Ransomware has become the weapon of choice for cyber extortionists and malicious states, representing a possibly lethal risk to businesses that fall victim. Modern variations of crypto-ransomware target all vulnerable resources, including backup, making even selective restoration a long and costly exercise. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Nephilim have emerged, displacing WannaCry, TeslaCrypt, and NotPetya in notoriety, elaborateness, and destructiveness.
Most crypto-ransomware infections come from innocent-looking emails that include malicious links or file attachments, and many are so-called "zero-day" attacks that can escape detection by traditional signature-matching antivirus tools. Although user education and frontline detection are critical to protect against ransomware attacks, best practices dictate that you assume some malware will eventually succeed and that you put in place a solid backup mechanism that permits you to recover quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service centered around a remote interview with a Progent cybersecurity consultant skilled in ransomware defense and repair. During this interview Progent will work directly with your Barueri-Alphaville network managers to collect pertinent data concerning your cybersecurity setup and backup processes. Progent will utilize this information to generate a Basic Security and Best Practices Assessment detailing how to adhere to leading practices for configuring and administering your security and backup systems to prevent or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report highlights key areas associated with crypto-ransomware defense and restoration recovery. The review covers:
- Effective use of administration accounts
- Correct NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Optimal firewall settings
- Safe Remote Desktop Protocol (RDP) connections
- Guidance for AntiVirus (AV) tools selection and configuration
The remote interview for the ProSight Ransomware Vulnerability Report service takes about an hour for the average small business and requires more time for larger or more complex IT environments. The report document includes suggestions for improving your ability to block or clean up after a ransomware assault and Progent can provide as-needed expertise to help your business to design and deploy a cost-effective security/data backup system tailored to your business needs.
- Split permission model for backup integrity
- Backing up key servers including AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a form of malware that encrypts or steals files so they are unusable or are made publicly available. Ransomware often locks the target's computer. To avoid the damage, the target is asked to send a specified amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a brief period of time. There is no guarantee that paying the extortion price will restore the damaged data or prevent its publication. Files can be encrypted or deleted across a network depending on the victim's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A common ransomware delivery package is spoofed email, whereby the victim is lured into interacting with by means of a social engineering exploit known as spear phishing. This causes the email to appear to come from a familiar source. Another common vulnerability is a poorly secured Remote Desktop Protocol port.
CryptoLocker opened the modern era of crypto-ransomware in 2013, and the monetary losses caused by the many versions of ransomware is estimated at billions of dollars per year, more than doubling every two years. Famous examples are Locky, and Petya. Recent headline threats like Ryuk, Maze and Cerber are more elaborate and have wreaked more damage than older versions. Even if your backup/recovery procedures permit you to restore your ransomed data, you can still be threatened by so-called exfiltration, where stolen data are made public. Because new versions of ransomware crop up daily, there is no certainty that conventional signature-matching anti-virus tools will block a new malware. If threat does show up in an email, it is critical that your users have been taught to be aware of social engineering tricks. Your last line of defense is a sound process for performing and retaining offsite backups plus the use of dependable restoration tools.
Ask Progent About the ProSight Ransomware Readiness Consultation in Barueri-Alphaville
For pricing details and to find out more about how Progent's ProSight Ransomware Vulnerability Audit can bolster your protection against ransomware in Barueri-Alphaville, call Progent at 800-462-8800 or visit Contact Progent.