Ransomware has been widely adopted by the major cyber-crime organizations and rogue governments, representing a potentially existential risk to companies that are successfully attacked. Current versions of ransomware go after everything, including backup, making even selective recovery a long and costly exercise. Novel strains of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Egregor have emerged, displacing Locky, Cerber, and CryptoWall in notoriety, elaborateness, and destructiveness.
90% of ransomware breaches are the result of innocent-seeming emails that include dangerous hyperlinks or file attachments, and many are so-called "zero-day" attacks that can escape the defenses of traditional signature-matching antivirus (AV) tools. Although user training and frontline detection are important to defend your network against ransomware, best practices demand that you expect that some malware will eventually get through and that you prepare a strong backup solution that permits you to repair the damage rapidly with little if any losses.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service built around an online discussion with a Progent cybersecurity expert experienced in ransomware protection and recovery. During this interview Progent will work directly with your Centennial IT managers to collect critical data concerning your security setup and backup environment. Progent will utilize this data to produce a Basic Security and Best Practices Report detailing how to apply leading practices for implementing and managing your security and backup systems to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report highlights vital issues related to crypto-ransomware defense and restoration recovery. The report addresses:
- Correct use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Optimal firewall setup
- Safe Remote Desktop Protocol configuration
- Recommend AntiVirus filtering selection and configuration
The online interview process for the ProSight Ransomware Vulnerability Assessment service lasts about an hour for a typical small business network and longer for bigger or more complicated IT environments. The written report includes recommendations for improving your ability to block or clean up after a ransomware assault and Progent offers as-needed expertise to help you and your IT staff to create a cost-effective security/backup solution tailored to your business requirements.
- Split permission architecture for backup protection
- Backing up critical servers including Active Directory
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Crypto-ransomware often locks the target's computer. To avoid the carnage, the target is required to pay a certain amount of money, typically via a crypto currency such as Bitcoin, within a short time window. It is not guaranteed that paying the ransom will recover the damaged files or prevent its exposure to the public. Files can be altered or erased across a network depending on the victim's write permissions, and you cannot break the military-grade encryption algorithms used on the hostage files. A typical ransomware delivery package is spoofed email, in which the user is lured into responding to by a social engineering exploit known as spear phishing. This causes the email message to look as though it came from a trusted source. Another popular vulnerability is a poorly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the monetary losses caused by different versions of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Famous attacks are Locky, and NotPetya. Recent high-profile variants like Ryuk, Sodinokibi and CryptoWall are more complex and have wreaked more damage than earlier versions. Even if your backup/recovery procedures enable your business to restore your encrypted files, you can still be threatened by so-called exfiltration, where stolen data are made public (known as "doxxing"). Because new versions of ransomware crop up daily, there is no guarantee that conventional signature-based anti-virus filters will block a new malware. If an attack does show up in an email, it is critical that your users have learned to be aware of social engineering techniques. Your ultimate defense is a sound scheme for scheduling and keeping offsite backups and the use of reliable recovery tools.
Contact Progent About the ProSight Ransomware Readiness Checkup in Centennial
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Assessment can enhance your defense against ransomware in Centennial, call Progent at 800-462-8800 or see Contact Progent.