Ransomware has been widely adopted by cyber extortionists and bad-actor governments, posing a possibly existential threat to companies that are victimized. Current strains of ransomware target all vulnerable resources, including backup, making even selective recovery a complex and expensive exercise. New versions of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Snatch and Nephilim have emerged, displacing WannaCry, Spora, and Petya in prominence, elaborateness, and destructiveness.
90% of ransomware breaches come from innocuous-seeming emails with dangerous links or file attachments, and a high percentage are so-called "zero-day" strains that elude detection by traditional signature-matching antivirus tools. Although user training and up-front identification are critical to protect against ransomware attacks, best practices dictate that you take for granted some attacks will eventually get through and that you prepare a solid backup solution that enables you to recover quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service centered around an online interview with a Progent security expert experienced in ransomware protection and repair. In the course of this interview Progent will collaborate directly with your Bellevue IT managers to collect critical data about your cybersecurity profile and backup processes. Progent will use this data to produce a Basic Security and Best Practices Report documenting how to adhere to best practices for implementing and managing your cybersecurity and backup solution to prevent or recover from a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on key areas related to crypto-ransomware prevention and restoration recovery. The review addresses:
- Correct use of administration accounts
- Correct NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall settings
- Safe Remote Desktop Protocol (RDP) connections
- Guidance for AntiVirus (AV) filtering identification and configuration
The remote interview included with the ProSight Ransomware Vulnerability Report service lasts about an hour for a typical small business network and requires more time for bigger or more complicated IT environments. The report document contains recommendations for enhancing your ability to ward off or recover from a ransomware attack and Progent offers as-needed consulting services to help you and your IT staff to design and deploy an efficient security/data backup solution tailored to your specific requirements.
- Split permission architecture for backup integrity
- Protecting required servers such as Active Directory
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a variety of malware that encrypts or deletes a victim's files so they cannot be used or are publicized. Crypto-ransomware often locks the target's computer. To avoid the damage, the victim is asked to pay a specified ransom, typically in the form of a crypto currency like Bitcoin, within a brief time window. It is never certain that delivering the ransom will restore the damaged files or avoid its publication. Files can be altered or erased across a network based on the victim's write permissions, and you cannot reverse engineer the military-grade encryption technologies used on the hostage files. A typical ransomware attack vector is tainted email, whereby the victim is tricked into interacting with by means of a social engineering technique known as spear phishing. This makes the email message to look as though it came from a familiar source. Another popular attack vector is a poorly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the modern era of ransomware in 2013, and the damage caused by different strains of ransomware is said to be billions of dollars per year, roughly doubling every two years. Famous attacks are WannaCry, and NotPetya. Recent headline threats like Ryuk, Sodinokibi and CryptoWall are more complex and have wreaked more damage than earlier versions. Even if your backup/recovery processes enable you to restore your ransomed data, you can still be threatened by exfiltration, where ransomed documents are exposed to the public. Because additional versions of ransomware are launched daily, there is no certainty that conventional signature-based anti-virus tools will detect the latest attack. If threat does show up in an email, it is important that your users have learned to identify social engineering techniques. Your ultimate protection is a solid scheme for scheduling and keeping offsite backups and the deployment of reliable recovery tools.
Contact Progent About the ProSight Ransomware Vulnerability Evaluation in Bellevue
For pricing details and to find out more about how Progent's ProSight Ransomware Readiness Checkup can bolster your defense against crypto-ransomware in Bellevue, phone Progent at 800-462-8800 or see Contact Progent.