Ransomware has been widely adopted by cybercriminals and malicious governments, posing a potentially lethal threat to businesses that are breached. The latest versions of crypto-ransomware target all vulnerable resources, including online backup, making even partial recovery a challenging and costly exercise. Novel versions of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, LockBit and Nephilim have made the headlines, replacing WannaCry, TeslaCrypt, and CryptoWall in notoriety, elaborateness, and destructive impact.
90% of crypto-ransomware infections are the result of innocent-seeming emails that have malicious hyperlinks or attachments, and a high percentage are so-called "zero-day" attacks that elude the defenses of legacy signature-based antivirus tools. While user training and up-front detection are important to defend against ransomware, best practices demand that you take for granted some malware will inevitably succeed and that you put in place a strong backup solution that allows you to recover rapidly with little if any losses.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service built around an online interview with a Progent cybersecurity expert skilled in ransomware defense and recovery. In the course of this interview Progent will cooperate with your Barueri-Alphaville IT managers to gather critical data about your security posture and backup processes. Progent will use this information to produce a Basic Security and Best Practices Report documenting how to follow best practices for configuring and administering your security and backup solution to block or recover from a ransomware attack.
Progent's Basic Security and Best Practices Report focuses on vital areas associated with crypto-ransomware prevention and restoration recovery. The review covers:
- Correct use of administration accounts
- Assigning NTFS and SMB (Server Message Block) permissions
- Proper firewall setup
- Secure Remote Desktop Protocol (RDP) configuration
- Guidance for AntiVirus (AV) tools identification and configuration
The remote interview process for the ProSight Ransomware Vulnerability Report service takes about an hour for a typical small business network and longer for bigger or more complicated IT environments. The report document includes recommendations for improving your ability to block or recover from a ransomware assault and Progent offers on-demand expertise to assist you and your IT staff to design and deploy a cost-effective security/data backup system customized for your business requirements.
- Split permission model for backup protection
- Protecting key servers including Active Directory
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they cannot be used or are publicized. Ransomware often locks the victim's computer. To prevent the carnage, the victim is asked to send a specified amount of money (the ransom), usually via a crypto currency like Bitcoin, within a brief period of time. It is never certain that paying the ransom will recover the lost files or avoid its publication. Files can be altered or erased across a network depending on the target's write permissions, and you cannot break the strong encryption technologies used on the hostage files. A typical ransomware delivery package is booby-trapped email, in which the user is lured into interacting with by means of a social engineering exploit known as spear phishing. This causes the email message to appear to come from a trusted source. Another common vulnerability is a poorly secured Remote Desktop Protocol (RDP) port.
CryptoLocker opened the new age of ransomware in 2013, and the damage caused by the many versions of ransomware is said to be billions of dollars per year, roughly doubling every other year. Famous examples include WannaCry, and NotPetya. Current high-profile threats like Ryuk, Maze and CryptoWall are more sophisticated and have caused more havoc than earlier versions. Even if your backup/recovery procedures permit you to restore your encrypted files, you can still be hurt by exfiltration, where ransomed documents are made public (known as "doxxing"). Because new versions of ransomware crop up daily, there is no certainty that conventional signature-based anti-virus filters will detect the latest malware. If an attack does show up in an email, it is important that your users have been taught to identify phishing techniques. Your last line of defense is a sound process for scheduling and keeping remote backups plus the deployment of dependable restoration tools.
Contact Progent About the ProSight Ransomware Readiness Audit in Barueri-Alphaville
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Audit can bolster your defense against ransomware in Barueri-Alphaville, phone Progent at 800-462-8800 or visit Contact Progent.