Ransomware has been weaponized by cybercriminals and malicious states, representing a possibly existential risk to companies that are victimized. Current variations of ransomware target everything, including online backup, making even selective recovery a challenging and costly process. Novel strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Nephilim have made the headlines, displacing Locky, Spora, and Petya in prominence, sophistication, and destructive impact.
Most ransomware infections are the result of innocent-looking emails with malicious links or attachments, and a high percentage are so-called "zero-day" attacks that elude the defenses of legacy signature-matching antivirus filters. Although user education and up-front identification are critical to defend your network against ransomware, leading practices dictate that you assume some malware will inevitably get through and that you deploy a strong backup solution that enables you to repair the damage quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service built around an online interview with a Progent cybersecurity consultant skilled in ransomware protection and recovery. During this interview Progent will collaborate with your Charlotte IT management staff to collect critical data about your cybersecurity profile and backup environment. Progent will use this data to generate a Basic Security and Best Practices Assessment detailing how to apply leading practices for configuring and managing your cybersecurity and backup systems to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights vital areas related to crypto-ransomware defense and restoration recovery. The report addresses:
- Effective allocation and use of admin accounts
- Assigning NTFS and SMB (Server Message Block) permissions
- Proper firewall setup
- Safe Remote Desktop Protocol configuration
- Guidance for AntiVirus (AV) tools identification and configuration
The remote interview process for the ProSight Ransomware Vulnerability Report service takes about an hour for the average small company and requires more time for larger or more complicated environments. The report document contains recommendations for enhancing your ability to block or clean up after a ransomware assault and Progent can provide on-demand consulting services to help you to design and deploy an efficient cybersecurity/backup system tailored to your specific requirements.
- Split permission architecture for backup integrity
- Backing up critical servers such as AD
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals files so they are unusable or are publicized. Ransomware often locks the victim's computer. To avoid the carnage, the target is asked to pay a certain amount of money (the ransom), typically in the form of a crypto currency such as Bitcoin, within a brief period of time. It is not guaranteed that paying the extortion price will recover the damaged data or prevent its publication. Files can be encrypted or erased throughout a network depending on the victim's write permissions, and you cannot solve the military-grade encryption technologies used on the hostage files. A common ransomware delivery package is booby-trapped email, whereby the user is tricked into interacting with by a social engineering exploit known as spear phishing. This makes the email message to appear to come from a familiar sender. Another popular attack vector is a poorly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the damage caused by the many versions of ransomware is said to be billions of dollars per year, roughly doubling every two years. Famous attacks include Locky, and NotPetya. Current high-profile variants like Ryuk, Sodinokibi and Cerber are more sophisticated and have wreaked more havoc than older strains. Even if your backup processes permit you to restore your encrypted files, you can still be hurt by exfiltration, where stolen data are made public. Because new versions of ransomware crop up daily, there is no certainty that traditional signature-based anti-virus filters will block a new attack. If threat does appear in an email, it is critical that your end users have learned to identify social engineering tricks. Your last line of protection is a solid scheme for performing and retaining offsite backups plus the deployment of dependable recovery platforms.
Ask Progent About the ProSight Ransomware Vulnerability Report in Charlotte
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Testing can enhance your protection against ransomware in Charlotte, phone Progent at 800-462-8800 or see Contact Progent.