Ransomware has been weaponized by the major cyber-crime organizations and bad-actor governments, representing a potentially existential risk to companies that are breached. Current variations of crypto-ransomware target all vulnerable resources, including backup, making even partial recovery a complex and expensive exercise. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, LockBit and Nephilim have made the headlines, replacing Locky, TeslaCrypt, and Petya in notoriety, sophistication, and destructiveness.
Most crypto-ransomware breaches are the result of innocuous-looking emails with dangerous links or file attachments, and many are so-called "zero-day" variants that elude the defenses of legacy signature-based antivirus filters. While user education and frontline identification are important to protect your network against ransomware attacks, best practices demand that you assume some malware will eventually get through and that you deploy a solid backup mechanism that enables you to recover quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is a low-cost service built around an online discussion with a Progent security consultant experienced in ransomware defense and repair. In the course of this assessment Progent will cooperate directly with your Brasília network managers to collect critical information concerning your security configuration and backup environment. Progent will utilize this data to create a Basic Security and Best Practices Assessment detailing how to apply best practices for configuring and managing your cybersecurity and backup systems to prevent or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report focuses on key areas related to crypto-ransomware prevention and restoration recovery. The review addresses:
- Proper allocation and use of admin accounts
- Correct NTFS and SMB (Server Message Block) authorizations
- Optimal firewall setup
- Secure Remote Desktop Protocol (RDP) access
- Guidance for AntiVirus filtering selection and configuration
The online interview for the ProSight Ransomware Vulnerability Checkup service takes about an hour for a typical small business and longer for larger or more complicated environments. The written report includes suggestions for enhancing your ability to block or clean up after a ransomware assault and Progent offers as-needed expertise to assist you to create a cost-effective cybersecurity/backup solution customized for your business needs.
- Split permission architecture for backup integrity
- Backing up critical servers such as Active Directory
- Offsite backups with cloud backup to Azure
Ransomware is a type of malicious software that encrypts or deletes files so they cannot be used or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To prevent the damage, the target is asked to pay a certain amount of money, usually via a crypto currency such as Bitcoin, within a short time window. It is not guaranteed that paying the extortion price will recover the damaged data or prevent its exposure to the public. Files can be encrypted or erased throughout a network based on the victim's write permissions, and you cannot solve the strong encryption algorithms used on the hostage files. A typical ransomware delivery package is spoofed email, in which the victim is lured into interacting with by means of a social engineering technique called spear phishing. This makes the email to appear to come from a familiar source. Another popular vulnerability is an improperly protected RDP port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is estimated at billions of dollars per year, roughly doubling every two years. Famous attacks are Locky, and NotPetya. Recent high-profile variants like Ryuk, Sodinokibi and Cerber are more complex and have wreaked more damage than older strains. Even if your backup/recovery processes permit your business to restore your encrypted files, you can still be hurt by exfiltration, where ransomed documents are made public (known as "doxxing"). Because additional versions of ransomware are launched every day, there is no guarantee that conventional signature-matching anti-virus tools will detect a new malware. If threat does show up in an email, it is important that your end users have been taught to be aware of social engineering techniques. Your ultimate protection is a sound scheme for scheduling and keeping remote backups and the deployment of reliable restoration platforms.
Contact Progent About the ProSight Ransomware Vulnerability Evaluation in Brasília
For pricing information and to learn more about how Progent's ProSight Ransomware Readiness Consultation can bolster your defense against ransomware in Brasília, call Progent at 800-462-8800 or visit Contact Progent.