Ransomware has been widely adopted by cybercriminals and malicious governments, posing a possibly lethal risk to businesses that are successfully attacked. The latest versions of crypto-ransomware target all vulnerable resources, including online backup, making even partial restoration a complex and costly process. Novel versions of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Nephilim have emerged, displacing WannaCry, TeslaCrypt, and CryptoWall in prominence, sophistication, and destructiveness.
90% of ransomware penetrations are caused by innocent-seeming emails that have malicious hyperlinks or file attachments, and many are so-called "zero-day" strains that elude the defenses of traditional signature-based antivirus filters. Although user training and up-front detection are critical to protect your network against ransomware attacks, best practices demand that you assume some malware will inevitably succeed and that you implement a solid backup mechanism that permits you to repair the damage rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service centered around an online interview with a Progent security consultant experienced in ransomware defense and recovery. In the course of this interview Progent will work with your Boise IT managers to gather pertinent data about your cybersecurity configuration and backup processes. Progent will use this information to generate a Basic Security and Best Practices Report detailing how to follow best practices for configuring and administering your security and backup systems to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key issues related to ransomware defense and restoration recovery. The review addresses:
- Effective allocation and use of admin accounts
- Assigning NTFS and SMB (Server Message Block) authorizations
- Proper firewall settings
- Secure Remote Desktop Protocol access
- Advice about AntiVirus (AV) filtering identification and configuration
The online interview for the ProSight Ransomware Preparedness Checkup service lasts about one hour for the average small business network and requires more time for larger or more complex environments. The written report contains suggestions for enhancing your ability to block or clean up after a ransomware incident and Progent can provide as-needed expertise to help you and your IT staff to create an efficient cybersecurity/data backup system customized for your specific requirements.
- Split permission model for backup integrity
- Backing up required servers including AD
- Offsite backups with cloud backup to Azure
Ransomware is a type of malware that encrypts or deletes files so they are unusable or are made publicly available. Ransomware sometimes locks the target's computer. To prevent the carnage, the victim is asked to send a specified amount of money (the ransom), typically via a crypto currency such as Bitcoin, within a short period of time. It is not guaranteed that delivering the ransom will restore the lost data or avoid its publication. Files can be encrypted or deleted throughout a network depending on the victim's write permissions, and you cannot solve the strong encryption algorithms used on the compromised files. A typical ransomware delivery package is booby-trapped email, in which the victim is tricked into interacting with by a social engineering technique known as spear phishing. This causes the email message to look as though it came from a familiar source. Another common vulnerability is an improperly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker ushered in the new age of ransomware in 2013, and the monetary losses caused by the many strains of ransomware is said to be billions of dollars annually, more than doubling every other year. Notorious attacks include Locky, and Petya. Current headline variants like Ryuk, DoppelPaymer and CryptoWall are more complex and have caused more havoc than earlier strains. Even if your backup processes enable your business to restore your encrypted data, you can still be threatened by exfiltration, where ransomed data are exposed to the public. Because additional variants of ransomware crop up every day, there is no guarantee that conventional signature-based anti-virus tools will block the latest attack. If threat does show up in an email, it is critical that your end users have been taught to identify social engineering tricks. Your ultimate defense is a sound scheme for scheduling and keeping offsite backups and the deployment of dependable restoration platforms.
Contact Progent About the ProSight Ransomware Vulnerability Assessment in Boise
For pricing details and to learn more about how Progent's ProSight Ransomware Vulnerability Consultation can enhance your protection against crypto-ransomware in Boise, phone Progent at 800-462-8800 or visit Contact Progent.