Ransomware has been weaponized by cyber extortionists and rogue governments, representing a potentially existential risk to companies that are breached. Current versions of ransomware go after all vulnerable resources, including online backup, making even selective recovery a challenging and expensive exercise. New strains of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Nephilim have emerged, replacing WannaCry, Spora, and Petya in notoriety, sophistication, and destructiveness.
90% of ransomware breaches come from innocuous-looking emails that have dangerous hyperlinks or attachments, and many are "zero-day" strains that elude detection by legacy signature-matching antivirus filters. Although user education and up-front identification are critical to protect your network against ransomware, best practices demand that you assume some attacks will eventually get through and that you put in place a solid backup solution that permits you to repair the damage rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service centered around an online interview with a Progent cybersecurity consultant experienced in ransomware defense and recovery. In the course of this assessment Progent will work directly with your Cheyenne network managers to gather critical data concerning your security profile and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Report documenting how to follow leading practices for implementing and administering your cybersecurity and backup systems to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas associated with ransomware prevention and restoration recovery. The report addresses:
- Effective allocation and use of administration accounts
- Correct NTFS (New Technology File System) and SMB authorizations
- Optimal firewall setup
- Secure Remote Desktop Protocol connections
- Advice about AntiVirus (AV) tools identification and configuration
The remote interview included with the ProSight Ransomware Preparedness Assessment service takes about an hour for a typical small company and requires more time for larger or more complicated environments. The written report includes suggestions for enhancing your ability to ward off or clean up after a ransomware assault and Progent offers on-demand consulting services to assist your business to design and deploy an efficient cybersecurity/backup system tailored to your business requirements.
- Split permission model for backup integrity
- Backing up key servers including AD
- Geographically dispersed backups including cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they are unusable or are publicized. Crypto-ransomware sometimes locks the target's computer. To prevent the damage, the target is required to pay a certain amount of money (the ransom), typically in the form of a crypto currency like Bitcoin, within a brief period of time. It is not guaranteed that paying the ransom will restore the lost files or prevent its publication. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot solve the military-grade encryption technologies used on the hostage files. A common ransomware attack vector is spoofed email, in which the user is lured into interacting with by means of a social engineering technique known as spear phishing. This makes the email to look as though it came from a familiar sender. Another common attack vector is a poorly protected RDP port.
CryptoLocker ushered in the modern era of ransomware in 2013, and the damage caused by the many strains of ransomware is said to be billions of dollars per year, more than doubling every two years. Famous attacks include Locky, and NotPetya. Current high-profile threats like Ryuk, Sodinokibi and TeslaCrypt are more elaborate and have wreaked more damage than older strains. Even if your backup/recovery procedures enable you to restore your ransomed files, you can still be hurt by so-called exfiltration, where ransomed documents are made public. Because additional variants of ransomware are launched every day, there is no guarantee that conventional signature-based anti-virus tools will block the latest malware. If an attack does show up in an email, it is critical that your users have learned to be aware of social engineering tricks. Your ultimate defense is a sound scheme for performing and keeping remote backups and the deployment of reliable restoration platforms.
Contact Progent About the ProSight Ransomware Readiness Audit in Cheyenne
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Review can bolster your defense against ransomware in Cheyenne, call Progent at 800-993-9400 or see Contact Progent.