Ransomware has been weaponized by the major cyber-crime organizations and bad-actor governments, posing a possibly existential risk to companies that are breached. Modern versions of ransomware target everything, including backup, making even selective recovery a long and costly process. New versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Conti and Nephilim have emerged, replacing WannaCry, Cerber, and CryptoWall in prominence, elaborateness, and destructiveness.
90% of ransomware infections come from innocuous-looking emails that include dangerous hyperlinks or file attachments, and many are so-called "zero-day" strains that elude detection by traditional signature-matching antivirus tools. While user training and frontline detection are critical to defend your network against ransomware attacks, leading practices demand that you take for granted some attacks will eventually succeed and that you implement a strong backup mechanism that permits you to repair the damage rapidly with little if any losses.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service built around a remote interview with a Progent cybersecurity expert skilled in ransomware defense and repair. In the course of this interview Progent will collaborate directly with your Cincinnati IT managers to gather critical data about your security profile and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Report documenting how to apply best practices for implementing and administering your security and backup solution to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report highlights key issues associated with ransomware defense and restoration recovery. The review addresses:
- Correct allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall settings
- Safe Remote Desktop Protocol (RDP) connections
- Recommend AntiVirus tools identification and deployment
The remote interview included with the ProSight Ransomware Preparedness Checkup service takes about one hour for a typical small business network and longer for larger or more complicated IT environments. The report document contains recommendations for enhancing your ability to block or recover from a ransomware attack and Progent offers as-needed expertise to assist your business to create an efficient cybersecurity/backup system tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting key servers including Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To avoid the carnage, the victim is asked to send a certain amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a brief period of time. It is never certain that paying the extortion price will restore the lost files or prevent its exposure to the public. Files can be altered or deleted throughout a network based on the target's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the compromised files. A common ransomware attack vector is tainted email, in which the target is lured into interacting with by means of a social engineering exploit called spear phishing. This causes the email message to appear to come from a trusted sender. Another common vulnerability is an improperly protected RDP port.
CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous attacks include WannaCry, and NotPetya. Recent headline variants like Ryuk, Maze and TeslaCrypt are more complex and have wreaked more havoc than earlier strains. Even if your backup/recovery procedures allow your business to restore your ransomed files, you can still be hurt by so-called exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new variants of ransomware are launched daily, there is no guarantee that conventional signature-based anti-virus tools will block a new malware. If an attack does appear in an email, it is important that your end users have been taught to identify social engineering techniques. Your last line of protection is a solid process for performing and keeping offsite backups and the use of reliable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Checkup in Cincinnati
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Testing can bolster your protection against crypto-ransomware in Cincinnati, call Progent at 800-462-8800 or see Contact Progent.