Ransomware has been widely adopted by cyber extortionists and rogue governments, representing a possibly lethal threat to businesses that are victimized. The latest strains of ransomware go after all vulnerable resources, including online backup, making even selective recovery a challenging and expensive exercise. New versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Conti and Egregor have made the headlines, replacing WannaCry, Spora, and NotPetya in prominence, sophistication, and destructive impact.
Most ransomware infections come from innocuous-seeming emails that have malicious hyperlinks or attachments, and many are so-called "zero-day" attacks that can escape detection by legacy signature-based antivirus tools. While user training and frontline detection are critical to defend your network against ransomware attacks, leading practices demand that you take for granted some attacks will eventually succeed and that you deploy a solid backup mechanism that permits you to recover rapidly with little if any damage.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service built around a remote interview with a Progent cybersecurity expert experienced in ransomware defense and recovery. During this assessment Progent will cooperate directly with your Bellevue network management staff to collect pertinent information concerning your security profile and backup environment. Progent will utilize this information to produce a Basic Security and Best Practices Assessment documenting how to apply best practices for implementing and administering your cybersecurity and backup systems to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report focuses on key issues associated with crypto-ransomware prevention and restoration recovery. The report covers:
- Correct use of administration accounts
- Assigning NTFS and SMB (Server Message Block) permissions
- Proper firewall configuration
- Safe Remote Desktop Protocol access
- Guidance for AntiVirus (AV) filtering selection and deployment
The online interview process included with the ProSight Ransomware Vulnerability Checkup service takes about one hour for a typical small business and requires more time for bigger or more complicated IT environments. The written report includes recommendations for improving your ability to block or recover from a ransomware attack and Progent offers as-needed expertise to help you to create an efficient security/backup solution customized for your business needs.
- Split permission model for backup protection
- Backing up required servers including AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they are unusable or are publicized. Ransomware often locks the target's computer. To avoid the damage, the target is required to pay a specified ransom, usually in the form of a crypto currency like Bitcoin, within a short time window. There is no guarantee that delivering the ransom will recover the damaged files or prevent its publication. Files can be altered or deleted across a network depending on the victim's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the compromised files. A typical ransomware delivery package is booby-trapped email, whereby the victim is lured into responding to by means of a social engineering exploit called spear phishing. This causes the email to look as though it came from a familiar source. Another common attack vector is a poorly protected Remote Desktop Protocol port.
CryptoLocker ushered in the new age of ransomware in 2013, and the monetary losses caused by the many strains of ransomware is estimated at billions of dollars annually, more than doubling every two years. Notorious examples include WannaCry, and NotPetya. Current headline variants like Ryuk, Sodinokibi and Spora are more complex and have caused more havoc than older versions. Even if your backup/recovery procedures allow you to recover your encrypted files, you can still be hurt by so-called exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because new versions of ransomware crop up daily, there is no guarantee that conventional signature-matching anti-virus tools will detect a new attack. If an attack does show up in an email, it is important that your end users have learned to be aware of phishing tricks. Your last line of protection is a sound process for performing and retaining remote backups plus the deployment of reliable recovery platforms.
Ask Progent About the ProSight Ransomware Vulnerability Evaluation in Bellevue
For pricing details and to find out more about how Progent's ProSight Ransomware Susceptibility Consultation can enhance your protection against crypto-ransomware in Bellevue, call Progent at 800-462-8800 or see Contact Progent.