Ransomware has been weaponized by cybercriminals and rogue states, posing a potentially lethal risk to businesses that are victimized. Modern strains of ransomware target all vulnerable resources, including online backup, making even selective recovery a complex and expensive process. Novel strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Nephilim have made the headlines, replacing WannaCry, Cerber, and Petya in notoriety, elaborateness, and destructiveness.
Most crypto-ransomware infections are caused by innocuous-seeming emails that include dangerous hyperlinks or file attachments, and many are so-called "zero-day" variants that elude the defenses of legacy signature-based antivirus filters. While user training and up-front detection are critical to defend against ransomware, best practices dictate that you take for granted some attacks will eventually get through and that you prepare a strong backup solution that allows you to repair the damage quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service centered around a remote interview with a Progent cybersecurity expert experienced in ransomware defense and repair. In the course of this assessment Progent will cooperate with your Boston network managers to collect critical information concerning your security posture and backup environment. Progent will utilize this data to generate a Basic Security and Best Practices Report detailing how to adhere to best practices for configuring and managing your cybersecurity and backup systems to block or clean up after a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights vital areas associated with crypto-ransomware prevention and restoration recovery. The report covers:
- Proper allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Optimal firewall setup
- Secure Remote Desktop Protocol configuration
- Recommend AntiVirus (AV) filtering selection and deployment
The remote interview process included with the ProSight Ransomware Preparedness Assessment service lasts about one hour for the average small business network and requires more time for bigger or more complicated environments. The written report contains recommendations for enhancing your ability to block or recover from a ransomware attack and Progent can provide on-demand expertise to assist you to create an efficient cybersecurity/backup system tailored to your business needs.
- Split permission architecture for backup protection
- Backing up key servers such as Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a type of malware that encrypts or steals a victim's files so they cannot be used or are made publicly available. Crypto-ransomware often locks the target's computer. To prevent the damage, the victim is asked to send a certain amount of money, typically in the form of a crypto currency like Bitcoin, within a short period of time. There is no guarantee that delivering the extortion price will restore the lost data or avoid its exposure to the public. Files can be encrypted or erased throughout a network based on the target's write permissions, and you cannot solve the military-grade encryption algorithms used on the compromised files. A common ransomware attack vector is booby-trapped email, whereby the target is lured into interacting with by a social engineering exploit known as spear phishing. This makes the email to look as though it came from a trusted source. Another common vulnerability is a poorly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the damage caused by different strains of ransomware is said to be billions of dollars per year, more than doubling every other year. Famous examples are Locky, and NotPetya. Current headline variants like Ryuk, DoppelPaymer and Spora are more complex and have wreaked more havoc than older versions. Even if your backup procedures permit your business to restore your ransomed files, you can still be hurt by so-called exfiltration, where ransomed documents are made public. Because new versions of ransomware crop up daily, there is no guarantee that traditional signature-matching anti-virus tools will detect the latest malware. If threat does appear in an email, it is important that your end users have been taught to identify phishing techniques. Your last line of defense is a solid scheme for scheduling and keeping offsite backups and the deployment of reliable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Testing in Boston
For pricing information and to find out more about how Progent's ProSight Ransomware Preparedness Audit can bolster your defense against crypto-ransomware in Boston, phone Progent at 800-462-8800 or visit Contact Progent.