Ransomware has become the weapon of choice for cybercriminals and malicious governments, posing a possibly existential risk to businesses that are successfully attacked. Modern strains of crypto-ransomware go after all vulnerable resources, including backup, making even selective recovery a long and expensive exercise. Novel versions of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Egregor have made the headlines, replacing Locky, Cerber, and CryptoWall in notoriety, sophistication, and destructive impact.
Most ransomware penetrations are the result of innocent-looking emails with malicious links or file attachments, and many are so-called "zero-day" variants that elude the defenses of legacy signature-matching antivirus (AV) filters. While user training and frontline detection are critical to protect against ransomware attacks, leading practices demand that you expect that some malware will eventually succeed and that you implement a solid backup mechanism that permits you to recover quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Report is an ultra-affordable service centered around a remote interview with a Progent cybersecurity consultant experienced in ransomware defense and repair. In the course of this interview Progent will collaborate directly with your Broomfield network managers to gather critical data concerning your security posture and backup environment. Progent will utilize this information to generate a Basic Security and Best Practices Report detailing how to apply best practices for implementing and managing your security and backup systems to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights vital areas related to crypto-ransomware defense and restoration recovery. The review addresses:
- Proper use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Optimal firewall settings
- Safe Remote Desktop Protocol connections
- Recommend AntiVirus (AV) tools identification and configuration
The online interview included with the ProSight Ransomware Preparedness Assessment service lasts about one hour for a typical small business network and longer for larger or more complicated environments. The written report features suggestions for improving your ability to block or recover from a ransomware attack and Progent can provide as-needed expertise to help your business to design and deploy an efficient cybersecurity/backup system tailored to your business requirements.
- Split permission model for backup integrity
- Backing up key servers including AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a type of malware that encrypts or steals files so they are unusable or are made publicly available. Ransomware often locks the victim's computer. To prevent the carnage, the target is asked to pay a certain amount of money, typically in the form of a crypto currency like Bitcoin, within a brief time window. It is never certain that paying the ransom will restore the damaged data or prevent its exposure to the public. Files can be encrypted or erased across a network depending on the target's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A typical ransomware attack vector is tainted email, whereby the user is lured into responding to by a social engineering exploit known as spear phishing. This makes the email to look as though it came from a trusted source. Another common attack vector is a poorly secured RDP port.
The ransomware variant CryptoLocker opened the new age of crypto-ransomware in 2013, and the monetary losses attributed to by the many strains of ransomware is said to be billions of dollars annually, roughly doubling every two years. Notorious examples are WannaCry, and NotPetya. Current high-profile threats like Ryuk, DoppelPaymer and Spora are more complex and have caused more damage than earlier versions. Even if your backup processes allow you to recover your encrypted data, you can still be threatened by so-called exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because additional variants of ransomware crop up every day, there is no certainty that conventional signature-based anti-virus filters will block a new attack. If threat does show up in an email, it is important that your end users have been taught to identify phishing tricks. Your ultimate defense is a solid process for performing and retaining offsite backups plus the use of reliable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Readiness Consultation in Broomfield
For pricing information and to find out more about how Progent's ProSight Ransomware Preparedness Assessment can enhance your defense against crypto-ransomware in Broomfield, phone Progent at 800-462-8800 or visit Contact Progent.