Ransomware has been widely adopted by cybercriminals and bad-actor states, posing a possibly lethal risk to businesses that are breached. The latest strains of crypto-ransomware go after all vulnerable resources, including online backup, making even selective recovery a challenging and costly process. Novel versions of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Nephilim have emerged, displacing WannaCry, Cerber, and CryptoWall in notoriety, sophistication, and destructive impact.
90% of crypto-ransomware breaches come from innocent-seeming emails that have malicious links or attachments, and a high percentage are "zero-day" variants that elude the defenses of traditional signature-matching antivirus filters. Although user training and frontline identification are critical to defend your network against ransomware, best practices demand that you expect that some attacks will eventually succeed and that you put in place a strong backup solution that permits you to repair the damage rapidly with minimal losses.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service centered around an online interview with a Progent security expert experienced in ransomware protection and repair. In the course of this assessment Progent will cooperate directly with your Calgary network managers to gather pertinent information concerning your security profile and backup environment. Progent will utilize this data to produce a Basic Security and Best Practices Report documenting how to follow best practices for configuring and managing your security and backup solution to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report focuses on vital areas related to ransomware defense and restoration recovery. The review covers:
- Correct use of administration accounts
- Appropriate NTFS (New Technology File System) and SMB authorizations
- Optimal firewall configuration
- Safe Remote Desktop Protocol connections
- Recommend AntiVirus filtering identification and configuration
The online interview included with the ProSight Ransomware Preparedness Report service lasts about one hour for a typical small company and requires more time for larger or more complicated environments. The written report features suggestions for enhancing your ability to ward off or clean up after a ransomware attack and Progent can provide on-demand expertise to help you and your IT staff to create a cost-effective cybersecurity/backup solution tailored to your specific needs.
- Split permission architecture for backup protection
- Backing up required servers such as Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a form of malware that encrypts or steals files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the victim's computer. To avoid the damage, the victim is asked to send a certain ransom, usually in the form of a crypto currency like Bitcoin, within a short time window. It is not guaranteed that paying the extortion price will restore the lost files or avoid its publication. Files can be encrypted or erased across a network based on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A common ransomware attack vector is booby-trapped email, in which the target is tricked into interacting with by means of a social engineering technique known as spear phishing. This causes the email to appear to come from a trusted sender. Another common vulnerability is a poorly protected Remote Desktop Protocol (RDP) port.
CryptoLocker opened the new age of ransomware in 2013, and the damage attributed to by different versions of ransomware is estimated at billions of dollars per year, roughly doubling every two years. Famous attacks include WannaCry, and Petya. Current high-profile variants like Ryuk, DoppelPaymer and Spora are more elaborate and have caused more havoc than older strains. Even if your backup/recovery processes allow your business to recover your encrypted files, you can still be hurt by exfiltration, where ransomed documents are exposed to the public (known as "doxxing"). Because new variants of ransomware crop up every day, there is no certainty that conventional signature-based anti-virus filters will detect a new attack. If threat does appear in an email, it is important that your end users have been taught to identify phishing tricks. Your last line of defense is a sound scheme for scheduling and retaining offsite backups plus the deployment of reliable recovery platforms.
Contact Progent About the ProSight Ransomware Readiness Report in Calgary
For pricing details and to learn more about how Progent's ProSight Ransomware Vulnerability Review can enhance your defense against crypto-ransomware in Calgary, call Progent at 800-462-8800 or see Contact Progent.