Ransomware has become the weapon of choice for cyber extortionists and malicious governments, posing a possibly lethal threat to companies that are breached. The latest variations of crypto-ransomware target all vulnerable resources, including backup, making even selective recovery a challenging and costly exercise. Novel variations of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, LockBit and Nephilim have emerged, displacing WannaCry, Cerber, and CryptoWall in prominence, elaborateness, and destructive impact.
Most ransomware infections are the result of innocuous-looking emails with malicious links or file attachments, and a high percentage are "zero-day" strains that elude detection by legacy signature-based antivirus (AV) filters. While user training and frontline identification are critical to defend your network against ransomware, leading practices demand that you assume some attacks will eventually succeed and that you prepare a strong backup solution that permits you to repair the damage quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service built around an online interview with a Progent cybersecurity consultant experienced in ransomware protection and repair. During this assessment Progent will cooperate with your Cincinnati IT management staff to gather pertinent data about your cybersecurity profile and backup environment. Progent will utilize this information to produce a Basic Security and Best Practices Report documenting how to apply best practices for implementing and administering your security and backup systems to block or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key issues associated with ransomware prevention and restoration recovery. The report addresses:
- Effective use of administration accounts
- Appropriate NTFS and SMB (Server Message Block) authorizations
- Optimal firewall setup
- Secure Remote Desktop Protocol (RDP) connections
- Advice about AntiVirus (AV) tools selection and deployment
The remote interview process included with the ProSight Ransomware Vulnerability Assessment service takes about one hour for the average small business and longer for bigger or more complicated environments. The report document includes suggestions for improving your ability to block or recover from a ransomware incident and Progent can provide on-demand consulting services to assist you to create an efficient cybersecurity/backup system customized for your specific requirements.
- Split permission architecture for backup protection
- Protecting required servers including Active Directory
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or deletes files so they cannot be used or are publicized. Ransomware sometimes locks the victim's computer. To prevent the damage, the victim is asked to pay a certain ransom, usually via a crypto currency such as Bitcoin, within a short time window. It is not guaranteed that paying the extortion price will restore the damaged data or avoid its exposure to the public. Files can be encrypted or erased throughout a network depending on the victim's write permissions, and you cannot break the strong encryption algorithms used on the hostage files. A common ransomware delivery package is booby-trapped email, whereby the user is lured into interacting with by means of a social engineering technique called spear phishing. This causes the email message to look as though it came from a familiar source. Another popular attack vector is an improperly secured Remote Desktop Protocol port.
The ransomware variant CryptoLocker opened the modern era of crypto-ransomware in 2013, and the monetary losses caused by different strains of ransomware is estimated at billions of dollars per year, more than doubling every two years. Famous attacks include Locky, and NotPetya. Recent headline variants like Ryuk, DoppelPaymer and Spora are more sophisticated and have wreaked more damage than earlier versions. Even if your backup processes permit your business to restore your ransomed files, you can still be hurt by exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because additional variants of ransomware are launched every day, there is no certainty that traditional signature-matching anti-virus tools will detect the latest malware. If threat does show up in an email, it is critical that your end users have been taught to be aware of social engineering tricks. Your ultimate protection is a sound scheme for performing and keeping remote backups and the use of reliable restoration tools.
Ask Progent About the ProSight Ransomware Vulnerability Evaluation in Cincinnati
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Vulnerability Audit can bolster your protection against ransomware in Cincinnati, call Progent at 800-462-8800 or see Contact Progent.