Ransomware has become the weapon of choice for cyber extortionists and rogue states, representing a potentially lethal threat to companies that are breached. Modern strains of ransomware go after everything, including online backup, making even selective recovery a complex and costly exercise. Novel strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, LockBit and Nephilim have made the headlines, replacing WannaCry, Spora, and CryptoWall in prominence, sophistication, and destructive impact.
Most crypto-ransomware infections are the result of innocuous-looking emails that have dangerous links or file attachments, and many are "zero-day" variants that can escape the defenses of traditional signature-matching antivirus filters. Although user training and up-front detection are important to protect your network against ransomware, leading practices dictate that you expect that some malware will eventually succeed and that you prepare a strong backup solution that allows you to repair the damage rapidly with little if any damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service built around an online discussion with a Progent security consultant experienced in ransomware protection and repair. During this assessment Progent will collaborate directly with your Campinas network management staff to collect critical information about your security configuration and backup processes. Progent will use this information to generate a Basic Security and Best Practices Report documenting how to follow leading practices for implementing and managing your security and backup systems to block or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on vital areas associated with ransomware defense and restoration recovery. The report addresses:
- Proper use of admin accounts
- Correct NTFS and SMB (Server Message Block) permissions
- Proper firewall setup
- Safe RDP access
- Guidance for AntiVirus filtering identification and configuration
The remote interview process for the ProSight Ransomware Vulnerability Assessment service lasts about an hour for a typical small business and requires more time for larger or more complex environments. The written report includes suggestions for improving your ability to block or recover from a ransomware assault and Progent can provide on-demand consulting services to help you to create an efficient security/data backup system tailored to your business requirements.
- Split permission architecture for backup protection
- Protecting required servers such as AD
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or steals files so they are unusable or are publicized. Crypto-ransomware sometimes locks the victim's computer. To prevent the carnage, the target is asked to send a specified amount of money (the ransom), usually in the form of a crypto currency like Bitcoin, within a short time window. There is no guarantee that delivering the ransom will recover the lost files or prevent its exposure to the public. Files can be altered or deleted across a network depending on the target's write permissions, and you cannot solve the strong encryption technologies used on the hostage files. A common ransomware attack vector is booby-trapped email, in which the target is lured into responding to by a social engineering exploit called spear phishing. This makes the email message to look as though it came from a trusted source. Another popular attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the damage attributed to by different versions of ransomware is said to be billions of dollars per year, roughly doubling every two years. Notorious examples are Locky, and NotPetya. Current headline threats like Ryuk, DoppelPaymer and Cerber are more complex and have caused more damage than earlier versions. Even if your backup procedures allow you to restore your ransomed files, you can still be threatened by exfiltration, where stolen documents are made public (known as "doxxing"). Because new variants of ransomware are launched every day, there is no guarantee that traditional signature-based anti-virus filters will block the latest attack. If threat does appear in an email, it is important that your users have been taught to be aware of social engineering tricks. Your last line of defense is a sound scheme for performing and retaining remote backups and the use of dependable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Susceptibility Review in Campinas
For pricing details and to find out more about how Progent's ProSight Ransomware Readiness Consultation can enhance your defense against crypto-ransomware in Campinas, phone Progent at 800-462-8800 or visit Contact Progent.