Ransomware has been widely adopted by the major cyber-crime organizations and bad-actor states, posing a potentially existential risk to businesses that are successfully attacked. Modern versions of ransomware go after all vulnerable resources, including backup, making even partial recovery a complex and costly process. Novel versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Egregor have made the headlines, replacing WannaCry, TeslaCrypt, and CryptoWall in prominence, sophistication, and destructive impact.
Most ransomware penetrations are the result of innocuous-looking emails that have dangerous links or file attachments, and many are "zero-day" attacks that elude the defenses of traditional signature-based antivirus tools. Although user education and up-front identification are critical to protect your network against ransomware, leading practices demand that you assume some attacks will eventually get through and that you put in place a solid backup mechanism that allows you to recover quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service centered around a remote interview with a Progent security consultant experienced in ransomware protection and recovery. During this interview Progent will collaborate directly with your Calgary network managers to gather critical information about your security posture and backup processes. Progent will utilize this data to create a Basic Security and Best Practices Assessment documenting how to apply best practices for configuring and managing your cybersecurity and backup systems to block or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on vital areas related to crypto-ransomware prevention and restoration recovery. The review covers:
- Correct use of admin accounts
- Correct NTFS and SMB (Server Message Block) authorizations
- Optimal firewall settings
- Secure Remote Desktop Protocol configuration
- Recommend AntiVirus (AV) tools selection and configuration
The remote interview included with the ProSight Ransomware Preparedness Checkup service takes about one hour for the average small company and longer for bigger or more complicated IT environments. The report document contains suggestions for enhancing your ability to ward off or recover from a ransomware assault and Progent can provide on-demand consulting services to help you and your IT staff to design and deploy a cost-effective cybersecurity/backup solution customized for your business needs.
- Split permission model for backup protection
- Backing up critical servers such as Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals files so they are unusable or are publicized. Crypto-ransomware often locks the victim's computer. To prevent the carnage, the target is required to pay a certain amount of money, usually in the form of a crypto currency such as Bitcoin, within a brief time window. It is not guaranteed that delivering the extortion price will recover the lost files or avoid its publication. Files can be encrypted or erased throughout a network depending on the target's write permissions, and you cannot reverse engineer the strong encryption technologies used on the compromised files. A common ransomware attack vector is spoofed email, in which the target is tricked into responding to by means of a social engineering exploit known as spear phishing. This causes the email message to appear to come from a familiar source. Another popular vulnerability is an improperly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker opened the modern era of crypto-ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is estimated at billions of dollars annually, more than doubling every other year. Notorious examples include WannaCry, and Petya. Recent headline threats like Ryuk, Sodinokibi and Cerber are more sophisticated and have caused more damage than earlier strains. Even if your backup/recovery procedures enable you to restore your encrypted files, you can still be threatened by exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because additional versions of ransomware are launched every day, there is no certainty that conventional signature-based anti-virus tools will detect the latest attack. If an attack does show up in an email, it is important that your end users have learned to be aware of social engineering tricks. Your ultimate protection is a solid process for performing and retaining remote backups and the use of reliable restoration tools.
Ask Progent About the ProSight Ransomware Readiness Assessment in Calgary
For pricing information and to find out more about how Progent's ProSight Ransomware Susceptibility Assessment can bolster your protection against ransomware in Calgary, call Progent at 800-462-8800 or see Contact Progent.