Ransomware has been weaponized by the major cyber-crime organizations and rogue states, posing a potentially existential threat to businesses that are successfully attacked. Modern strains of ransomware target all vulnerable resources, including backup, making even selective restoration a long and expensive process. Novel versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Conti and Nephilim have emerged, replacing WannaCry, Cerber, and CryptoWall in notoriety, elaborateness, and destructive impact.
90% of crypto-ransomware breaches are the result of innocuous-seeming emails that include malicious links or file attachments, and many are so-called "zero-day" attacks that can escape the defenses of traditional signature-matching antivirus (AV) tools. While user training and frontline detection are important to defend against ransomware attacks, best practices dictate that you expect that some attacks will inevitably succeed and that you implement a strong backup solution that permits you to recover rapidly with minimal losses.
Progent's ProSight Ransomware Vulnerability Report is an ultra-affordable service centered around an online interview with a Progent cybersecurity expert experienced in ransomware defense and recovery. In the course of this assessment Progent will work directly with your Chandler IT management staff to gather pertinent information about your security posture and backup processes. Progent will utilize this information to produce a Basic Security and Best Practices Report detailing how to follow best practices for implementing and administering your security and backup systems to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report focuses on key areas related to crypto-ransomware defense and restoration recovery. The report covers:
- Effective allocation and use of administration accounts
- Appropriate NTFS and SMB (Server Message Block) authorizations
- Optimal firewall settings
- Secure Remote Desktop Protocol (RDP) access
- Advice about AntiVirus (AV) tools identification and deployment
The remote interview process included with the ProSight Ransomware Vulnerability Checkup service lasts about an hour for a typical small company and requires more time for larger or more complex IT environments. The written report contains suggestions for enhancing your ability to block or recover from a ransomware incident and Progent offers as-needed expertise to assist you and your IT staff to create a cost-effective cybersecurity/backup system customized for your specific requirements.
- Split permission model for backup integrity
- Protecting key servers such as AD
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or deletes files so they are unusable or are publicized. Crypto-ransomware sometimes locks the victim's computer. To prevent the carnage, the target is required to pay a certain amount of money, usually in the form of a crypto currency like Bitcoin, within a brief period of time. It is not guaranteed that delivering the extortion price will restore the damaged files or prevent its exposure to the public. Files can be encrypted or erased throughout a network depending on the victim's write permissions, and you cannot break the military-grade encryption algorithms used on the compromised files. A typical ransomware attack vector is spoofed email, in which the target is lured into interacting with by means of a social engineering exploit known as spear phishing. This makes the email message to appear to come from a trusted source. Another common attack vector is an improperly secured RDP port.
CryptoLocker ushered in the modern era of ransomware in 2013, and the damage caused by the many strains of ransomware is said to be billions of dollars per year, more than doubling every two years. Famous attacks are WannaCry, and NotPetya. Current high-profile threats like Ryuk, DoppelPaymer and TeslaCrypt are more complex and have wreaked more havoc than earlier versions. Even if your backup/recovery processes enable you to restore your encrypted data, you can still be hurt by exfiltration, where ransomed documents are exposed to the public (known as "doxxing"). Because additional variants of ransomware crop up every day, there is no guarantee that traditional signature-matching anti-virus tools will detect a new attack. If an attack does show up in an email, it is critical that your end users have been taught to identify social engineering tricks. Your ultimate defense is a sound scheme for performing and retaining offsite backups plus the use of reliable restoration tools.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Testing in Chandler
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Susceptibility Checkup can enhance your defense against crypto-ransomware in Chandler, call Progent at 800-462-8800 or see Contact Progent.