Ransomware has become the weapon of choice for cyber extortionists and rogue governments, representing a potentially existential risk to businesses that are breached. Current variations of ransomware go after all vulnerable resources, including backup, making even selective recovery a long and costly exercise. Novel variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Egregor have made the headlines, replacing Locky, Cerber, and Petya in prominence, sophistication, and destructiveness.
Most crypto-ransomware penetrations are caused by innocent-seeming emails that have malicious hyperlinks or attachments, and a high percentage are "zero-day" strains that elude detection by legacy signature-matching antivirus tools. Although user training and up-front identification are important to defend your network against ransomware, leading practices dictate that you take for granted some attacks will inevitably succeed and that you put in place a solid backup solution that allows you to recover quickly with little if any damage.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service centered around an online discussion with a Progent cybersecurity consultant skilled in ransomware defense and recovery. During this assessment Progent will work directly with your Brasília network managers to collect pertinent information about your security setup and backup environment. Progent will utilize this data to create a Basic Security and Best Practices Report documenting how to apply best practices for configuring and managing your security and backup solution to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Report focuses on vital areas related to ransomware defense and restoration recovery. The review addresses:
- Correct allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB permissions
- Proper firewall setup
- Secure Remote Desktop Protocol (RDP) access
- Advice about AntiVirus (AV) tools identification and deployment
The remote interview included with the ProSight Ransomware Vulnerability Checkup service lasts about one hour for the average small company and requires more time for bigger or more complicated IT environments. The written report contains recommendations for enhancing your ability to block or recover from a ransomware incident and Progent can provide on-demand expertise to assist you and your IT staff to create an efficient cybersecurity/backup solution tailored to your business needs.
- Split permission model for backup integrity
- Backing up required servers such as Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a type of malware that encrypts or steals a victim's files so they cannot be used or are made publicly available. Crypto-ransomware often locks the victim's computer. To avoid the damage, the target is required to pay a specified amount of money, usually via a crypto currency such as Bitcoin, within a short time window. There is no guarantee that paying the ransom will recover the damaged data or avoid its publication. Files can be encrypted or erased throughout a network depending on the victim's write permissions, and you cannot break the strong encryption technologies used on the compromised files. A typical ransomware delivery package is booby-trapped email, in which the victim is tricked into responding to by a social engineering technique known as spear phishing. This causes the email to look as though it came from a trusted sender. Another popular attack vector is a poorly protected RDP port.
The ransomware variant CryptoLocker ushered in the modern era of ransomware in 2013, and the monetary losses attributed to by different strains of ransomware is said to be billions of dollars per year, roughly doubling every two years. Notorious examples include WannaCry, and Petya. Current high-profile threats like Ryuk, Maze and TeslaCrypt are more complex and have wreaked more havoc than older strains. Even if your backup processes allow you to recover your encrypted data, you can still be threatened by so-called exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because additional variants of ransomware crop up daily, there is no guarantee that conventional signature-matching anti-virus filters will detect the latest malware. If an attack does appear in an email, it is important that your end users have learned to identify phishing techniques. Your ultimate defense is a solid process for performing and retaining remote backups and the use of reliable recovery platforms.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Assessment in Brasília
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Evaluation can enhance your protection against crypto-ransomware in Brasília, call Progent at 800-462-8800 or see Contact Progent.