Ransomware has become the weapon of choice for cybercriminals and bad-actor states, posing a possibly lethal threat to companies that are successfully attacked. Modern strains of ransomware target all vulnerable resources, including online backup, making even selective restoration a challenging and costly exercise. New variations of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Snatch and Egregor have made the headlines, replacing Locky, Cerber, and Petya in prominence, sophistication, and destructiveness.
Most crypto-ransomware breaches are caused by innocuous-seeming emails with dangerous hyperlinks or file attachments, and a high percentage are "zero-day" variants that elude the defenses of traditional signature-matching antivirus (AV) tools. Although user training and up-front identification are important to defend your network against ransomware, best practices demand that you assume some malware will eventually get through and that you deploy a strong backup mechanism that allows you to restore files and services rapidly with little if any losses.
Progent's ProSight Ransomware Preparedness Report is a low-cost service built around an online discussion with a Progent cybersecurity consultant skilled in ransomware protection and recovery. In the course of this interview Progent will work with your Brasília network managers to gather pertinent data concerning your security profile and backup environment. Progent will utilize this data to produce a Basic Security and Best Practices Assessment detailing how to adhere to leading practices for implementing and managing your security and backup systems to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights key areas associated with crypto-ransomware defense and restoration recovery. The review addresses:
- Correct use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall settings
- Secure Remote Desktop Protocol (RDP) access
- Guidance for AntiVirus filtering identification and configuration
The remote interview included with the ProSight Ransomware Preparedness Report service takes about one hour for the average small business network and longer for bigger or more complex environments. The written report contains recommendations for improving your ability to ward off or clean up after a ransomware assault and Progent offers on-demand expertise to help your business to create an efficient security/data backup solution customized for your business needs.
- Split permission architecture for backup protection
- Protecting key servers including Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they are unusable or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To avoid the carnage, the target is required to send a certain amount of money, usually in the form of a crypto currency like Bitcoin, within a brief period of time. It is not guaranteed that delivering the extortion price will recover the lost data or prevent its publication. Files can be encrypted or deleted throughout a network based on the target's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the hostage files. A common ransomware delivery package is spoofed email, in which the user is tricked into interacting with by a social engineering technique called spear phishing. This makes the email to look as though it came from a trusted source. Another common attack vector is a poorly secured RDP port.
The ransomware variant CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the monetary losses caused by different versions of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Famous attacks include Locky, and NotPetya. Recent high-profile threats like Ryuk, Maze and TeslaCrypt are more sophisticated and have caused more havoc than earlier versions. Even if your backup/recovery processes permit your business to recover your ransomed files, you can still be threatened by so-called exfiltration, where ransomed documents are exposed to the public (known as "doxxing"). Because new variants of ransomware are launched every day, there is no certainty that conventional signature-matching anti-virus filters will block a new malware. If threat does appear in an email, it is critical that your users have been taught to be aware of phishing tricks. Your ultimate defense is a solid process for performing and keeping remote backups and the deployment of reliable restoration tools.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Assessment in Brasília
For pricing information and to learn more about how Progent's ProSight Ransomware Readiness Consultation can bolster your protection against crypto-ransomware in Brasília, phone Progent at 800-462-8800 or visit Contact Progent.