Ransomware has been weaponized by the major cyber-crime organizations and malicious states, posing a possibly existential risk to companies that fall victim. Modern strains of crypto-ransomware target everything, including online backup, making even selective recovery a challenging and expensive exercise. Novel versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, LockBit and Nephilim have made the headlines, replacing WannaCry, TeslaCrypt, and Petya in notoriety, elaborateness, and destructive impact.
90% of crypto-ransomware penetrations are the result of innocuous-looking emails with dangerous hyperlinks or file attachments, and a high percentage are "zero-day" variants that can escape detection by legacy signature-based antivirus (AV) tools. Although user training and up-front identification are important to protect your network against ransomware, best practices demand that you take for granted some attacks will inevitably succeed and that you implement a strong backup mechanism that allows you to restore files and services rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service centered around a remote discussion with a Progent security consultant skilled in ransomware defense and recovery. In the course of this assessment Progent will cooperate directly with your Buffalo network managers to gather pertinent data concerning your security setup and backup processes. Progent will use this information to generate a Basic Security and Best Practices Assessment documenting how to follow best practices for configuring and managing your cybersecurity and backup solution to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on vital issues associated with crypto-ransomware prevention and restoration recovery. The review addresses:
- Correct allocation and use of admin accounts
- Assigning NTFS (New Technology File System) and SMB authorizations
- Proper firewall settings
- Secure Remote Desktop Protocol (RDP) connections
- Recommend AntiVirus (AV) tools identification and deployment
The online interview process included with the ProSight Ransomware Preparedness Assessment service lasts about an hour for a typical small company and longer for bigger or more complicated environments. The report document includes recommendations for improving your ability to ward off or recover from a ransomware incident and Progent offers as-needed consulting services to assist you to design and deploy an efficient security/backup system customized for your business requirements.
- Split permission model for backup integrity
- Backing up required servers including AD
- Geographically dispersed backups including cloud backup to Microsoft Azure
Ransomware is a variety of malware that encrypts or steals a victim's files so they cannot be used or are made publicly available. Crypto-ransomware often locks the victim's computer. To prevent the damage, the victim is asked to send a specified ransom, typically in the form of a crypto currency like Bitcoin, within a brief period of time. It is not guaranteed that delivering the ransom will recover the lost data or prevent its exposure to the public. Files can be encrypted or erased throughout a network depending on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the hostage files. A typical ransomware delivery package is spoofed email, whereby the target is lured into responding to by a social engineering technique known as spear phishing. This makes the email to look as though it came from a familiar sender. Another popular vulnerability is an improperly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker ushered in the new age of ransomware in 2013, and the monetary losses caused by different versions of ransomware is estimated at billions of dollars annually, more than doubling every two years. Famous examples are Locky, and NotPetya. Current headline threats like Ryuk, DoppelPaymer and Cerber are more sophisticated and have caused more havoc than older versions. Even if your backup procedures permit your business to recover your encrypted files, you can still be hurt by exfiltration, where ransomed documents are made public. Because new variants of ransomware crop up daily, there is no certainty that traditional signature-matching anti-virus tools will detect the latest attack. If an attack does appear in an email, it is critical that your users have learned to identify social engineering techniques. Your ultimate defense is a sound scheme for scheduling and keeping remote backups plus the use of reliable recovery tools.
Contact Progent About the ProSight Ransomware Readiness Audit in Buffalo
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Testing can enhance your protection against crypto-ransomware in Buffalo, call Progent at 800-462-8800 or see Contact Progent.