Ransomware has been weaponized by the major cyber-crime organizations and bad-actor governments, posing a potentially existential risk to companies that are victimized. The latest variations of crypto-ransomware target all vulnerable resources, including online backup, making even selective recovery a long and costly exercise. New versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Nephilim have made the headlines, displacing Locky, Cerber, and NotPetya in prominence, sophistication, and destructive impact.
90% of crypto-ransomware breaches are the result of innocent-looking emails that include malicious hyperlinks or file attachments, and many are "zero-day" attacks that can escape the defenses of traditional signature-matching antivirus (AV) filters. Although user education and up-front identification are important to protect against ransomware, leading practices dictate that you take for granted some attacks will inevitably get through and that you prepare a strong backup solution that permits you to repair the damage rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Checkup is an ultra-affordable service centered around a remote discussion with a Progent cybersecurity expert skilled in ransomware defense and recovery. In the course of this assessment Progent will collaborate directly with your Chattanooga network managers to collect pertinent data about your cybersecurity configuration and backup processes. Progent will utilize this data to create a Basic Security and Best Practices Report detailing how to follow best practices for implementing and managing your cybersecurity and backup systems to block or clean up after a crypto-ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights vital issues related to crypto-ransomware defense and restoration recovery. The report addresses:
- Proper use of admin accounts
- Assigning NTFS and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Safe Remote Desktop Protocol (RDP) access
- Guidance for AntiVirus (AV) filtering selection and configuration
The online interview process for the ProSight Ransomware Preparedness Report service lasts about an hour for a typical small company and requires more time for larger or more complicated IT environments. The report document features recommendations for enhancing your ability to ward off or recover from a ransomware assault and Progent can provide on-demand consulting services to help your business to create an efficient cybersecurity/data backup solution tailored to your specific needs.
- Split permission model for backup integrity
- Backing up key servers including Active Directory
- Geographically dispersed backups including cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or deletes files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the target's computer. To prevent the carnage, the target is required to send a specified amount of money, usually in the form of a crypto currency such as Bitcoin, within a brief period of time. It is never certain that paying the extortion price will recover the damaged files or avoid its publication. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot solve the military-grade encryption algorithms used on the compromised files. A typical ransomware attack vector is spoofed email, in which the victim is lured into responding to by a social engineering exploit known as spear phishing. This makes the email message to appear to come from a familiar source. Another popular attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the modern era of crypto-ransomware in 2013, and the damage attributed to by the many strains of ransomware is said to be billions of dollars per year, more than doubling every two years. Notorious attacks include Locky, and NotPetya. Current headline threats like Ryuk, Sodinokibi and TeslaCrypt are more sophisticated and have wreaked more damage than older strains. Even if your backup/recovery processes allow your business to restore your encrypted data, you can still be threatened by so-called exfiltration, where stolen documents are made public. Because additional versions of ransomware are launched every day, there is no guarantee that traditional signature-matching anti-virus tools will detect a new malware. If threat does show up in an email, it is important that your users have learned to be aware of phishing techniques. Your ultimate defense is a sound process for scheduling and retaining remote backups and the use of reliable restoration tools.
Contact Progent About the ProSight Ransomware Readiness Consultation in Chattanooga
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Evaluation can enhance your defense against crypto-ransomware in Chattanooga, call Progent at 800-462-8800 or visit Contact Progent.