Ransomware has become the weapon of choice for cyber extortionists and malicious states, posing a potentially lethal risk to companies that are breached. Modern versions of crypto-ransomware go after everything, including online backup, making even selective restoration a challenging and expensive exercise. New versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Nephilim have emerged, displacing WannaCry, TeslaCrypt, and CryptoWall in notoriety, sophistication, and destructive impact.
90% of crypto-ransomware infections are the result of innocuous-looking emails with dangerous links or attachments, and many are "zero-day" strains that elude the defenses of legacy signature-matching antivirus tools. While user training and up-front identification are critical to defend your network against ransomware attacks, leading practices dictate that you assume some malware will inevitably get through and that you implement a strong backup solution that allows you to repair the damage quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service built around a remote discussion with a Progent cybersecurity expert skilled in ransomware protection and recovery. During this assessment Progent will collaborate directly with your Cheyenne network managers to gather pertinent data about your cybersecurity profile and backup processes. Progent will use this data to create a Basic Security and Best Practices Assessment detailing how to follow leading practices for implementing and administering your security and backup solution to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report highlights key areas related to ransomware prevention and restoration recovery. The review covers:
- Correct use of admin accounts
- Appropriate NTFS and SMB authorizations
- Optimal firewall setup
- Safe Remote Desktop Protocol (RDP) connections
- Advice about AntiVirus (AV) filtering selection and configuration
The remote interview process for the ProSight Ransomware Preparedness Checkup service lasts about an hour for a typical small business network and longer for larger or more complicated IT environments. The report document contains recommendations for enhancing your ability to block or recover from a ransomware attack and Progent offers as-needed expertise to assist you and your IT staff to create a cost-effective security/data backup solution customized for your specific needs.
- Split permission model for backup protection
- Backing up key servers including AD
- Offsite backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or deletes files so they cannot be used or are made publicly available. Crypto-ransomware sometimes locks the victim's computer. To prevent the carnage, the victim is asked to pay a certain amount of money, usually via a crypto currency such as Bitcoin, within a brief period of time. There is no guarantee that delivering the extortion price will recover the lost files or prevent its publication. Files can be altered or deleted throughout a network depending on the target's write permissions, and you cannot solve the military-grade encryption algorithms used on the hostage files. A typical ransomware delivery package is spoofed email, whereby the target is lured into responding to by means of a social engineering technique known as spear phishing. This causes the email message to appear to come from a familiar sender. Another common vulnerability is a poorly secured Remote Desktop Protocol (RDP) port.
CryptoLocker opened the modern era of crypto-ransomware in 2013, and the damage caused by the many versions of ransomware is said to be billions of dollars per year, more than doubling every two years. Famous attacks are Locky, and Petya. Current headline variants like Ryuk, Sodinokibi and TeslaCrypt are more complex and have caused more damage than older versions. Even if your backup processes allow you to recover your encrypted data, you can still be threatened by exfiltration, where ransomed documents are made public. Because new variants of ransomware are launched daily, there is no guarantee that conventional signature-based anti-virus tools will detect the latest attack. If threat does appear in an email, it is important that your end users have learned to identify social engineering techniques. Your last line of protection is a sound process for scheduling and keeping offsite backups plus the deployment of dependable restoration platforms.
Contact Progent About the ProSight Ransomware Readiness Report in Cheyenne
For pricing information and to find out more about how Progent's ProSight Ransomware Readiness Consultation can enhance your protection against ransomware in Cheyenne, phone Progent at 800-462-8800 or visit Contact Progent.