Ransomware has become the weapon of choice for the major cyber-crime organizations and bad-actor governments, posing a potentially existential threat to businesses that are breached. Current strains of ransomware go after all vulnerable resources, including backup, making even partial recovery a challenging and expensive exercise. Novel strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have made the headlines, displacing Locky, Spora, and CryptoWall in prominence, elaborateness, and destructiveness.
90% of crypto-ransomware infections come from innocent-looking emails that have malicious links or attachments, and many are so-called "zero-day" variants that elude the defenses of legacy signature-based antivirus (AV) tools. Although user education and frontline detection are critical to protect your network against ransomware attacks, best practices demand that you expect that some attacks will inevitably succeed and that you prepare a strong backup mechanism that allows you to restore files and services quickly with minimal losses.
Progent's ProSight Ransomware Preparedness Assessment is an ultra-affordable service built around an online interview with a Progent cybersecurity expert skilled in ransomware defense and repair. In the course of this assessment Progent will cooperate directly with your Bristol IT management staff to gather critical data about your security setup and backup environment. Progent will utilize this data to create a Basic Security and Best Practices Assessment documenting how to follow leading practices for configuring and managing your security and backup solution to block or recover from a ransomware attack.
Progent's Basic Security and Best Practices Report highlights key issues associated with crypto-ransomware prevention and restoration recovery. The report covers:
- Correct use of administration accounts
- Assigning NTFS and SMB authorizations
- Proper firewall setup
- Safe Remote Desktop Protocol configuration
- Advice about AntiVirus tools identification and configuration
The remote interview included with the ProSight Ransomware Preparedness Checkup service takes about an hour for a typical small company and longer for bigger or more complex environments. The written report features suggestions for enhancing your ability to block or recover from a ransomware incident and Progent can provide on-demand expertise to help you and your IT staff to create a cost-effective cybersecurity/data backup solution tailored to your specific needs.
- Split permission model for backup integrity
- Backing up key servers including Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Ransomware sometimes locks the target's computer. To prevent the carnage, the target is required to pay a specified ransom, typically via a crypto currency like Bitcoin, within a short period of time. There is no guarantee that delivering the extortion price will restore the lost files or avoid its publication. Files can be encrypted or deleted throughout a network depending on the victim's write permissions, and you cannot solve the strong encryption technologies used on the compromised files. A common ransomware attack vector is spoofed email, whereby the victim is lured into interacting with by means of a social engineering technique known as spear phishing. This causes the email to appear to come from a familiar source. Another popular vulnerability is an improperly protected Remote Desktop Protocol port.
CryptoLocker opened the new age of ransomware in 2013, and the monetary losses attributed to by the many strains of ransomware is estimated at billions of dollars per year, more than doubling every two years. Notorious examples are Locky, and Petya. Recent high-profile variants like Ryuk, Sodinokibi and CryptoWall are more sophisticated and have wreaked more havoc than older versions. Even if your backup processes enable your business to recover your encrypted data, you can still be hurt by exfiltration, where ransomed documents are made public (known as "doxxing"). Because new variants of ransomware are launched daily, there is no certainty that conventional signature-matching anti-virus filters will block the latest malware. If threat does show up in an email, it is important that your users have learned to be aware of phishing tricks. Your ultimate defense is a solid process for scheduling and retaining offsite backups and the use of reliable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Susceptibility Evaluation in Bristol
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Vulnerability Report can enhance your defense against ransomware in Bristol, call Progent at 800-462-8800 or see Contact Progent.