Ransomware has become the weapon of choice for cyber extortionists and rogue states, posing a potentially existential risk to companies that fall victim. Modern strains of ransomware target everything, including online backup, making even selective restoration a complex and costly exercise. Novel strains of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have emerged, replacing Locky, Cerber, and Petya in prominence, sophistication, and destructiveness.
90% of ransomware infections come from innocent-seeming emails that have malicious links or attachments, and a high percentage are so-called "zero-day" strains that can escape the defenses of traditional signature-based antivirus (AV) tools. Although user training and frontline identification are important to defend your network against ransomware, leading practices dictate that you expect that some malware will eventually succeed and that you put in place a solid backup solution that allows you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Checkup is an ultra-affordable service centered around a remote interview with a Progent security consultant experienced in ransomware protection and repair. During this interview Progent will cooperate with your Boise network management staff to collect critical information concerning your cybersecurity posture and backup environment. Progent will use this data to create a Basic Security and Best Practices Assessment documenting how to apply best practices for implementing and managing your security and backup systems to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report highlights key issues associated with ransomware defense and restoration recovery. The report covers:
- Effective use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall setup
- Secure Remote Desktop Protocol (RDP) access
- Recommend AntiVirus (AV) filtering identification and configuration
The remote interview process for the ProSight Ransomware Preparedness Checkup service takes about an hour for a typical small company and requires more time for larger or more complex IT environments. The report document contains suggestions for improving your ability to ward off or recover from a ransomware incident and Progent can provide as-needed consulting services to help you and your IT staff to design and deploy an efficient cybersecurity/data backup solution tailored to your specific needs.
- Split permission architecture for backup protection
- Backing up required servers including AD
- Offsite backups including cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes files so they cannot be used or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To avoid the damage, the victim is required to pay a specified ransom, usually in the form of a crypto currency like Bitcoin, within a short time window. There is no guarantee that delivering the extortion price will recover the lost files or avoid its publication. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot break the strong encryption algorithms used on the hostage files. A typical ransomware delivery package is booby-trapped email, in which the user is tricked into interacting with by means of a social engineering technique known as spear phishing. This makes the email to appear to come from a trusted sender. Another popular vulnerability is an improperly protected RDP port.
The ransomware variant CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage caused by the many strains of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Famous attacks include Locky, and Petya. Recent headline variants like Ryuk, DoppelPaymer and Spora are more elaborate and have caused more damage than older strains. Even if your backup processes permit you to recover your ransomed data, you can still be threatened by exfiltration, where ransomed data are made public (known as "doxxing"). Because new versions of ransomware crop up every day, there is no certainty that traditional signature-matching anti-virus filters will detect the latest attack. If an attack does show up in an email, it is critical that your users have been taught to be aware of phishing techniques. Your last line of protection is a solid scheme for performing and retaining remote backups plus the deployment of reliable recovery platforms.
Ask Progent About the ProSight Crypto-Ransomware Preparedness Report in Boise
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Vulnerability Evaluation can enhance your defense against crypto-ransomware in Boise, phone Progent at 800-462-8800 or visit Contact Progent.