Ransomware has been weaponized by cyber extortionists and rogue governments, posing a possibly existential threat to companies that fall victim. Current versions of crypto-ransomware target all vulnerable resources, including backup, making even selective restoration a complex and expensive exercise. Novel versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Lockbit and Egregor have emerged, displacing WannaCry, TeslaCrypt, and Petya in prominence, sophistication, and destructive impact.
Most crypto-ransomware penetrations are caused by innocuous-looking emails that have malicious hyperlinks or file attachments, and many are so-called "zero-day" strains that elude detection by traditional signature-matching antivirus (AV) tools. While user training and frontline detection are critical to protect against ransomware attacks, best practices demand that you expect that some malware will eventually succeed and that you put in place a strong backup solution that allows you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service centered around a remote discussion with a Progent security consultant skilled in ransomware protection and repair. During this assessment Progent will work with your Barueri-Alphaville network management staff to collect critical data about your cybersecurity configuration and backup processes. Progent will use this information to generate a Basic Security and Best Practices Report documenting how to adhere to leading practices for configuring and managing your security and backup systems to block or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on vital issues associated with ransomware prevention and restoration recovery. The review covers:
- Correct allocation and use of administration accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall configuration
- Secure Remote Desktop Protocol access
- Guidance for AntiVirus tools identification and deployment
The online interview for the ProSight Ransomware Preparedness Assessment service takes about one hour for a typical small business network and longer for larger or more complex environments. The written report features recommendations for enhancing your ability to ward off or recover from a ransomware incident and Progent can provide on-demand consulting services to assist your business to design and deploy an efficient cybersecurity/backup solution customized for your specific requirements.
- Split permission model for backup integrity
- Backing up key servers including AD
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a form of malicious software that encrypts or deletes a victim's files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the victim's computer. To avoid the carnage, the target is required to pay a certain amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a brief period of time. It is never certain that delivering the extortion price will restore the damaged data or prevent its exposure to the public. Files can be encrypted or deleted throughout a network based on the victim's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the compromised files. A common ransomware attack vector is booby-trapped email, whereby the target is tricked into interacting with by means of a social engineering exploit called spear phishing. This causes the email to appear to come from a trusted sender. Another popular attack vector is a poorly protected RDP port.
The ransomware variant CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the damage attributed to by different versions of ransomware is estimated at billions of dollars annually, roughly doubling every two years. Famous examples include Locky, and Petya. Recent high-profile variants like Ryuk, DoppelPaymer and Cerber are more sophisticated and have caused more damage than older versions. Even if your backup procedures allow you to recover your encrypted data, you can still be hurt by so-called exfiltration, where ransomed data are exposed to the public. Because additional versions of ransomware are launched daily, there is no certainty that conventional signature-based anti-virus tools will block a new attack. If an attack does show up in an email, it is important that your end users have learned to be aware of phishing tricks. Your last line of defense is a solid scheme for scheduling and keeping offsite backups plus the deployment of reliable recovery platforms.
Contact Progent About the ProSight Ransomware Preparedness Checkup in Barueri-Alphaville
For pricing details and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Consultation can bolster your defense against crypto-ransomware in Barueri-Alphaville, call Progent at 800-462-8800 or visit Contact Progent.