Ransomware has been widely adopted by cybercriminals and bad-actor states, representing a potentially existential risk to companies that are breached. Modern variations of ransomware target everything, including online backup, making even partial recovery a complex and expensive exercise. Novel variations of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Egregor have emerged, replacing Locky, Cerber, and Petya in notoriety, sophistication, and destructive impact.
Most ransomware penetrations are the result of innocuous-seeming emails that have malicious links or file attachments, and a high percentage are so-called "zero-day" attacks that can escape the defenses of legacy signature-matching antivirus (AV) filters. While user training and frontline identification are critical to defend your network against ransomware, best practices dictate that you take for granted some malware will inevitably get through and that you prepare a strong backup solution that enables you to repair the damage rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service built around a remote discussion with a Progent security consultant experienced in ransomware defense and repair. In the course of this interview Progent will collaborate directly with your Calgary IT management staff to gather critical data concerning your security posture and backup environment. Progent will use this information to produce a Basic Security and Best Practices Report documenting how to adhere to best practices for implementing and managing your security and backup systems to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights vital issues associated with ransomware prevention and restoration recovery. The report addresses:
- Correct allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB permissions
- Optimal firewall settings
- Secure Remote Desktop Protocol (RDP) connections
- Guidance for AntiVirus tools selection and deployment
The remote interview process included with the ProSight Ransomware Vulnerability Checkup service takes about an hour for a typical small company and requires more time for bigger or more complex IT environments. The written report includes recommendations for enhancing your ability to ward off or recover from a ransomware attack and Progent can provide as-needed expertise to assist your business to create a cost-effective cybersecurity/data backup solution tailored to your business requirements.
- Split permission architecture for backup integrity
- Protecting critical servers such as Active Directory
- Offsite backups with cloud backup to Azure
Ransomware is a type of malicious software that encrypts or steals a victim's files so they cannot be used or are publicized. Crypto-ransomware often locks the target's computer. To avoid the carnage, the victim is asked to pay a certain amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a short time window. It is never certain that delivering the extortion price will restore the lost files or avoid its publication. Files can be encrypted or erased across a network depending on the target's write permissions, and you cannot break the strong encryption technologies used on the compromised files. A common ransomware attack vector is spoofed email, whereby the victim is lured into responding to by a social engineering technique called spear phishing. This causes the email message to appear to come from a trusted source. Another popular attack vector is an improperly protected RDP port.
The ransomware variant CryptoLocker opened the new age of crypto-ransomware in 2013, and the damage attributed to by different versions of ransomware is estimated at billions of dollars per year, more than doubling every two years. Notorious attacks are Locky, and NotPetya. Recent high-profile threats like Ryuk, DoppelPaymer and Cerber are more complex and have wreaked more damage than earlier strains. Even if your backup procedures allow your business to recover your encrypted files, you can still be threatened by so-called exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new versions of ransomware are launched daily, there is no guarantee that conventional signature-based anti-virus filters will block a new malware. If an attack does appear in an email, it is critical that your users have learned to be aware of phishing techniques. Your last line of protection is a solid process for performing and retaining offsite backups plus the deployment of reliable restoration platforms.
Contact Progent About the ProSight Ransomware Preparedness Evaluation in Calgary
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Readiness Audit can bolster your defense against ransomware in Calgary, phone Progent at 800-462-8800 or see Contact Progent.