Ransomware has been weaponized by the major cyber-crime organizations and rogue states, posing a potentially lethal risk to businesses that are victimized. Modern versions of ransomware target everything, including backup, making even partial recovery a challenging and costly exercise. New variations of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, LockBit and Nephilim have made the headlines, displacing Locky, Cerber, and CryptoWall in notoriety, elaborateness, and destructiveness.
90% of crypto-ransomware penetrations are the result of innocuous-looking emails with dangerous links or attachments, and a high percentage are "zero-day" strains that elude detection by legacy signature-matching antivirus filters. Although user education and up-front detection are critical to protect against ransomware attacks, leading practices demand that you take for granted some malware will eventually get through and that you put in place a strong backup solution that permits you to restore files and services rapidly with minimal losses.
Progent's ProSight Ransomware Preparedness Report is a low-cost service centered around an online interview with a Progent security consultant experienced in ransomware protection and recovery. In the course of this interview Progent will cooperate with your Brighton network managers to collect critical data concerning your cybersecurity profile and backup environment. Progent will use this information to produce a Basic Security and Best Practices Assessment documenting how to follow best practices for configuring and administering your security and backup solution to block or clean up after a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights vital areas associated with crypto-ransomware defense and restoration recovery. The review covers:
- Proper use of admin accounts
- Assigning NTFS and SMB (Server Message Block) authorizations
- Proper firewall configuration
- Secure Remote Desktop Protocol connections
- Recommend AntiVirus (AV) tools selection and deployment
The online interview process included with the ProSight Ransomware Preparedness Report service lasts about one hour for a typical small business network and requires more time for larger or more complicated IT environments. The written report features suggestions for enhancing your ability to block or clean up after a ransomware attack and Progent can provide as-needed consulting services to assist you to create a cost-effective cybersecurity/data backup system tailored to your specific requirements.
- Split permission architecture for backup integrity
- Backing up critical servers including Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or deletes files so they are unusable or are publicized. Ransomware sometimes locks the victim's computer. To avoid the carnage, the victim is required to send a certain amount of money (the ransom), usually in the form of a crypto currency like Bitcoin, within a brief time window. There is no guarantee that delivering the extortion price will recover the damaged data or avoid its publication. Files can be altered or erased throughout a network depending on the victim's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the compromised files. A typical ransomware attack vector is spoofed email, whereby the target is lured into interacting with by a social engineering exploit called spear phishing. This makes the email to appear to come from a trusted sender. Another popular vulnerability is an improperly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage caused by the many strains of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Notorious attacks are Locky, and NotPetya. Recent high-profile threats like Ryuk, Maze and TeslaCrypt are more elaborate and have caused more damage than earlier versions. Even if your backup processes permit you to restore your ransomed files, you can still be hurt by so-called exfiltration, where ransomed documents are exposed to the public. Because new versions of ransomware are launched daily, there is no guarantee that conventional signature-matching anti-virus filters will block the latest malware. If an attack does show up in an email, it is critical that your users have learned to be aware of phishing techniques. Your ultimate defense is a solid scheme for performing and retaining offsite backups plus the use of reliable restoration tools.
Contact Progent About the ProSight Ransomware Susceptibility Audit in Brighton
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Readiness Evaluation can enhance your protection against crypto-ransomware in Brighton, call Progent at 800-462-8800 or visit Contact Progent.