Ransomware has been widely adopted by cybercriminals and bad-actor states, representing a potentially existential threat to businesses that fall victim. Current variations of ransomware target everything, including backup, making even selective recovery a complex and costly process. Novel versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, LockBit and Nephilim have made the headlines, displacing WannaCry, Spora, and CryptoWall in notoriety, sophistication, and destructive impact.
Most ransomware infections are the result of innocuous-seeming emails with dangerous links or file attachments, and many are so-called "zero-day" variants that can escape the defenses of traditional signature-matching antivirus filters. While user training and up-front identification are critical to defend against ransomware, best practices dictate that you take for granted some attacks will inevitably get through and that you deploy a strong backup mechanism that allows you to repair the damage quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Checkup is an ultra-affordable service centered around an online discussion with a Progent security expert skilled in ransomware defense and repair. During this interview Progent will collaborate directly with your Chattanooga IT management staff to collect pertinent data about your cybersecurity posture and backup processes. Progent will use this information to generate a Basic Security and Best Practices Report documenting how to apply leading practices for configuring and managing your security and backup systems to prevent or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights key issues associated with crypto-ransomware defense and restoration recovery. The review addresses:
- Proper use of admin accounts
- Assigning NTFS and SMB authorizations
- Optimal firewall setup
- Safe Remote Desktop Protocol configuration
- Recommend AntiVirus (AV) tools identification and deployment
The remote interview process for the ProSight Ransomware Vulnerability Report service lasts about one hour for a typical small business network and requires more time for larger or more complicated environments. The written report features suggestions for enhancing your ability to ward off or recover from a ransomware incident and Progent can provide as-needed consulting services to help you to design and deploy a cost-effective security/backup solution tailored to your business needs.
- Split permission architecture for backup integrity
- Backing up required servers such as AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or steals files so they cannot be used or are made publicly available. Crypto-ransomware often locks the target's computer. To avoid the damage, the target is required to pay a specified amount of money, typically via a crypto currency such as Bitcoin, within a brief time window. It is not guaranteed that paying the extortion price will restore the lost files or prevent its publication. Files can be altered or erased throughout a network depending on the target's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A typical ransomware delivery package is booby-trapped email, whereby the user is tricked into interacting with by means of a social engineering technique known as spear phishing. This makes the email to appear to come from a familiar sender. Another common vulnerability is an improperly secured RDP port.
CryptoLocker opened the new age of ransomware in 2013, and the damage attributed to by different strains of ransomware is said to be billions of dollars annually, roughly doubling every two years. Notorious examples include Locky, and NotPetya. Current headline threats like Ryuk, Sodinokibi and CryptoWall are more complex and have caused more damage than older strains. Even if your backup/recovery processes permit you to restore your ransomed files, you can still be threatened by exfiltration, where ransomed data are made public. Because new variants of ransomware are launched every day, there is no guarantee that conventional signature-based anti-virus filters will detect the latest attack. If an attack does appear in an email, it is critical that your users have been taught to be aware of phishing techniques. Your last line of defense is a sound scheme for scheduling and keeping offsite backups and the use of reliable recovery platforms.
Contact Progent About the ProSight Ransomware Vulnerability Checkup in Chattanooga
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Readiness Audit can bolster your protection against crypto-ransomware in Chattanooga, phone Progent at 800-462-8800 or visit Contact Progent.