Ransomware has been widely adopted by cybercriminals and rogue states, representing a possibly existential risk to companies that are breached. Current strains of crypto-ransomware target all vulnerable resources, including backup, making even partial recovery a challenging and expensive process. Novel strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Egregor have emerged, displacing WannaCry, TeslaCrypt, and CryptoWall in notoriety, sophistication, and destructive impact.
Most ransomware breaches are caused by innocent-looking emails that have dangerous links or attachments, and a high percentage are so-called "zero-day" variants that can escape the defenses of legacy signature-based antivirus tools. While user training and frontline detection are important to defend your network against ransomware, leading practices dictate that you assume some attacks will inevitably succeed and that you implement a solid backup solution that allows you to restore files and services quickly with minimal damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service built around an online discussion with a Progent security expert experienced in ransomware defense and recovery. In the course of this assessment Progent will work with your Chatsworth network management staff to gather pertinent data concerning your cybersecurity setup and backup processes. Progent will use this information to generate a Basic Security and Best Practices Report documenting how to follow leading practices for implementing and administering your security and backup systems to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report focuses on key issues associated with crypto-ransomware prevention and restoration recovery. The report covers:
- Correct allocation and use of administration accounts
- Assigning NTFS and SMB (Server Message Block) authorizations
- Proper firewall settings
- Secure RDP access
- Guidance for AntiVirus (AV) filtering identification and deployment
The remote interview included with the ProSight Ransomware Vulnerability Report service takes about an hour for the average small business network and requires more time for larger or more complicated IT environments. The report document contains recommendations for enhancing your ability to block or clean up after a ransomware incident and Progent can provide on-demand consulting services to assist you to design and deploy an efficient cybersecurity/data backup solution customized for your specific needs.
- Split permission model for backup integrity
- Protecting key servers including AD
- Offsite backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or deletes files so they are unusable or are publicized. Ransomware sometimes locks the target's computer. To avoid the carnage, the target is required to send a specified amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a short period of time. It is not guaranteed that paying the ransom will recover the damaged files or prevent its exposure to the public. Files can be encrypted or deleted throughout a network based on the target's write permissions, and you cannot break the military-grade encryption algorithms used on the hostage files. A common ransomware attack vector is spoofed email, whereby the victim is lured into interacting with by a social engineering technique known as spear phishing. This causes the email message to appear to come from a familiar source. Another common vulnerability is a poorly secured Remote Desktop Protocol port.
CryptoLocker opened the new age of crypto-ransomware in 2013, and the damage caused by different strains of ransomware is said to be billions of dollars annually, roughly doubling every other year. Famous examples are Locky, and NotPetya. Current high-profile threats like Ryuk, Maze and CryptoWall are more elaborate and have caused more damage than earlier strains. Even if your backup/recovery processes enable your business to recover your ransomed files, you can still be threatened by exfiltration, where stolen data are made public. Because new versions of ransomware crop up every day, there is no certainty that traditional signature-matching anti-virus filters will block the latest malware. If an attack does appear in an email, it is critical that your users have learned to be aware of phishing tricks. Your ultimate protection is a sound process for performing and keeping offsite backups and the deployment of reliable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Consultation in Chatsworth
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Vulnerability Review can bolster your defense against crypto-ransomware in Chatsworth, phone Progent at 800-462-8800 or visit Contact Progent.