Ransomware has been widely adopted by cyber extortionists and malicious governments, posing a potentially existential risk to companies that fall victim. Current strains of crypto-ransomware go after everything, including backup, making even partial recovery a complex and expensive exercise. Novel variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Egregor have made the headlines, replacing WannaCry, Cerber, and Petya in notoriety, elaborateness, and destructive impact.
90% of crypto-ransomware penetrations are the result of innocent-seeming emails that have dangerous hyperlinks or attachments, and a high percentage are "zero-day" attacks that elude detection by legacy signature-matching antivirus (AV) tools. While user education and frontline identification are important to protect against ransomware, best practices demand that you assume some attacks will inevitably get through and that you put in place a solid backup solution that allows you to repair the damage quickly with minimal losses.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around a remote discussion with a Progent security consultant experienced in ransomware protection and recovery. In the course of this assessment Progent will work directly with your Centennial IT managers to collect critical information concerning your security setup and backup environment. Progent will use this information to produce a Basic Security and Best Practices Report documenting how to adhere to leading practices for configuring and managing your security and backup systems to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights vital issues related to crypto-ransomware prevention and restoration recovery. The report addresses:
- Effective use of admin accounts
- Correct NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall configuration
- Secure Remote Desktop Protocol configuration
- Recommend AntiVirus (AV) tools identification and deployment
The online interview included with the ProSight Ransomware Preparedness Checkup service takes about one hour for the average small business and longer for larger or more complex environments. The report document includes suggestions for enhancing your ability to block or recover from a ransomware attack and Progent offers on-demand expertise to assist your business to design and deploy an efficient security/data backup system customized for your business requirements.
- Split permission model for backup integrity
- Protecting required servers such as AD
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or deletes files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the target's computer. To avoid the carnage, the target is asked to pay a certain amount of money (the ransom), usually in the form of a crypto currency such as Bitcoin, within a short time window. It is never certain that delivering the extortion price will recover the damaged data or prevent its publication. Files can be altered or deleted across a network depending on the target's write permissions, and you cannot solve the military-grade encryption technologies used on the hostage files. A typical ransomware delivery package is tainted email, in which the victim is lured into interacting with by a social engineering technique called spear phishing. This causes the email message to look as though it came from a trusted source. Another common vulnerability is a poorly protected RDP port.
The ransomware variant CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage caused by the many strains of ransomware is estimated at billions of dollars annually, roughly doubling every two years. Notorious examples include WannaCry, and Petya. Current headline threats like Ryuk, Sodinokibi and Spora are more complex and have wreaked more havoc than older strains. Even if your backup/recovery processes allow you to recover your encrypted data, you can still be threatened by so-called exfiltration, where stolen documents are made public. Because additional variants of ransomware crop up daily, there is no certainty that conventional signature-based anti-virus tools will block a new attack. If threat does show up in an email, it is critical that your end users have learned to be aware of social engineering tricks. Your ultimate protection is a solid scheme for scheduling and keeping remote backups plus the use of dependable recovery tools.
Contact Progent About the ProSight Ransomware Preparedness Evaluation in Centennial
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Review can enhance your defense against crypto-ransomware in Centennial, phone Progent at 800-462-8800 or see Contact Progent.