Ransomware has become the weapon of choice for cyber extortionists and rogue governments, posing a possibly lethal risk to businesses that fall victim. The latest variations of crypto-ransomware go after everything, including backup, making even selective recovery a long and expensive exercise. Novel versions of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Lockbit and Nephilim have emerged, displacing WannaCry, Cerber, and CryptoWall in notoriety, sophistication, and destructive impact.
Most crypto-ransomware infections are caused by innocuous-seeming emails that include dangerous hyperlinks or file attachments, and a high percentage are "zero-day" strains that elude the defenses of legacy signature-based antivirus (AV) filters. Although user education and frontline identification are important to defend against ransomware attacks, leading practices dictate that you assume some malware will eventually get through and that you implement a strong backup mechanism that enables you to recover rapidly with minimal losses.
Progent's ProSight Ransomware Preparedness Assessment is an ultra-affordable service centered around an online discussion with a Progent security consultant experienced in ransomware defense and recovery. During this interview Progent will work with your Birmingham IT management staff to collect pertinent data about your cybersecurity setup and backup environment. Progent will use this information to produce a Basic Security and Best Practices Assessment detailing how to apply leading practices for configuring and managing your cybersecurity and backup solution to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights key areas related to crypto-ransomware defense and restoration recovery. The report addresses:
- Correct allocation and use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall configuration
- Secure RDP access
- Guidance for AntiVirus tools selection and configuration
The remote interview for the ProSight Ransomware Preparedness Assessment service takes about an hour for the average small business and requires more time for larger or more complex environments. The written report features recommendations for improving your ability to block or recover from a ransomware attack and Progent can provide as-needed expertise to assist you and your IT staff to design and deploy an efficient security/backup system tailored to your specific requirements.
- Split permission model for backup integrity
- Backing up critical servers such as AD
- Offsite backups with cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals files so they cannot be used or are made publicly available. Ransomware sometimes locks the victim's computer. To avoid the damage, the target is asked to pay a certain amount of money (the ransom), typically in the form of a crypto currency such as Bitcoin, within a brief period of time. It is not guaranteed that paying the ransom will recover the lost files or avoid its publication. Files can be altered or deleted throughout a network depending on the victim's write permissions, and you cannot reverse engineer the military-grade encryption technologies used on the compromised files. A typical ransomware delivery package is tainted email, whereby the user is tricked into responding to by means of a social engineering exploit called spear phishing. This causes the email message to look as though it came from a trusted source. Another popular vulnerability is a poorly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the modern era of ransomware in 2013, and the damage caused by the many strains of ransomware is said to be billions of dollars per year, roughly doubling every other year. Notorious attacks are Locky, and NotPetya. Current high-profile variants like Ryuk, Maze and Spora are more sophisticated and have caused more damage than earlier strains. Even if your backup/recovery processes permit you to recover your encrypted data, you can still be threatened by exfiltration, where ransomed documents are exposed to the public. Because new variants of ransomware are launched every day, there is no certainty that traditional signature-matching anti-virus filters will detect the latest malware. If threat does appear in an email, it is critical that your users have learned to be aware of social engineering tricks. Your ultimate protection is a sound scheme for scheduling and keeping offsite backups and the deployment of reliable restoration tools.
Ask Progent About the ProSight Ransomware Preparedness Consultation in Birmingham
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Review can bolster your defense against crypto-ransomware in Birmingham, phone Progent at 800-462-8800 or see Contact Progent.