Ransomware has been weaponized by cyber extortionists and malicious governments, representing a potentially existential risk to businesses that fall victim. Current versions of crypto-ransomware target everything, including backup, making even partial restoration a challenging and expensive exercise. Novel strains of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have made the headlines, replacing WannaCry, Cerber, and Petya in prominence, sophistication, and destructive impact.
Most ransomware breaches are the result of innocuous-seeming emails that have dangerous links or attachments, and many are so-called "zero-day" strains that elude the defenses of legacy signature-based antivirus (AV) filters. Although user training and frontline identification are important to protect against ransomware, best practices demand that you expect that some attacks will inevitably get through and that you prepare a strong backup mechanism that allows you to repair the damage rapidly with little if any damage.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service built around a remote discussion with a Progent security expert skilled in ransomware protection and recovery. During this assessment Progent will collaborate directly with your Barueri-Alphaville IT managers to collect pertinent data about your security profile and backup environment. Progent will use this information to generate a Basic Security and Best Practices Assessment documenting how to adhere to leading practices for configuring and managing your security and backup solution to block or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report focuses on key issues related to ransomware prevention and restoration recovery. The report addresses:
- Effective allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB authorizations
- Optimal firewall settings
- Secure RDP access
- Guidance for AntiVirus (AV) filtering identification and deployment
The remote interview for the ProSight Ransomware Preparedness Assessment service lasts about an hour for the average small company and requires more time for larger or more complex IT environments. The report document includes recommendations for improving your ability to ward off or clean up after a ransomware assault and Progent can provide on-demand expertise to assist you to design and deploy a cost-effective security/data backup system tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting critical servers including AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Crypto-ransomware often locks the victim's computer. To prevent the carnage, the victim is required to pay a specified ransom, usually via a crypto currency such as Bitcoin, within a short time window. There is no guarantee that paying the extortion price will restore the damaged data or prevent its publication. Files can be encrypted or erased throughout a network based on the victim's write permissions, and you cannot solve the strong encryption technologies used on the hostage files. A typical ransomware delivery package is booby-trapped email, whereby the target is tricked into responding to by means of a social engineering technique called spear phishing. This makes the email to appear to come from a trusted source. Another common vulnerability is a poorly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the modern era of ransomware in 2013, and the damage caused by different strains of ransomware is said to be billions of dollars per year, roughly doubling every other year. Notorious attacks include Locky, and Petya. Recent high-profile variants like Ryuk, Maze and Spora are more complex and have wreaked more havoc than older versions. Even if your backup procedures allow your business to restore your ransomed data, you can still be threatened by so-called exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because additional variants of ransomware are launched daily, there is no guarantee that traditional signature-matching anti-virus tools will block a new malware. If an attack does show up in an email, it is important that your users have been taught to be aware of social engineering tricks. Your last line of protection is a solid process for scheduling and retaining offsite backups plus the deployment of reliable restoration platforms.
Contact Progent About the ProSight Ransomware Susceptibility Consultation in Barueri-Alphaville
For pricing details and to learn more about how Progent's ProSight Crypto-Ransomware Readiness Evaluation can bolster your defense against ransomware in Barueri-Alphaville, phone Progent at 800-462-8800 or see Contact Progent.