Ransomware has been weaponized by cyber extortionists and bad-actor states, representing a possibly lethal risk to companies that fall victim. Modern versions of crypto-ransomware go after all vulnerable resources, including online backup, making even partial recovery a complex and expensive process. Novel strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Snatch and Nephilim have emerged, displacing WannaCry, Cerber, and CryptoWall in prominence, elaborateness, and destructiveness.
90% of ransomware infections are the result of innocuous-seeming emails that have dangerous links or attachments, and a high percentage are "zero-day" attacks that can escape detection by traditional signature-matching antivirus tools. Although user training and frontline identification are important to protect against ransomware, leading practices dictate that you expect that some attacks will inevitably succeed and that you deploy a strong backup mechanism that permits you to recover rapidly with little if any damage.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service built around a remote interview with a Progent security expert experienced in ransomware protection and repair. In the course of this assessment Progent will collaborate directly with your Centennial IT managers to gather pertinent information about your security configuration and backup environment. Progent will utilize this data to produce a Basic Security and Best Practices Report detailing how to apply leading practices for configuring and managing your security and backup solution to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights vital areas related to ransomware defense and restoration recovery. The report covers:
- Effective use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Proper firewall settings
- Safe RDP configuration
- Advice about AntiVirus filtering selection and configuration
The online interview included with the ProSight Ransomware Vulnerability Report service lasts about one hour for the average small business and longer for larger or more complex environments. The report document includes recommendations for improving your ability to ward off or recover from a ransomware assault and Progent can provide on-demand consulting services to help you to create a cost-effective cybersecurity/backup solution tailored to your specific needs.
- Split permission model for backup protection
- Backing up key servers such as Active Directory
- Offsite backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they are unusable or are publicized. Crypto-ransomware sometimes locks the target's computer. To avoid the carnage, the victim is required to pay a specified ransom, typically in the form of a crypto currency like Bitcoin, within a brief time window. It is never certain that paying the extortion price will recover the damaged data or prevent its publication. Files can be altered or erased across a network depending on the victim's write permissions, and you cannot break the military-grade encryption algorithms used on the hostage files. A typical ransomware attack vector is tainted email, in which the victim is lured into responding to by means of a social engineering technique called spear phishing. This makes the email to look as though it came from a familiar source. Another common vulnerability is a poorly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the new age of crypto-ransomware in 2013, and the damage caused by different versions of ransomware is estimated at billions of dollars per year, more than doubling every other year. Notorious attacks are Locky, and Petya. Recent headline variants like Ryuk, Sodinokibi and Cerber are more elaborate and have caused more havoc than earlier strains. Even if your backup procedures allow you to restore your ransomed files, you can still be hurt by exfiltration, where stolen documents are exposed to the public. Because additional versions of ransomware are launched every day, there is no certainty that traditional signature-matching anti-virus filters will detect the latest attack. If an attack does appear in an email, it is critical that your end users have been taught to identify phishing tricks. Your last line of defense is a sound process for performing and retaining remote backups and the deployment of dependable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Susceptibility Review in Centennial
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Vulnerability Testing can enhance your defense against ransomware in Centennial, call Progent at 800-462-8800 or see Contact Progent.