Ransomware has been weaponized by the major cyber-crime organizations and rogue states, posing a potentially lethal threat to businesses that are breached. Current variations of ransomware go after everything, including online backup, making even selective recovery a challenging and costly process. Novel variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Conti and Nephilim have emerged, replacing WannaCry, TeslaCrypt, and Petya in notoriety, elaborateness, and destructive impact.
Most crypto-ransomware penetrations are caused by innocuous-seeming emails that have dangerous hyperlinks or attachments, and a high percentage are "zero-day" attacks that elude the defenses of traditional signature-matching antivirus filters. While user training and frontline detection are important to defend against ransomware attacks, best practices dictate that you assume some malware will eventually succeed and that you prepare a solid backup mechanism that enables you to recover rapidly with little if any losses.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service built around a remote discussion with a Progent security consultant experienced in ransomware defense and repair. In the course of this assessment Progent will work with your Calgary IT managers to collect pertinent information about your security configuration and backup environment. Progent will utilize this data to create a Basic Security and Best Practices Report detailing how to apply leading practices for configuring and administering your cybersecurity and backup systems to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas related to crypto-ransomware prevention and restoration recovery. The report covers:
- Correct use of administration accounts
- Appropriate NTFS and SMB permissions
- Proper firewall configuration
- Secure RDP access
- Recommend AntiVirus (AV) filtering identification and configuration
The remote interview for the ProSight Ransomware Vulnerability Assessment service lasts about one hour for a typical small company and longer for bigger or more complex environments. The report document features suggestions for improving your ability to ward off or clean up after a ransomware assault and Progent offers on-demand consulting services to help you and your IT staff to create a cost-effective security/data backup system tailored to your business requirements.
- Split permission architecture for backup integrity
- Backing up critical servers including Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals files so they cannot be used or are made publicly available. Ransomware sometimes locks the victim's computer. To prevent the carnage, the target is asked to pay a specified amount of money, usually in the form of a crypto currency like Bitcoin, within a short period of time. It is never certain that paying the ransom will restore the lost files or prevent its publication. Files can be altered or erased throughout a network based on the target's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the hostage files. A common ransomware attack vector is tainted email, in which the target is tricked into interacting with by means of a social engineering exploit known as spear phishing. This causes the email to appear to come from a trusted source. Another common attack vector is an improperly protected Remote Desktop Protocol (RDP) port.
CryptoLocker ushered in the new age of ransomware in 2013, and the damage attributed to by different versions of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous examples include WannaCry, and NotPetya. Recent headline variants like Ryuk, Sodinokibi and CryptoWall are more sophisticated and have caused more damage than older versions. Even if your backup processes allow your business to recover your encrypted data, you can still be hurt by so-called exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because new variants of ransomware crop up daily, there is no guarantee that conventional signature-matching anti-virus tools will block a new malware. If threat does appear in an email, it is critical that your end users have learned to identify social engineering techniques. Your ultimate protection is a solid process for scheduling and keeping remote backups and the deployment of reliable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Susceptibility Assessment in Calgary
For pricing information and to find out more about how Progent's ProSight Ransomware Susceptibility Audit can bolster your protection against crypto-ransomware in Calgary, call Progent at 800-462-8800 or visit Contact Progent.