Ransomware has become the weapon of choice for cyber extortionists and malicious governments, representing a potentially lethal threat to businesses that are victimized. Current versions of ransomware go after all vulnerable resources, including backup, making even selective restoration a long and expensive exercise. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Lockbit and Nephilim have made the headlines, displacing WannaCry, Spora, and CryptoWall in notoriety, elaborateness, and destructive impact.
90% of ransomware infections are caused by innocuous-looking emails that have malicious links or file attachments, and a high percentage are so-called "zero-day" attacks that elude detection by traditional signature-matching antivirus (AV) filters. Although user training and up-front identification are critical to defend your network against ransomware attacks, leading practices demand that you expect that some malware will inevitably succeed and that you put in place a solid backup mechanism that allows you to repair the damage rapidly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service centered around an online interview with a Progent security expert experienced in ransomware defense and recovery. During this assessment Progent will collaborate with your Charleston IT managers to gather critical data concerning your security profile and backup environment. Progent will use this information to generate a Basic Security and Best Practices Assessment detailing how to apply leading practices for configuring and managing your cybersecurity and backup systems to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report focuses on vital issues related to crypto-ransomware prevention and restoration recovery. The review covers:
- Proper use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall settings
- Secure RDP configuration
- Recommend AntiVirus tools selection and configuration
The remote interview process for the ProSight Ransomware Preparedness Report service lasts about an hour for the average small company and longer for larger or more complex environments. The written report contains recommendations for improving your ability to block or recover from a ransomware assault and Progent can provide as-needed consulting services to assist your business to design and deploy an efficient cybersecurity/backup system customized for your specific needs.
- Split permission architecture for backup protection
- Protecting critical servers including Active Directory
- Offsite backups including cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or steals files so they cannot be used or are made publicly available. Ransomware often locks the target's computer. To prevent the damage, the target is asked to pay a specified amount of money (the ransom), usually in the form of a crypto currency like Bitcoin, within a brief time window. It is never certain that delivering the ransom will restore the lost files or prevent its publication. Files can be encrypted or erased across a network based on the victim's write permissions, and you cannot reverse engineer the military-grade encryption technologies used on the compromised files. A common ransomware delivery package is tainted email, in which the user is lured into responding to by means of a social engineering exploit called spear phishing. This makes the email to look as though it came from a familiar sender. Another common attack vector is a poorly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses caused by the many versions of ransomware is estimated at billions of dollars per year, more than doubling every other year. Famous attacks include Locky, and NotPetya. Recent high-profile threats like Ryuk, Maze and CryptoWall are more elaborate and have caused more damage than earlier versions. Even if your backup procedures permit you to recover your encrypted data, you can still be threatened by so-called exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because additional variants of ransomware are launched daily, there is no certainty that traditional signature-based anti-virus tools will detect the latest malware. If an attack does show up in an email, it is critical that your end users have been taught to identify social engineering techniques. Your ultimate protection is a solid process for scheduling and retaining remote backups plus the deployment of dependable restoration tools.
Ask Progent About the ProSight Crypto-Ransomware Readiness Report in Charleston
For pricing information and to find out more about how Progent's ProSight Ransomware Susceptibility Testing can enhance your defense against ransomware in Charleston, call Progent at 800-993-9400 or visit Contact Progent.