Ransomware has been weaponized by cyber extortionists and malicious states, posing a potentially lethal risk to companies that fall victim. Modern variations of ransomware target all vulnerable resources, including backup, making even partial recovery a complex and costly process. Novel variations of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Egregor have made the headlines, displacing Locky, TeslaCrypt, and NotPetya in prominence, elaborateness, and destructive impact.
90% of ransomware infections are caused by innocuous-seeming emails that include dangerous hyperlinks or attachments, and a high percentage are so-called "zero-day" strains that elude detection by traditional signature-based antivirus (AV) filters. Although user training and up-front identification are important to defend your network against ransomware attacks, leading practices dictate that you take for granted some attacks will inevitably get through and that you deploy a strong backup solution that enables you to repair the damage rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service centered around a remote interview with a Progent cybersecurity consultant experienced in ransomware defense and recovery. In the course of this interview Progent will cooperate directly with your Chandler network managers to collect pertinent data about your security setup and backup processes. Progent will use this data to produce a Basic Security and Best Practices Assessment detailing how to adhere to best practices for implementing and managing your cybersecurity and backup solution to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Report focuses on key areas related to crypto-ransomware defense and restoration recovery. The report covers:
- Correct allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Secure RDP access
- Recommend AntiVirus (AV) filtering identification and deployment
The remote interview for the ProSight Ransomware Vulnerability Assessment service lasts about one hour for a typical small business network and requires more time for bigger or more complicated environments. The report document includes recommendations for improving your ability to block or clean up after a ransomware attack and Progent offers as-needed expertise to assist your business to create an efficient cybersecurity/backup solution tailored to your business needs.
- Split permission model for backup protection
- Protecting required servers such as AD
- Geographically dispersed backups including cloud backup to Microsoft Azure
Ransomware is a type of malware that encrypts or deletes a victim's files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the target's computer. To prevent the damage, the victim is required to send a specified amount of money, usually in the form of a crypto currency such as Bitcoin, within a brief time window. It is not guaranteed that paying the ransom will recover the lost files or avoid its publication. Files can be altered or deleted across a network depending on the target's write permissions, and you cannot break the military-grade encryption technologies used on the hostage files. A typical ransomware delivery package is spoofed email, in which the target is lured into interacting with by a social engineering technique called spear phishing. This makes the email message to look as though it came from a familiar source. Another common attack vector is an improperly protected RDP port.
CryptoLocker opened the modern era of ransomware in 2013, and the damage caused by the many strains of ransomware is said to be billions of dollars annually, roughly doubling every other year. Famous attacks are Locky, and Petya. Current high-profile variants like Ryuk, Maze and CryptoWall are more elaborate and have wreaked more havoc than older strains. Even if your backup processes enable your business to recover your encrypted data, you can still be threatened by so-called exfiltration, where ransomed documents are made public (known as "doxxing"). Because additional versions of ransomware are launched daily, there is no certainty that conventional signature-matching anti-virus tools will detect a new attack. If threat does show up in an email, it is important that your end users have been taught to identify phishing techniques. Your last line of defense is a solid process for scheduling and retaining offsite backups plus the use of reliable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Susceptibility Review in Chandler
For pricing information and to learn more about how Progent's ProSight Ransomware Vulnerability Testing can enhance your defense against ransomware in Chandler, call Progent at 800-993-9400 or visit Contact Progent.