Ransomware has become the weapon of choice for cybercriminals and bad-actor states, posing a potentially existential risk to companies that are successfully attacked. Current strains of ransomware target all vulnerable resources, including online backup, making even partial recovery a complex and expensive exercise. New variations of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Nephilim have emerged, replacing WannaCry, TeslaCrypt, and Petya in notoriety, sophistication, and destructive impact.
90% of ransomware penetrations come from innocuous-seeming emails that include dangerous hyperlinks or file attachments, and a high percentage are "zero-day" attacks that elude the defenses of traditional signature-matching antivirus (AV) tools. Although user training and up-front detection are critical to protect against ransomware, leading practices dictate that you assume some attacks will eventually succeed and that you deploy a solid backup mechanism that permits you to restore files and services rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service centered around a remote interview with a Progent cybersecurity consultant skilled in ransomware protection and recovery. During this interview Progent will work directly with your Bristol IT management staff to gather pertinent information concerning your cybersecurity profile and backup environment. Progent will utilize this information to generate a Basic Security and Best Practices Report detailing how to adhere to leading practices for implementing and administering your cybersecurity and backup systems to block or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on vital issues associated with crypto-ransomware defense and restoration recovery. The report covers:
- Proper allocation and use of admin accounts
- Appropriate NTFS and SMB (Server Message Block) permissions
- Proper firewall configuration
- Safe Remote Desktop Protocol (RDP) access
- Advice about AntiVirus tools selection and deployment
The remote interview included with the ProSight Ransomware Vulnerability Report service lasts about an hour for the average small business and longer for bigger or more complex IT environments. The written report includes suggestions for enhancing your ability to block or clean up after a ransomware assault and Progent offers on-demand expertise to assist you and your IT staff to design and deploy a cost-effective cybersecurity/data backup system tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting required servers including Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a form of malware that encrypts or steals a victim's files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the victim's computer. To avoid the damage, the target is asked to send a specified ransom, typically via a crypto currency like Bitcoin, within a brief time window. It is never certain that paying the ransom will recover the lost files or prevent its exposure to the public. Files can be altered or erased across a network based on the target's write permissions, and you cannot break the strong encryption algorithms used on the hostage files. A typical ransomware delivery package is spoofed email, whereby the target is tricked into interacting with by a social engineering technique known as spear phishing. This causes the email message to appear to come from a familiar sender. Another common attack vector is a poorly protected RDP port.
The ransomware variant CryptoLocker opened the new age of crypto-ransomware in 2013, and the damage attributed to by the many versions of ransomware is estimated at billions of dollars annually, more than doubling every two years. Notorious examples are Locky, and Petya. Recent high-profile variants like Ryuk, Maze and TeslaCrypt are more complex and have caused more damage than older strains. Even if your backup processes enable your business to recover your ransomed data, you can still be threatened by so-called exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because new variants of ransomware crop up daily, there is no guarantee that conventional signature-matching anti-virus filters will detect a new malware. If an attack does appear in an email, it is critical that your end users have learned to identify phishing tricks. Your last line of protection is a solid scheme for performing and keeping remote backups plus the deployment of dependable restoration tools.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Testing in Bristol
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Susceptibility Assessment can bolster your defense against crypto-ransomware in Bristol, call Progent at 800-462-8800 or visit Contact Progent.