Ransomware has been weaponized by cyber extortionists and malicious governments, posing a possibly existential threat to companies that fall victim. Current versions of crypto-ransomware target all vulnerable resources, including online backup, making even selective recovery a complex and costly exercise. Novel versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Egregor have emerged, displacing WannaCry, Cerber, and CryptoWall in notoriety, sophistication, and destructive impact.
Most ransomware breaches are caused by innocuous-looking emails that have malicious hyperlinks or file attachments, and a high percentage are "zero-day" strains that can escape detection by traditional signature-matching antivirus filters. While user training and up-front detection are critical to defend against ransomware attacks, best practices dictate that you expect that some attacks will inevitably get through and that you put in place a solid backup solution that enables you to repair the damage quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Assessment is an ultra-affordable service centered around a remote interview with a Progent security expert skilled in ransomware protection and repair. In the course of this assessment Progent will cooperate directly with your Boise network managers to gather pertinent information concerning your security posture and backup processes. Progent will use this information to create a Basic Security and Best Practices Assessment detailing how to adhere to leading practices for implementing and administering your security and backup systems to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights key areas related to ransomware prevention and restoration recovery. The review covers:
- Proper use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall configuration
- Secure Remote Desktop Protocol (RDP) connections
- Guidance for AntiVirus tools selection and deployment
The online interview for the ProSight Ransomware Preparedness Report service takes about one hour for a typical small business network and longer for larger or more complicated IT environments. The report document includes recommendations for enhancing your ability to block or recover from a ransomware attack and Progent can provide as-needed expertise to help your business to create an efficient security/backup system tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting required servers including AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they are unusable or are made publicly available. Ransomware often locks the target's computer. To avoid the damage, the target is asked to send a certain amount of money, usually via a crypto currency like Bitcoin, within a brief period of time. It is never certain that delivering the extortion price will recover the lost files or prevent its publication. Files can be altered or erased across a network based on the victim's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the compromised files. A typical ransomware attack vector is booby-trapped email, in which the victim is lured into responding to by means of a social engineering exploit known as spear phishing. This makes the email message to look as though it came from a familiar source. Another common attack vector is a poorly secured RDP port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the damage attributed to by different versions of ransomware is estimated at billions of dollars per year, roughly doubling every two years. Famous examples include Locky, and NotPetya. Current high-profile threats like Ryuk, Sodinokibi and CryptoWall are more complex and have caused more damage than older strains. Even if your backup/recovery procedures permit you to recover your ransomed data, you can still be hurt by so-called exfiltration, where stolen documents are made public. Because additional versions of ransomware are launched every day, there is no certainty that conventional signature-matching anti-virus tools will block a new malware. If threat does show up in an email, it is critical that your users have been taught to identify social engineering tricks. Your last line of protection is a solid process for scheduling and keeping remote backups and the use of reliable recovery platforms.
Ask Progent About the ProSight Ransomware Susceptibility Consultation in Boise
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Review can enhance your protection against crypto-ransomware in Boise, phone Progent at 800-462-8800 or visit Contact Progent.