Ransomware has become the weapon of choice for cyber extortionists and bad-actor governments, posing a possibly lethal threat to companies that are victimized. Modern versions of ransomware go after everything, including online backup, making even partial recovery a complex and costly exercise. New variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Snatch and Nephilim have made the headlines, displacing Locky, Cerber, and NotPetya in notoriety, sophistication, and destructiveness.
90% of crypto-ransomware penetrations are the result of innocuous-seeming emails that have dangerous hyperlinks or file attachments, and many are so-called "zero-day" attacks that can escape detection by traditional signature-based antivirus tools. Although user education and frontline identification are critical to defend your network against ransomware, best practices dictate that you assume some malware will inevitably succeed and that you deploy a strong backup solution that permits you to recover quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service centered around an online interview with a Progent security consultant experienced in ransomware protection and recovery. In the course of this assessment Progent will cooperate directly with your Charleston IT management staff to gather pertinent data about your security configuration and backup environment. Progent will use this data to produce a Basic Security and Best Practices Assessment detailing how to follow best practices for configuring and administering your security and backup systems to prevent or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights key issues associated with crypto-ransomware defense and restoration recovery. The report addresses:
- Proper use of administration accounts
- Assigning NTFS and SMB permissions
- Optimal firewall configuration
- Safe Remote Desktop Protocol connections
- Guidance for AntiVirus (AV) tools identification and configuration
The online interview process for the ProSight Ransomware Vulnerability Assessment service takes about one hour for a typical small company and longer for bigger or more complicated IT environments. The written report includes suggestions for enhancing your ability to ward off or recover from a ransomware incident and Progent can provide as-needed expertise to help you and your IT staff to create a cost-effective security/backup solution tailored to your business requirements.
- Split permission architecture for backup integrity
- Protecting key servers including Active Directory
- Geographically dispersed backups including cloud backup to Microsoft Azure
Ransomware is a variety of malware that encrypts or deletes files so they cannot be used or are made publicly available. Ransomware sometimes locks the target's computer. To prevent the damage, the target is required to pay a certain amount of money, typically in the form of a crypto currency such as Bitcoin, within a short period of time. It is not guaranteed that delivering the ransom will recover the lost files or avoid its publication. Files can be altered or erased throughout a network depending on the victim's write permissions, and you cannot solve the strong encryption technologies used on the compromised files. A typical ransomware delivery package is booby-trapped email, whereby the user is tricked into interacting with by means of a social engineering exploit called spear phishing. This makes the email to look as though it came from a trusted source. Another common attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage caused by different versions of ransomware is said to be billions of dollars annually, more than doubling every two years. Notorious attacks are Locky, and NotPetya. Current high-profile threats like Ryuk, Maze and Cerber are more elaborate and have caused more damage than older strains. Even if your backup/recovery processes permit your business to restore your encrypted data, you can still be threatened by exfiltration, where stolen data are made public (known as "doxxing"). Because additional versions of ransomware crop up daily, there is no guarantee that conventional signature-based anti-virus filters will detect the latest malware. If an attack does show up in an email, it is critical that your users have been taught to identify phishing techniques. Your ultimate protection is a sound scheme for performing and keeping offsite backups and the use of dependable recovery platforms.
Contact Progent About the ProSight Ransomware Preparedness Audit in Charleston
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Susceptibility Audit can bolster your protection against ransomware in Charleston, call Progent at 800-462-8800 or visit Contact Progent.