Ransomware has become the weapon of choice for the major cyber-crime organizations and bad-actor states, posing a potentially existential risk to businesses that are successfully attacked. Current versions of crypto-ransomware go after all vulnerable resources, including online backup, making even selective recovery a challenging and expensive process. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Nephilim have made the headlines, replacing WannaCry, Spora, and CryptoWall in prominence, sophistication, and destructiveness.
Most crypto-ransomware breaches come from innocent-looking emails that have dangerous hyperlinks or file attachments, and many are so-called "zero-day" variants that elude the defenses of legacy signature-matching antivirus (AV) filters. While user education and frontline identification are critical to defend your network against ransomware, leading practices dictate that you assume some attacks will eventually get through and that you deploy a strong backup solution that allows you to recover quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service built around an online interview with a Progent cybersecurity consultant experienced in ransomware defense and repair. In the course of this interview Progent will collaborate directly with your Birmingham IT management staff to gather pertinent data concerning your security setup and backup environment. Progent will use this data to generate a Basic Security and Best Practices Report documenting how to apply leading practices for configuring and administering your security and backup systems to prevent or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on vital issues associated with crypto-ransomware defense and restoration recovery. The review addresses:
- Proper allocation and use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB permissions
- Optimal firewall setup
- Secure Remote Desktop Protocol (RDP) configuration
- Guidance for AntiVirus tools selection and deployment
The online interview included with the ProSight Ransomware Vulnerability Report service takes about one hour for the average small business network and longer for bigger or more complex environments. The written report includes recommendations for improving your ability to ward off or recover from a ransomware attack and Progent offers as-needed expertise to assist your business to design and deploy an efficient security/data backup solution customized for your business requirements.
- Split permission architecture for backup protection
- Backing up critical servers including Active Directory
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a form of malicious software that encrypts or deletes files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To avoid the damage, the target is required to send a specified amount of money, typically in the form of a crypto currency such as Bitcoin, within a brief time window. It is not guaranteed that paying the ransom will restore the damaged files or avoid its publication. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot break the strong encryption technologies used on the compromised files. A typical ransomware attack vector is tainted email, whereby the target is tricked into responding to by a social engineering technique called spear phishing. This makes the email to look as though it came from a trusted source. Another common attack vector is an improperly secured RDP port.
The ransomware variant CryptoLocker opened the new age of crypto-ransomware in 2013, and the damage attributed to by the many strains of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Famous examples include Locky, and Petya. Current high-profile threats like Ryuk, Sodinokibi and TeslaCrypt are more elaborate and have caused more havoc than earlier strains. Even if your backup processes allow your business to restore your encrypted data, you can still be threatened by exfiltration, where ransomed data are made public. Because additional versions of ransomware are launched every day, there is no guarantee that conventional signature-matching anti-virus tools will block a new attack. If an attack does appear in an email, it is critical that your users have been taught to be aware of phishing tricks. Your last line of defense is a solid process for scheduling and retaining remote backups and the deployment of dependable restoration tools.
Ask Progent About the ProSight Ransomware Susceptibility Review in Birmingham
For pricing details and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Report can bolster your defense against ransomware in Birmingham, phone Progent at 800-462-8800 or see Contact Progent.