Ransomware has been widely adopted by cyber extortionists and rogue governments, representing a possibly lethal threat to businesses that are breached. The latest versions of ransomware go after everything, including backup, making even selective restoration a complex and expensive exercise. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Snatch and Nephilim have emerged, displacing Locky, Spora, and NotPetya in prominence, sophistication, and destructive impact.
90% of ransomware breaches are caused by innocuous-seeming emails that have malicious hyperlinks or attachments, and a high percentage are so-called "zero-day" attacks that can escape the defenses of traditional signature-based antivirus (AV) filters. While user training and frontline identification are critical to protect against ransomware attacks, best practices demand that you expect that some malware will inevitably get through and that you prepare a solid backup solution that permits you to recover rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Assessment is an ultra-affordable service built around an online discussion with a Progent security expert experienced in ransomware protection and recovery. In the course of this interview Progent will collaborate directly with your Birmingham network managers to collect critical information about your security setup and backup environment. Progent will use this information to create a Basic Security and Best Practices Assessment detailing how to adhere to best practices for implementing and managing your cybersecurity and backup systems to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report focuses on vital areas related to ransomware prevention and restoration recovery. The review covers:
- Proper use of administration accounts
- Appropriate NTFS and SMB (Server Message Block) authorizations
- Optimal firewall configuration
- Secure Remote Desktop Protocol access
- Guidance for AntiVirus (AV) tools identification and deployment
The remote interview for the ProSight Ransomware Preparedness Checkup service takes about an hour for a typical small business network and requires more time for bigger or more complicated environments. The report document features suggestions for enhancing your ability to block or clean up after a ransomware incident and Progent can provide on-demand expertise to assist your business to create an efficient security/backup system tailored to your business requirements.
- Split permission architecture for backup integrity
- Backing up critical servers such as Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or deletes a victim's files so they cannot be used or are publicized. Crypto-ransomware often locks the target's computer. To avoid the damage, the target is required to send a specified amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a brief time window. There is no guarantee that paying the ransom will restore the lost data or prevent its publication. Files can be encrypted or erased across a network depending on the target's write permissions, and you cannot solve the military-grade encryption algorithms used on the compromised files. A common ransomware attack vector is tainted email, whereby the victim is lured into responding to by means of a social engineering technique known as spear phishing. This makes the email to look as though it came from a trusted sender. Another common vulnerability is an improperly secured Remote Desktop Protocol (RDP) port.
CryptoLocker opened the new age of crypto-ransomware in 2013, and the monetary losses caused by different versions of ransomware is said to be billions of dollars annually, more than doubling every two years. Notorious attacks include WannaCry, and Petya. Recent high-profile variants like Ryuk, Maze and TeslaCrypt are more complex and have caused more damage than earlier versions. Even if your backup/recovery procedures enable you to restore your ransomed data, you can still be hurt by so-called exfiltration, where stolen data are exposed to the public. Because new variants of ransomware crop up every day, there is no guarantee that traditional signature-matching anti-virus filters will detect a new malware. If threat does show up in an email, it is important that your users have been taught to be aware of phishing tricks. Your ultimate defense is a sound scheme for scheduling and keeping offsite backups plus the deployment of reliable restoration platforms.
Ask Progent About the ProSight Crypto-Ransomware Preparedness Evaluation in Birmingham
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Audit can bolster your protection against ransomware in Birmingham, phone Progent at 800-993-9400 or see Contact Progent.