Ransomware has been weaponized by cybercriminals and malicious states, representing a possibly lethal threat to businesses that are victimized. Modern versions of ransomware go after all vulnerable resources, including online backup, making even selective restoration a challenging and costly process. Novel strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have emerged, displacing WannaCry, Cerber, and CryptoWall in prominence, elaborateness, and destructive impact.
Most crypto-ransomware breaches come from innocuous-looking emails with malicious hyperlinks or file attachments, and many are so-called "zero-day" attacks that can escape the defenses of traditional signature-matching antivirus (AV) filters. Although user training and frontline identification are critical to defend your network against ransomware attacks, best practices dictate that you expect that some malware will eventually get through and that you deploy a strong backup solution that allows you to recover quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service built around an online interview with a Progent cybersecurity consultant experienced in ransomware defense and recovery. During this assessment Progent will work with your Bellevue IT management staff to collect critical information concerning your cybersecurity profile and backup processes. Progent will utilize this data to generate a Basic Security and Best Practices Assessment detailing how to adhere to best practices for implementing and managing your security and backup systems to prevent or recover from a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on key areas related to ransomware prevention and restoration recovery. The report covers:
- Proper allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Optimal firewall setup
- Secure RDP connections
- Advice about AntiVirus filtering selection and configuration
The remote interview process included with the ProSight Ransomware Preparedness Report service takes about an hour for the average small company and requires more time for bigger or more complex IT environments. The report document features recommendations for improving your ability to block or recover from a ransomware assault and Progent offers as-needed consulting services to help you to design and deploy a cost-effective cybersecurity/data backup system tailored to your business needs.
- Split permission architecture for backup integrity
- Protecting required servers such as Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or deletes a victim's files so they cannot be used or are publicized. Ransomware sometimes locks the victim's computer. To avoid the carnage, the victim is required to send a specified ransom, usually via a crypto currency such as Bitcoin, within a short time window. There is no guarantee that delivering the ransom will recover the lost data or prevent its exposure to the public. Files can be altered or erased across a network depending on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A typical ransomware attack vector is tainted email, whereby the target is tricked into interacting with by means of a social engineering technique called spear phishing. This makes the email message to look as though it came from a trusted source. Another popular attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses attributed to by the many versions of ransomware is estimated at billions of dollars annually, more than doubling every two years. Famous examples include Locky, and NotPetya. Current headline variants like Ryuk, Maze and TeslaCrypt are more elaborate and have wreaked more damage than older versions. Even if your backup procedures enable you to restore your ransomed files, you can still be hurt by exfiltration, where ransomed documents are exposed to the public (known as "doxxing"). Because new versions of ransomware are launched daily, there is no certainty that conventional signature-based anti-virus tools will detect a new malware. If an attack does appear in an email, it is important that your users have learned to be aware of phishing techniques. Your ultimate defense is a sound scheme for scheduling and retaining offsite backups plus the use of dependable recovery platforms.
Ask Progent About the ProSight Ransomware Preparedness Report in Bellevue
For pricing information and to learn more about how Progent's ProSight Ransomware Readiness Testing can bolster your protection against ransomware in Bellevue, call Progent at 800-462-8800 or visit Contact Progent.