Ransomware has been widely adopted by cybercriminals and rogue governments, representing a potentially existential risk to companies that fall victim. Modern versions of ransomware go after all vulnerable resources, including online backup, making even selective restoration a complex and costly exercise. Novel versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, LockBit and Egregor have emerged, displacing WannaCry, TeslaCrypt, and Petya in notoriety, sophistication, and destructiveness.
90% of ransomware breaches come from innocent-looking emails that have malicious links or attachments, and many are "zero-day" strains that can escape the defenses of traditional signature-based antivirus filters. While user education and frontline identification are critical to defend against ransomware, leading practices dictate that you expect that some attacks will inevitably succeed and that you put in place a solid backup solution that enables you to restore files and services rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service centered around a remote discussion with a Progent security expert experienced in ransomware protection and recovery. During this interview Progent will work directly with your Cincinnati IT management staff to collect critical information concerning your security posture and backup environment. Progent will utilize this information to produce a Basic Security and Best Practices Report documenting how to adhere to leading practices for configuring and administering your cybersecurity and backup solution to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas associated with ransomware prevention and restoration recovery. The review covers:
- Effective use of admin accounts
- Assigning NTFS (New Technology File System) and SMB authorizations
- Proper firewall configuration
- Safe Remote Desktop Protocol (RDP) connections
- Advice about AntiVirus filtering identification and deployment
The online interview included with the ProSight Ransomware Vulnerability Checkup service lasts about an hour for the average small company and requires more time for bigger or more complex environments. The report document features recommendations for improving your ability to block or clean up after a ransomware assault and Progent offers on-demand consulting services to assist you and your IT staff to design and deploy an efficient security/backup system customized for your business requirements.
- Split permission architecture for backup protection
- Backing up critical servers including AD
- Geographically dispersed backups including cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or deletes files so they are unusable or are made publicly available. Ransomware often locks the victim's computer. To prevent the damage, the target is asked to send a certain amount of money, usually in the form of a crypto currency such as Bitcoin, within a short period of time. There is no guarantee that paying the extortion price will recover the lost data or prevent its exposure to the public. Files can be altered or deleted across a network depending on the target's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A typical ransomware delivery package is tainted email, whereby the user is lured into interacting with by a social engineering exploit called spear phishing. This makes the email message to appear to come from a trusted sender. Another common attack vector is an improperly protected RDP port.
CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage caused by the many versions of ransomware is estimated at billions of dollars per year, more than doubling every two years. Famous examples are Locky, and NotPetya. Recent high-profile threats like Ryuk, Sodinokibi and Cerber are more sophisticated and have caused more damage than older strains. Even if your backup/recovery procedures enable your business to recover your encrypted data, you can still be threatened by exfiltration, where stolen documents are made public. Because new versions of ransomware are launched every day, there is no certainty that conventional signature-matching anti-virus tools will block the latest attack. If threat does appear in an email, it is critical that your users have learned to identify social engineering tricks. Your last line of defense is a solid scheme for performing and keeping remote backups plus the deployment of dependable recovery tools.
Contact Progent About the ProSight Ransomware Vulnerability Audit in Cincinnati
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Testing can bolster your defense against ransomware in Cincinnati, phone Progent at 800-462-8800 or see Contact Progent.