Ransomware has been weaponized by cybercriminals and bad-actor states, representing a potentially existential risk to companies that fall victim. Current strains of ransomware target everything, including backup, making even selective recovery a complex and expensive process. New strains of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Egregor have emerged, displacing WannaCry, TeslaCrypt, and NotPetya in prominence, sophistication, and destructiveness.
90% of crypto-ransomware penetrations are the result of innocent-looking emails that include malicious hyperlinks or file attachments, and a high percentage are "zero-day" strains that elude the defenses of traditional signature-based antivirus (AV) tools. Although user training and frontline identification are important to defend your network against ransomware, leading practices dictate that you expect that some attacks will eventually succeed and that you deploy a solid backup mechanism that permits you to recover quickly with minimal damage.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service centered around a remote discussion with a Progent security consultant experienced in ransomware protection and repair. During this assessment Progent will cooperate with your Campinas IT management staff to gather pertinent information about your cybersecurity posture and backup processes. Progent will utilize this data to create a Basic Security and Best Practices Report detailing how to adhere to leading practices for configuring and managing your cybersecurity and backup solution to block or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights key issues associated with ransomware prevention and restoration recovery. The review addresses:
- Effective use of admin accounts
- Correct NTFS (New Technology File System) and SMB permissions
- Proper firewall configuration
- Secure Remote Desktop Protocol access
- Recommend AntiVirus filtering selection and configuration
The online interview process for the ProSight Ransomware Preparedness Report service lasts about one hour for the average small business and requires more time for larger or more complex IT environments. The written report contains suggestions for enhancing your ability to ward off or recover from a ransomware attack and Progent can provide on-demand consulting services to help your business to design and deploy an efficient security/data backup system customized for your specific needs.
- Split permission model for backup integrity
- Backing up key servers including AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or steals files so they cannot be used or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To prevent the damage, the target is asked to send a specified amount of money, usually in the form of a crypto currency such as Bitcoin, within a brief time window. There is no guarantee that delivering the ransom will recover the damaged files or prevent its exposure to the public. Files can be altered or erased throughout a network depending on the target's write permissions, and you cannot break the strong encryption algorithms used on the hostage files. A typical ransomware attack vector is booby-trapped email, in which the target is tricked into responding to by a social engineering technique known as spear phishing. This causes the email to appear to come from a familiar source. Another common attack vector is a poorly protected RDP port.
CryptoLocker ushered in the modern era of ransomware in 2013, and the damage caused by different strains of ransomware is estimated at billions of dollars per year, more than doubling every other year. Notorious attacks include Locky, and Petya. Current headline threats like Ryuk, Maze and Spora are more complex and have wreaked more havoc than earlier versions. Even if your backup procedures permit you to restore your encrypted files, you can still be hurt by so-called exfiltration, where ransomed documents are made public (known as "doxxing"). Because new variants of ransomware are launched daily, there is no certainty that conventional signature-matching anti-virus filters will detect a new attack. If threat does appear in an email, it is important that your end users have learned to identify social engineering techniques. Your last line of protection is a sound process for scheduling and retaining remote backups plus the use of dependable restoration tools.
Ask Progent About the ProSight Ransomware Preparedness Report in Campinas
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Susceptibility Assessment can bolster your protection against crypto-ransomware in Campinas, phone Progent at 800-462-8800 or see Contact Progent.