Ransomware has been weaponized by the major cyber-crime organizations and malicious states, representing a possibly lethal threat to companies that are breached. The latest strains of ransomware go after everything, including online backup, making even partial recovery a challenging and costly process. New versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, LockBit and Egregor have made the headlines, replacing WannaCry, Spora, and CryptoWall in prominence, elaborateness, and destructive impact.
Most ransomware penetrations are the result of innocent-looking emails that include malicious links or file attachments, and a high percentage are so-called "zero-day" variants that can escape detection by legacy signature-matching antivirus filters. While user training and frontline identification are critical to defend against ransomware attacks, best practices demand that you expect that some malware will eventually get through and that you put in place a solid backup solution that enables you to repair the damage rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service centered around a remote discussion with a Progent security consultant experienced in ransomware defense and repair. During this assessment Progent will collaborate directly with your Chesapeake network management staff to gather critical information about your cybersecurity profile and backup environment. Progent will use this data to generate a Basic Security and Best Practices Assessment documenting how to apply leading practices for configuring and administering your cybersecurity and backup systems to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on key areas associated with ransomware prevention and restoration recovery. The review covers:
- Effective allocation and use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB authorizations
- Proper firewall setup
- Secure Remote Desktop Protocol access
- Advice about AntiVirus filtering identification and configuration
The online interview for the ProSight Ransomware Vulnerability Checkup service lasts about one hour for a typical small business and requires more time for larger or more complicated environments. The report document features suggestions for enhancing your ability to ward off or clean up after a ransomware assault and Progent offers as-needed consulting services to help you and your IT staff to create a cost-effective security/data backup system customized for your specific requirements.
- Split permission model for backup integrity
- Protecting critical servers such as Active Directory
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a form of malicious software that encrypts or deletes a victim's files so they cannot be used or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To avoid the damage, the victim is required to send a certain ransom, usually via a crypto currency like Bitcoin, within a brief time window. There is no guarantee that delivering the extortion price will recover the damaged data or prevent its exposure to the public. Files can be altered or erased throughout a network based on the victim's write permissions, and you cannot solve the strong encryption algorithms used on the hostage files. A common ransomware delivery package is tainted email, in which the victim is lured into interacting with by a social engineering exploit called spear phishing. This causes the email message to appear to come from a trusted source. Another common attack vector is an improperly protected Remote Desktop Protocol (RDP) port.
CryptoLocker ushered in the new age of ransomware in 2013, and the damage caused by different strains of ransomware is said to be billions of dollars per year, roughly doubling every two years. Famous attacks include WannaCry, and Petya. Recent headline variants like Ryuk, Sodinokibi and Spora are more elaborate and have caused more damage than older versions. Even if your backup/recovery procedures permit you to restore your ransomed files, you can still be threatened by so-called exfiltration, where stolen data are made public (known as "doxxing"). Because new variants of ransomware crop up every day, there is no certainty that conventional signature-based anti-virus filters will detect a new malware. If threat does appear in an email, it is important that your users have been taught to identify social engineering tricks. Your ultimate defense is a sound process for performing and retaining remote backups and the deployment of dependable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Testing in Chesapeake
For pricing details and to find out more about how Progent's ProSight Ransomware Preparedness Report can enhance your protection against ransomware in Chesapeake, call Progent at 800-462-8800 or visit Contact Progent.