Ransomware has been widely adopted by cybercriminals and rogue governments, posing a possibly existential risk to companies that are breached. Current variations of crypto-ransomware go after all vulnerable resources, including online backup, making even selective restoration a complex and costly exercise. Novel strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Lockbit and Nephilim have made the headlines, replacing WannaCry, Cerber, and Petya in notoriety, elaborateness, and destructive impact.
90% of ransomware penetrations come from innocent-looking emails with dangerous links or file attachments, and many are so-called "zero-day" attacks that can escape detection by legacy signature-based antivirus filters. While user training and frontline detection are important to protect against ransomware, leading practices dictate that you expect that some attacks will inevitably get through and that you put in place a solid backup mechanism that allows you to restore files and services rapidly with little if any damage.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service built around an online interview with a Progent cybersecurity expert experienced in ransomware protection and recovery. During this interview Progent will cooperate with your Chandler network management staff to collect pertinent data concerning your security profile and backup processes. Progent will utilize this data to create a Basic Security and Best Practices Assessment detailing how to adhere to leading practices for implementing and administering your security and backup solution to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report highlights key areas associated with crypto-ransomware prevention and restoration recovery. The report covers:
- Correct allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB permissions
- Proper firewall settings
- Secure RDP configuration
- Advice about AntiVirus filtering selection and configuration
The remote interview process for the ProSight Ransomware Vulnerability Assessment service takes about one hour for a typical small business and requires more time for larger or more complex environments. The written report features recommendations for improving your ability to ward off or clean up after a ransomware assault and Progent can provide as-needed expertise to help you to design and deploy an efficient cybersecurity/data backup solution customized for your specific requirements.
- Split permission architecture for backup integrity
- Backing up critical servers such as AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they are unusable or are publicized. Crypto-ransomware often locks the victim's computer. To prevent the damage, the victim is required to send a certain ransom, usually via a crypto currency such as Bitcoin, within a short period of time. There is no guarantee that delivering the extortion price will restore the lost files or prevent its exposure to the public. Files can be altered or erased throughout a network depending on the target's write permissions, and you cannot break the strong encryption technologies used on the compromised files. A typical ransomware delivery package is spoofed email, in which the victim is lured into interacting with by means of a social engineering exploit called spear phishing. This makes the email to look as though it came from a trusted sender. Another popular vulnerability is a poorly protected RDP port.
CryptoLocker ushered in the modern era of ransomware in 2013, and the damage attributed to by the many versions of ransomware is estimated at billions of dollars annually, roughly doubling every two years. Famous examples include Locky, and NotPetya. Current headline variants like Ryuk, DoppelPaymer and Spora are more elaborate and have wreaked more havoc than earlier versions. Even if your backup procedures allow your business to restore your encrypted files, you can still be hurt by exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new versions of ransomware are launched daily, there is no guarantee that conventional signature-based anti-virus tools will detect the latest attack. If an attack does appear in an email, it is important that your end users have learned to identify social engineering techniques. Your last line of protection is a solid process for scheduling and keeping offsite backups plus the deployment of reliable restoration tools.
Ask Progent About the ProSight Ransomware Readiness Testing in Chandler
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Consultation can bolster your protection against ransomware in Chandler, phone Progent at 800-462-8800 or visit Contact Progent.