Ransomware has been weaponized by cyber extortionists and bad-actor states, representing a possibly existential risk to businesses that are successfully attacked. Modern versions of crypto-ransomware target everything, including backup, making even partial restoration a long and expensive process. Novel versions of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have emerged, replacing WannaCry, TeslaCrypt, and NotPetya in notoriety, sophistication, and destructiveness.
Most ransomware penetrations come from innocuous-seeming emails that include malicious links or file attachments, and a high percentage are so-called "zero-day" variants that can escape the defenses of legacy signature-based antivirus tools. While user training and frontline identification are critical to protect against ransomware, leading practices demand that you take for granted some attacks will inevitably succeed and that you prepare a solid backup solution that allows you to repair the damage quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Report is a low-cost service centered around an online discussion with a Progent security expert skilled in ransomware protection and recovery. During this assessment Progent will cooperate directly with your Cincinnati IT managers to collect pertinent information concerning your cybersecurity posture and backup processes. Progent will use this data to generate a Basic Security and Best Practices Report detailing how to apply best practices for implementing and administering your security and backup solution to block or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report focuses on key issues related to crypto-ransomware defense and restoration recovery. The report addresses:
- Effective use of administration accounts
- Correct NTFS (New Technology File System) and SMB permissions
- Proper firewall configuration
- Safe RDP access
- Recommend AntiVirus filtering selection and deployment
The remote interview process for the ProSight Ransomware Vulnerability Assessment service lasts about an hour for the average small business and requires more time for bigger or more complex environments. The written report includes suggestions for enhancing your ability to ward off or clean up after a ransomware attack and Progent offers as-needed consulting services to assist you and your IT staff to create a cost-effective cybersecurity/backup system tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting required servers including Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a variety of malware that encrypts or deletes a victim's files so they are unusable or are made publicly available. Crypto-ransomware often locks the victim's computer. To prevent the damage, the victim is asked to send a specified amount of money, usually via a crypto currency such as Bitcoin, within a short period of time. It is not guaranteed that paying the ransom will restore the lost data or prevent its publication. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot break the military-grade encryption algorithms used on the compromised files. A typical ransomware attack vector is tainted email, whereby the target is lured into responding to by a social engineering technique called spear phishing. This makes the email message to appear to come from a familiar sender. Another popular attack vector is an improperly protected Remote Desktop Protocol port.
CryptoLocker opened the new age of crypto-ransomware in 2013, and the monetary losses caused by different versions of ransomware is said to be billions of dollars annually, roughly doubling every other year. Notorious examples are WannaCry, and NotPetya. Current headline variants like Ryuk, Sodinokibi and TeslaCrypt are more elaborate and have caused more havoc than older versions. Even if your backup processes permit you to recover your encrypted data, you can still be threatened by so-called exfiltration, where stolen documents are made public. Because additional variants of ransomware are launched daily, there is no certainty that traditional signature-based anti-virus tools will detect a new malware. If an attack does show up in an email, it is important that your end users have been taught to identify social engineering techniques. Your last line of protection is a sound scheme for scheduling and keeping remote backups plus the use of reliable restoration tools.
Ask Progent About the ProSight Crypto-Ransomware Preparedness Consultation in Cincinnati
For pricing details and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Review can enhance your defense against crypto-ransomware in Cincinnati, phone Progent at 800-462-8800 or visit Contact Progent.