Ransomware has been weaponized by the major cyber-crime organizations and malicious governments, posing a possibly lethal threat to companies that fall victim. Current strains of ransomware go after everything, including online backup, making even selective restoration a challenging and costly exercise. New variations of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Egregor have emerged, replacing WannaCry, Spora, and CryptoWall in notoriety, elaborateness, and destructiveness.
Most ransomware infections come from innocent-seeming emails that have malicious links or attachments, and many are so-called "zero-day" strains that elude detection by legacy signature-matching antivirus (AV) filters. While user education and up-front detection are important to protect against ransomware, best practices dictate that you take for granted some malware will inevitably get through and that you put in place a solid backup solution that allows you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around an online discussion with a Progent security consultant experienced in ransomware defense and repair. During this assessment Progent will collaborate with your Centennial network managers to collect pertinent data concerning your security configuration and backup processes. Progent will utilize this information to produce a Basic Security and Best Practices Assessment documenting how to apply best practices for configuring and administering your cybersecurity and backup solution to prevent or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report highlights vital issues associated with crypto-ransomware defense and restoration recovery. The report addresses:
- Effective use of admin accounts
- Assigning NTFS and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Safe RDP access
- Advice about AntiVirus tools selection and configuration
The online interview process for the ProSight Ransomware Preparedness Checkup service takes about an hour for a typical small business and requires more time for bigger or more complicated environments. The report document contains recommendations for enhancing your ability to ward off or clean up after a ransomware incident and Progent can provide on-demand consulting services to help you and your IT staff to design and deploy an efficient cybersecurity/backup solution tailored to your specific needs.
- Split permission model for backup integrity
- Protecting critical servers such as AD
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or deletes a victim's files so they cannot be used or are publicized. Ransomware often locks the target's computer. To avoid the carnage, the victim is asked to send a specified amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short time window. It is not guaranteed that delivering the extortion price will restore the damaged data or prevent its exposure to the public. Files can be altered or erased across a network depending on the victim's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the hostage files. A typical ransomware delivery package is tainted email, in which the target is tricked into responding to by means of a social engineering technique called spear phishing. This causes the email to look as though it came from a familiar source. Another common vulnerability is a poorly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the modern era of ransomware in 2013, and the damage caused by different strains of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Famous examples are Locky, and NotPetya. Recent headline threats like Ryuk, Sodinokibi and Cerber are more complex and have wreaked more havoc than earlier versions. Even if your backup/recovery processes permit your business to restore your encrypted data, you can still be threatened by so-called exfiltration, where stolen data are exposed to the public. Because additional versions of ransomware are launched daily, there is no guarantee that conventional signature-based anti-virus tools will detect the latest attack. If an attack does appear in an email, it is critical that your users have been taught to be aware of social engineering tricks. Your ultimate protection is a sound scheme for performing and keeping offsite backups plus the use of dependable restoration tools.
Contact Progent About the ProSight Ransomware Readiness Checkup in Centennial
For pricing information and to learn more about how Progent's ProSight Ransomware Susceptibility Report can enhance your defense against crypto-ransomware in Centennial, call Progent at 800-462-8800 or visit Contact Progent.