Ransomware has been widely adopted by the major cyber-crime organizations and rogue governments, posing a potentially lethal threat to businesses that are successfully attacked. Current variations of crypto-ransomware go after everything, including backup, making even partial restoration a long and expensive exercise. Novel strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Nephilim have made the headlines, displacing WannaCry, Cerber, and NotPetya in prominence, sophistication, and destructive impact.
90% of crypto-ransomware breaches are the result of innocuous-seeming emails with malicious hyperlinks or file attachments, and many are "zero-day" strains that elude detection by legacy signature-based antivirus filters. Although user education and frontline detection are critical to defend your network against ransomware attacks, best practices dictate that you assume some malware will inevitably get through and that you put in place a solid backup solution that enables you to repair the damage rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service centered around a remote interview with a Progent cybersecurity consultant experienced in ransomware protection and recovery. In the course of this interview Progent will collaborate directly with your Brighton network managers to collect critical data about your security profile and backup processes. Progent will utilize this data to generate a Basic Security and Best Practices Report documenting how to follow best practices for implementing and administering your cybersecurity and backup systems to prevent or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital areas associated with ransomware prevention and restoration recovery. The report addresses:
- Proper use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall setup
- Secure Remote Desktop Protocol configuration
- Guidance for AntiVirus tools selection and configuration
The remote interview process included with the ProSight Ransomware Vulnerability Assessment service lasts about an hour for a typical small business and requires more time for larger or more complicated environments. The written report features suggestions for enhancing your ability to block or clean up after a ransomware attack and Progent can provide as-needed expertise to help your business to design and deploy an efficient cybersecurity/backup system tailored to your specific requirements.
- Split permission architecture for backup protection
- Backing up key servers including AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Crypto-ransomware often locks the target's computer. To avoid the carnage, the victim is asked to pay a certain ransom, usually in the form of a crypto currency like Bitcoin, within a short period of time. It is never certain that paying the extortion price will restore the damaged files or prevent its exposure to the public. Files can be encrypted or erased throughout a network based on the victim's write permissions, and you cannot solve the strong encryption algorithms used on the compromised files. A common ransomware delivery package is spoofed email, in which the victim is tricked into interacting with by a social engineering exploit called spear phishing. This causes the email message to appear to come from a familiar source. Another common attack vector is an improperly protected RDP port.
CryptoLocker opened the modern era of crypto-ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is estimated at billions of dollars annually, more than doubling every other year. Notorious examples include WannaCry, and Petya. Recent headline variants like Ryuk, DoppelPaymer and Spora are more sophisticated and have wreaked more havoc than earlier strains. Even if your backup/recovery procedures allow your business to restore your ransomed data, you can still be hurt by exfiltration, where ransomed data are made public. Because new versions of ransomware are launched daily, there is no certainty that traditional signature-based anti-virus filters will detect a new malware. If threat does appear in an email, it is important that your users have been taught to be aware of social engineering tricks. Your ultimate defense is a solid scheme for scheduling and keeping remote backups plus the use of reliable restoration tools.
Ask Progent About the ProSight Ransomware Susceptibility Review in Brighton
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Susceptibility Report can bolster your protection against crypto-ransomware in Brighton, phone Progent at 800-462-8800 or see Contact Progent.