Ransomware has been weaponized by cyber extortionists and bad-actor states, posing a potentially existential risk to companies that are victimized. Modern variations of ransomware target everything, including online backup, making even selective recovery a complex and costly process. Novel versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Egregor have emerged, displacing Locky, TeslaCrypt, and NotPetya in prominence, elaborateness, and destructiveness.
90% of ransomware breaches come from innocuous-seeming emails with malicious links or file attachments, and many are so-called "zero-day" variants that can escape the defenses of traditional signature-matching antivirus (AV) tools. Although user education and up-front identification are critical to protect your network against ransomware, best practices dictate that you expect that some malware will inevitably succeed and that you put in place a solid backup solution that permits you to recover quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Report is a low-cost service centered around an online discussion with a Progent cybersecurity consultant skilled in ransomware protection and repair. During this assessment Progent will work directly with your Boston IT managers to collect critical data concerning your cybersecurity setup and backup processes. Progent will utilize this information to produce a Basic Security and Best Practices Assessment documenting how to adhere to leading practices for configuring and administering your security and backup systems to block or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on vital areas related to ransomware prevention and restoration recovery. The report covers:
- Proper allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall setup
- Safe Remote Desktop Protocol configuration
- Guidance for AntiVirus (AV) tools selection and deployment
The remote interview process included with the ProSight Ransomware Preparedness Report service takes about one hour for the average small company and requires more time for bigger or more complicated environments. The report document contains suggestions for improving your ability to block or clean up after a ransomware attack and Progent offers as-needed expertise to assist you and your IT staff to create an efficient security/backup solution customized for your business requirements.
- Split permission model for backup integrity
- Backing up key servers including Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a type of malware that encrypts or steals files so they cannot be used or are publicized. Crypto-ransomware often locks the victim's computer. To avoid the carnage, the victim is required to send a certain ransom, usually via a crypto currency such as Bitcoin, within a brief time window. It is never certain that paying the ransom will restore the damaged files or prevent its publication. Files can be encrypted or deleted throughout a network based on the target's write permissions, and you cannot break the military-grade encryption algorithms used on the compromised files. A common ransomware delivery package is spoofed email, in which the target is lured into responding to by means of a social engineering exploit called spear phishing. This causes the email message to appear to come from a familiar source. Another popular vulnerability is a poorly secured RDP port.
CryptoLocker ushered in the new age of ransomware in 2013, and the damage attributed to by the many versions of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous examples include Locky, and NotPetya. Recent headline variants like Ryuk, DoppelPaymer and TeslaCrypt are more sophisticated and have caused more damage than earlier versions. Even if your backup processes enable your business to recover your ransomed data, you can still be threatened by exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because additional variants of ransomware crop up every day, there is no certainty that traditional signature-matching anti-virus tools will detect the latest attack. If threat does show up in an email, it is important that your users have been taught to be aware of social engineering tricks. Your last line of protection is a solid process for scheduling and keeping remote backups and the deployment of reliable restoration tools.
Contact Progent About the ProSight Ransomware Preparedness Audit in Boston
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Readiness Audit can enhance your defense against crypto-ransomware in Boston, call Progent at 800-462-8800 or visit Contact Progent.