Ransomware has become the weapon of choice for the major cyber-crime organizations and malicious governments, representing a potentially lethal threat to businesses that are victimized. The latest versions of crypto-ransomware target all vulnerable resources, including backup, making even selective recovery a complex and costly process. New strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Lockbit and Nephilim have made the headlines, displacing Locky, Cerber, and NotPetya in prominence, sophistication, and destructiveness.
90% of ransomware penetrations come from innocent-looking emails that include malicious hyperlinks or attachments, and many are "zero-day" variants that elude detection by legacy signature-based antivirus (AV) filters. Although user training and frontline detection are important to defend your network against ransomware, leading practices demand that you assume some attacks will inevitably get through and that you prepare a strong backup mechanism that enables you to restore files and services rapidly with minimal losses.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service built around an online discussion with a Progent security consultant experienced in ransomware protection and repair. During this interview Progent will collaborate with your Calgary IT management staff to gather critical information about your security profile and backup environment. Progent will utilize this data to generate a Basic Security and Best Practices Report documenting how to adhere to best practices for implementing and managing your cybersecurity and backup solution to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital areas related to ransomware prevention and restoration recovery. The report addresses:
- Correct allocation and use of admin accounts
- Correct NTFS and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Safe RDP access
- Advice about AntiVirus (AV) tools selection and configuration
The online interview process included with the ProSight Ransomware Preparedness Report service takes about an hour for a typical small company and longer for larger or more complex IT environments. The report document features suggestions for enhancing your ability to ward off or recover from a ransomware incident and Progent offers on-demand consulting services to assist you and your IT staff to create a cost-effective security/backup system tailored to your business requirements.
- Split permission architecture for backup protection
- Protecting required servers including AD
- Offsite backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they are unusable or are made publicly available. Crypto-ransomware sometimes locks the victim's computer. To prevent the damage, the target is required to pay a certain amount of money (the ransom), usually in the form of a crypto currency like Bitcoin, within a brief period of time. It is never certain that paying the extortion price will restore the lost files or prevent its publication. Files can be encrypted or deleted throughout a network depending on the victim's write permissions, and you cannot break the military-grade encryption algorithms used on the hostage files. A typical ransomware attack vector is spoofed email, in which the victim is lured into responding to by means of a social engineering technique known as spear phishing. This causes the email message to look as though it came from a trusted source. Another common vulnerability is a poorly secured RDP port.
The ransomware variant CryptoLocker ushered in the new age of ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous examples include WannaCry, and NotPetya. Current headline variants like Ryuk, DoppelPaymer and CryptoWall are more complex and have caused more damage than older versions. Even if your backup processes allow you to restore your encrypted files, you can still be hurt by so-called exfiltration, where ransomed data are exposed to the public. Because new variants of ransomware are launched daily, there is no certainty that traditional signature-matching anti-virus filters will detect a new malware. If an attack does appear in an email, it is critical that your users have learned to identify social engineering techniques. Your ultimate defense is a sound process for scheduling and keeping remote backups and the use of reliable restoration platforms.
Contact Progent About the ProSight Ransomware Preparedness Audit in Calgary
For pricing details and to learn more about how Progent's ProSight Crypto-Ransomware Preparedness Consultation can enhance your defense against crypto-ransomware in Calgary, call Progent at 800-993-9400 or see Contact Progent.