Ransomware has been weaponized by cyber extortionists and bad-actor governments, posing a potentially existential risk to companies that fall victim. Current variations of crypto-ransomware go after everything, including online backup, making even partial restoration a long and expensive process. Novel variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Nephilim have made the headlines, replacing Locky, TeslaCrypt, and CryptoWall in prominence, sophistication, and destructive impact.
90% of crypto-ransomware infections are caused by innocent-seeming emails that have dangerous links or attachments, and many are so-called "zero-day" strains that can escape detection by traditional signature-based antivirus (AV) tools. Although user training and up-front identification are critical to defend your network against ransomware attacks, best practices dictate that you expect that some malware will inevitably succeed and that you put in place a strong backup solution that allows you to recover quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service built around an online discussion with a Progent cybersecurity expert skilled in ransomware protection and recovery. During this interview Progent will cooperate directly with your Birmingham network managers to gather pertinent information about your security setup and backup processes. Progent will use this data to create a Basic Security and Best Practices Report documenting how to follow leading practices for implementing and managing your security and backup systems to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report focuses on vital areas related to ransomware defense and restoration recovery. The review covers:
- Proper allocation and use of administration accounts
- Appropriate NTFS and SMB (Server Message Block) authorizations
- Proper firewall setup
- Secure RDP access
- Recommend AntiVirus (AV) filtering identification and configuration
The online interview process for the ProSight Ransomware Preparedness Checkup service takes about an hour for a typical small company and requires more time for larger or more complex environments. The report document includes recommendations for improving your ability to block or recover from a ransomware incident and Progent can provide on-demand expertise to help you and your IT staff to design and deploy a cost-effective cybersecurity/backup system customized for your business requirements.
- Split permission architecture for backup protection
- Backing up key servers including AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals files so they are unusable or are made publicly available. Crypto-ransomware sometimes locks the victim's computer. To avoid the carnage, the victim is asked to pay a certain ransom, usually via a crypto currency like Bitcoin, within a brief period of time. It is never certain that delivering the extortion price will recover the damaged data or prevent its publication. Files can be altered or deleted throughout a network based on the target's write permissions, and you cannot break the strong encryption technologies used on the hostage files. A typical ransomware attack vector is tainted email, in which the victim is lured into interacting with by a social engineering exploit called spear phishing. This makes the email to look as though it came from a trusted sender. Another popular vulnerability is a poorly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker ushered in the new age of ransomware in 2013, and the monetary losses attributed to by the many strains of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Famous examples include WannaCry, and Petya. Recent high-profile variants like Ryuk, Sodinokibi and TeslaCrypt are more complex and have caused more havoc than older versions. Even if your backup/recovery processes permit your business to recover your encrypted files, you can still be hurt by exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new versions of ransomware crop up every day, there is no guarantee that conventional signature-matching anti-virus tools will detect the latest malware. If threat does appear in an email, it is important that your users have learned to be aware of social engineering tricks. Your ultimate protection is a sound scheme for scheduling and keeping offsite backups and the deployment of dependable recovery platforms.
Contact Progent About the ProSight Ransomware Susceptibility Checkup in Birmingham
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Consultation can bolster your defense against ransomware in Birmingham, call Progent at 800-462-8800 or see Contact Progent.