Ransomware has been widely adopted by cyber extortionists and rogue states, posing a possibly existential threat to companies that are victimized. Modern strains of ransomware go after everything, including online backup, making even selective recovery a challenging and costly process. Novel versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Egregor have made the headlines, displacing WannaCry, Cerber, and NotPetya in notoriety, sophistication, and destructiveness.
90% of crypto-ransomware infections are caused by innocent-seeming emails with dangerous links or attachments, and many are so-called "zero-day" strains that can escape the defenses of traditional signature-matching antivirus tools. While user education and frontline identification are important to defend against ransomware attacks, best practices dictate that you assume some attacks will eventually get through and that you put in place a strong backup solution that permits you to restore files and services rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service built around an online discussion with a Progent security expert skilled in ransomware defense and recovery. In the course of this assessment Progent will cooperate directly with your Boise IT management staff to gather critical information about your security profile and backup processes. Progent will utilize this information to create a Basic Security and Best Practices Assessment detailing how to adhere to best practices for configuring and administering your cybersecurity and backup systems to prevent or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas related to ransomware defense and restoration recovery. The review covers:
- Effective allocation and use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Optimal firewall settings
- Safe RDP access
- Guidance for AntiVirus (AV) tools selection and configuration
The remote interview included with the ProSight Ransomware Vulnerability Assessment service takes about one hour for the average small company and requires more time for larger or more complex IT environments. The report document includes recommendations for improving your ability to block or clean up after a ransomware incident and Progent can provide as-needed consulting services to assist your business to create a cost-effective security/data backup system customized for your specific requirements.
- Split permission architecture for backup integrity
- Backing up required servers including AD
- Offsite backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or deletes a victim's files so they are unusable or are publicized. Ransomware often locks the target's computer. To prevent the damage, the victim is asked to pay a specified ransom, usually via a crypto currency such as Bitcoin, within a short time window. It is not guaranteed that paying the extortion price will restore the lost data or avoid its publication. Files can be encrypted or deleted across a network depending on the victim's write permissions, and you cannot break the strong encryption technologies used on the compromised files. A common ransomware delivery package is spoofed email, whereby the user is lured into interacting with by a social engineering technique known as spear phishing. This makes the email message to appear to come from a trusted sender. Another popular attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
CryptoLocker opened the modern era of ransomware in 2013, and the damage attributed to by the many strains of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Notorious examples are Locky, and NotPetya. Current high-profile threats like Ryuk, Maze and Cerber are more elaborate and have wreaked more damage than earlier versions. Even if your backup processes permit your business to recover your ransomed files, you can still be hurt by so-called exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because additional versions of ransomware crop up daily, there is no guarantee that traditional signature-based anti-virus filters will detect a new malware. If threat does appear in an email, it is critical that your end users have learned to identify phishing techniques. Your ultimate protection is a solid process for scheduling and retaining remote backups and the deployment of dependable restoration tools.
Ask Progent About the ProSight Crypto-Ransomware Readiness Checkup in Boise
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Assessment can bolster your defense against crypto-ransomware in Boise, call Progent at 800-462-8800 or visit Contact Progent.