Ransomware has been weaponized by cyber extortionists and malicious governments, representing a potentially existential risk to businesses that are successfully attacked. The latest strains of crypto-ransomware go after everything, including online backup, making even partial recovery a long and costly process. New variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Egregor have emerged, displacing WannaCry, Cerber, and NotPetya in prominence, elaborateness, and destructiveness.
Most crypto-ransomware infections are caused by innocuous-seeming emails with dangerous links or attachments, and many are so-called "zero-day" attacks that elude the defenses of legacy signature-matching antivirus tools. Although user education and frontline detection are critical to defend your network against ransomware, best practices dictate that you take for granted some malware will inevitably succeed and that you prepare a solid backup mechanism that allows you to recover rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service centered around an online interview with a Progent cybersecurity consultant experienced in ransomware protection and repair. During this interview Progent will collaborate directly with your Campinas network managers to gather pertinent information about your security profile and backup processes. Progent will use this data to create a Basic Security and Best Practices Report documenting how to apply leading practices for configuring and administering your security and backup solution to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas associated with ransomware defense and restoration recovery. The report addresses:
- Effective use of administration accounts
- Assigning NTFS and SMB permissions
- Optimal firewall setup
- Secure Remote Desktop Protocol (RDP) access
- Advice about AntiVirus filtering selection and configuration
The remote interview process included with the ProSight Ransomware Preparedness Assessment service takes about one hour for the average small business and longer for larger or more complicated environments. The report document includes suggestions for enhancing your ability to ward off or recover from a ransomware assault and Progent can provide on-demand expertise to assist your business to design and deploy a cost-effective security/backup system customized for your business needs.
- Split permission architecture for backup protection
- Backing up key servers including Active Directory
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or deletes files so they cannot be used or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To prevent the damage, the victim is asked to send a certain ransom, usually in the form of a crypto currency such as Bitcoin, within a short period of time. It is not guaranteed that delivering the ransom will restore the damaged data or avoid its publication. Files can be altered or deleted throughout a network based on the target's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the hostage files. A typical ransomware attack vector is spoofed email, in which the target is tricked into interacting with by a social engineering technique known as spear phishing. This makes the email to appear to come from a trusted sender. Another popular vulnerability is an improperly protected RDP port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses attributed to by the many versions of ransomware is estimated at billions of dollars annually, more than doubling every two years. Notorious attacks include WannaCry, and NotPetya. Recent headline threats like Ryuk, DoppelPaymer and TeslaCrypt are more sophisticated and have wreaked more damage than earlier versions. Even if your backup/recovery processes allow you to recover your encrypted files, you can still be threatened by exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because new variants of ransomware crop up daily, there is no certainty that conventional signature-matching anti-virus tools will block the latest malware. If an attack does appear in an email, it is critical that your users have been taught to identify phishing techniques. Your ultimate protection is a sound process for scheduling and keeping remote backups plus the deployment of reliable recovery platforms.
Contact Progent About the ProSight Crypto-Ransomware Susceptibility Report in Campinas
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Testing can enhance your defense against crypto-ransomware in Campinas, call Progent at 800-462-8800 or see Contact Progent.