Ransomware has become the weapon of choice for the major cyber-crime organizations and bad-actor states, posing a potentially lethal threat to companies that are breached. Current versions of ransomware target all vulnerable resources, including backup, making even partial restoration a long and expensive process. New versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, LockBit and Nephilim have emerged, displacing Locky, TeslaCrypt, and Petya in prominence, elaborateness, and destructive impact.
Most crypto-ransomware infections are caused by innocuous-looking emails that have dangerous links or file attachments, and a high percentage are so-called "zero-day" strains that can escape detection by traditional signature-based antivirus filters. While user training and up-front identification are critical to defend against ransomware, leading practices dictate that you expect that some attacks will eventually succeed and that you implement a solid backup solution that allows you to repair the damage quickly with minimal damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service built around a remote interview with a Progent cybersecurity consultant skilled in ransomware defense and repair. In the course of this assessment Progent will cooperate with your Chattanooga network managers to gather pertinent information about your security profile and backup processes. Progent will use this data to generate a Basic Security and Best Practices Report detailing how to adhere to best practices for configuring and managing your cybersecurity and backup solution to block or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas related to ransomware defense and restoration recovery. The report addresses:
- Correct use of admin accounts
- Assigning NTFS and SMB (Server Message Block) authorizations
- Optimal firewall setup
- Secure RDP access
- Advice about AntiVirus tools selection and configuration
The remote interview process for the ProSight Ransomware Preparedness Assessment service lasts about an hour for a typical small business and requires more time for bigger or more complex environments. The report document contains suggestions for enhancing your ability to block or recover from a ransomware incident and Progent can provide as-needed consulting services to help you to design and deploy a cost-effective security/backup system tailored to your business requirements.
- Split permission architecture for backup protection
- Backing up critical servers including AD
- Geographically dispersed backups including cloud backup to Microsoft Azure
Ransomware is a variety of malware that encrypts or steals a victim's files so they are unusable or are made publicly available. Ransomware often locks the target's computer. To avoid the carnage, the target is asked to send a specified ransom, usually in the form of a crypto currency like Bitcoin, within a short time window. There is no guarantee that delivering the extortion price will restore the lost files or prevent its exposure to the public. Files can be encrypted or deleted throughout a network depending on the victim's write permissions, and you cannot solve the strong encryption technologies used on the compromised files. A typical ransomware delivery package is spoofed email, whereby the victim is lured into interacting with by a social engineering technique known as spear phishing. This causes the email to appear to come from a trusted sender. Another popular attack vector is a poorly protected RDP port.
The ransomware variant CryptoLocker opened the modern era of crypto-ransomware in 2013, and the damage attributed to by the many strains of ransomware is estimated at billions of dollars per year, roughly doubling every two years. Notorious examples are Locky, and Petya. Recent high-profile variants like Ryuk, Sodinokibi and CryptoWall are more sophisticated and have caused more havoc than earlier versions. Even if your backup processes allow you to recover your encrypted files, you can still be hurt by so-called exfiltration, where stolen documents are exposed to the public. Because new variants of ransomware are launched every day, there is no certainty that conventional signature-based anti-virus filters will block the latest attack. If an attack does show up in an email, it is critical that your users have learned to be aware of social engineering tricks. Your ultimate defense is a solid process for scheduling and keeping remote backups plus the deployment of reliable recovery tools.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Report in Chattanooga
For pricing information and to learn more about how Progent's ProSight Ransomware Vulnerability Report can bolster your protection against crypto-ransomware in Chattanooga, phone Progent at 800-462-8800 or see Contact Progent.