent cybersecurity expert skilled in ransomware defense and repair. During this assessment Progent will work with your Baltimore IT managers to gather critical information about your security posture and backup processes. Progent will utilize this data to produce a Basic Security and Best Practices Assessment detailing how to follow leading practices for implementing and administering your security and backup solution to block or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key issues associated with ransomware defense and restoration recovery. The review covers:
- Effective use of administration accounts
- Appropriate NTFS and SMB (Server Message Block) permissions
- Proper firewall settings
- Safe Remote Desktop Protocol (RDP) connections
- Recommend AntiVirus (AV) tools selection and deployment
The online interview included with the ProSight Ransomware Preparedness Assessment service takes about an hour for the average small business network and requires more time for bigger or more complex environments. The written report includes recommendations for improving your ability to block or recover from a ransomware incident and Progent offers as-needed consulting services to help you to design and deploy a cost-effective cybersecurity/data backup solution customized for your business needs.
- Split permission architecture for backup integrity
- Backing up key servers such as Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a type of malicious software that encrypts or steals a victim's files so they cannot be used or are publicized. Crypto-ransomware often locks the target's computer. To avoid the damage, the target is asked to send a certain amount of money, usually in the form of a crypto currency such as Bitcoin, within a brief time window. There is no guarantee that delivering the extortion price will restore the lost data or prevent its publication. Files can be altered or deleted throughout a network based on the target's write permissions, and you cannot solve the strong encryption algorithms used on the compromised files. A typical ransomware delivery package is booby-trapped email, in which the target is tricked into interacting with by a social engineering technique known as spear phishing. This causes the email message to look as though it came from a familiar source. Another common vulnerability is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the damage caused by different versions of ransomware is said to be billions of dollars per year, more than doubling every other year. Famous attacks are WannaCry, and NotPetya. Current high-profile variants like Ryuk, Sodinokibi and Spora are more elaborate and have wreaked more damage than older strains. Even if your backup/recovery processes permit you to restore your encrypted data, you can still be threatened by exfiltration, where ransomed data are made public (known as "doxxing"). Because additional variants of ransomware are launched every day, there is no certainty that conventional signature-matching anti-virus filters will block the latest attack. If threat does appear in an email, it is important that your end users have been taught to identify phishing techniques. Your ultimate protection is a solid process for performing and retaining remote backups plus the deployment of dependable recovery platforms.
Contact Progent About the ProSight Ransomware Readiness Testing in Baltimore
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Readiness Report can enhance your defense against ransomware in Baltimore, call Progent at 800-462-8800 or visit Contact Progent.