Ransomware has been weaponized by cyber extortionists and rogue governments, posing a potentially existential threat to companies that are successfully attacked. Current variations of crypto-ransomware go after all vulnerable resources, including backup, making even selective restoration a complex and expensive process. Novel strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Conti and Egregor have emerged, displacing Locky, Spora, and NotPetya in prominence, sophistication, and destructiveness.
Most crypto-ransomware infections are caused by innocent-looking emails that have dangerous hyperlinks or attachments, and many are "zero-day" attacks that elude the defenses of legacy signature-based antivirus filters. While user training and up-front identification are critical to protect your network against ransomware, leading practices demand that you assume some malware will eventually get through and that you implement a strong backup mechanism that enables you to restore files and services quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service built around an online interview with a Progent security consultant skilled in ransomware protection and repair. In the course of this assessment Progent will collaborate directly with your Broomfield IT managers to collect critical data about your security profile and backup environment. Progent will utilize this data to produce a Basic Security and Best Practices Assessment detailing how to apply leading practices for configuring and managing your security and backup solution to prevent or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key issues associated with ransomware prevention and restoration recovery. The review addresses:
- Effective use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Proper firewall settings
- Safe Remote Desktop Protocol configuration
- Advice about AntiVirus tools identification and configuration
The remote interview for the ProSight Ransomware Preparedness Report service takes about one hour for a typical small business network and longer for bigger or more complicated IT environments. The report document contains suggestions for improving your ability to ward off or recover from a ransomware incident and Progent offers on-demand expertise to assist your business to design and deploy a cost-effective security/data backup system tailored to your business requirements.
- Split permission model for backup integrity
- Protecting key servers including Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or deletes files so they are unusable or are made publicly available. Ransomware often locks the target's computer. To avoid the damage, the target is required to pay a certain amount of money, usually via a crypto currency like Bitcoin, within a short period of time. There is no guarantee that delivering the extortion price will recover the damaged data or avoid its exposure to the public. Files can be encrypted or erased across a network depending on the target's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the compromised files. A typical ransomware delivery package is tainted email, whereby the user is lured into interacting with by a social engineering exploit called spear phishing. This makes the email message to look as though it came from a trusted source. Another popular attack vector is a poorly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the damage attributed to by different strains of ransomware is said to be billions of dollars annually, roughly doubling every two years. Famous examples are WannaCry, and NotPetya. Recent high-profile variants like Ryuk, Maze and TeslaCrypt are more sophisticated and have wreaked more damage than earlier versions. Even if your backup/recovery procedures allow you to recover your ransomed files, you can still be hurt by so-called exfiltration, where stolen documents are made public (known as "doxxing"). Because additional versions of ransomware crop up every day, there is no guarantee that traditional signature-matching anti-virus tools will block the latest malware. If threat does appear in an email, it is important that your end users have been taught to identify phishing techniques. Your ultimate defense is a sound scheme for scheduling and retaining offsite backups and the deployment of reliable recovery tools.
Ask Progent About the ProSight Crypto-Ransomware Vulnerability Audit in Broomfield
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Preparedness Assessment can bolster your defense against ransomware in Broomfield, call Progent at 800-462-8800 or visit Contact Progent.