Ransomware has become the weapon of choice for cybercriminals and malicious governments, posing a potentially existential threat to companies that are victimized. The latest strains of ransomware target all vulnerable resources, including online backup, making even selective restoration a challenging and expensive process. New variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Conti and Nephilim have emerged, displacing WannaCry, Spora, and NotPetya in notoriety, elaborateness, and destructive impact.
Most crypto-ransomware penetrations come from innocuous-looking emails with dangerous hyperlinks or file attachments, and many are so-called "zero-day" attacks that can escape the defenses of traditional signature-based antivirus (AV) filters. Although user training and frontline identification are important to protect against ransomware, best practices demand that you expect that some malware will inevitably get through and that you implement a solid backup solution that enables you to recover quickly with minimal losses.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service built around a remote discussion with a Progent cybersecurity consultant experienced in ransomware protection and repair. During this interview Progent will work directly with your Chatsworth network management staff to gather pertinent information concerning your cybersecurity setup and backup processes. Progent will utilize this data to produce a Basic Security and Best Practices Report documenting how to adhere to leading practices for implementing and managing your cybersecurity and backup systems to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights vital areas related to crypto-ransomware defense and restoration recovery. The review addresses:
- Proper use of administration accounts
- Correct NTFS and SMB (Server Message Block) authorizations
- Proper firewall setup
- Secure RDP configuration
- Recommend AntiVirus (AV) tools selection and configuration
The online interview for the ProSight Ransomware Preparedness Checkup service takes about an hour for a typical small company and longer for bigger or more complex environments. The written report includes recommendations for enhancing your ability to ward off or clean up after a ransomware attack and Progent can provide on-demand consulting services to assist you to design and deploy an efficient cybersecurity/data backup solution tailored to your business needs.
- Split permission model for backup protection
- Backing up required servers including Active Directory
- Offsite backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the victim's computer. To avoid the carnage, the target is required to send a certain ransom, typically in the form of a crypto currency such as Bitcoin, within a short time window. There is no guarantee that paying the extortion price will recover the damaged files or avoid its exposure to the public. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot break the strong encryption technologies used on the compromised files. A common ransomware delivery package is booby-trapped email, whereby the target is lured into responding to by means of a social engineering technique called spear phishing. This makes the email to appear to come from a familiar source. Another popular attack vector is a poorly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the monetary losses caused by different versions of ransomware is said to be billions of dollars per year, roughly doubling every other year. Notorious examples are Locky, and Petya. Recent headline threats like Ryuk, Maze and Cerber are more elaborate and have wreaked more havoc than earlier strains. Even if your backup procedures permit you to recover your ransomed data, you can still be threatened by so-called exfiltration, where ransomed data are made public. Because additional versions of ransomware are launched daily, there is no certainty that traditional signature-based anti-virus filters will detect a new attack. If threat does appear in an email, it is important that your end users have learned to identify social engineering techniques. Your last line of protection is a solid process for scheduling and keeping offsite backups and the use of reliable recovery platforms.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Report in Chatsworth
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Preparedness Testing can bolster your defense against ransomware in Chatsworth, phone Progent at 800-462-8800 or see Contact Progent.