Ransomware has been widely adopted by cybercriminals and malicious states, posing a potentially existential risk to businesses that fall victim. The latest variations of ransomware target all vulnerable resources, including online backup, making even partial restoration a long and expensive exercise. New variations of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Egregor have made the headlines, displacing WannaCry, Cerber, and NotPetya in notoriety, sophistication, and destructive impact.
90% of ransomware breaches are the result of innocuous-seeming emails that include malicious links or file attachments, and a high percentage are "zero-day" strains that elude the defenses of traditional signature-based antivirus (AV) tools. While user training and frontline identification are critical to protect your network against ransomware, best practices dictate that you expect that some malware will inevitably succeed and that you deploy a strong backup mechanism that allows you to recover quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service built around an online discussion with a Progent cybersecurity expert experienced in ransomware defense and repair. In the course of this assessment Progent will cooperate with your Cleveland IT management staff to gather pertinent information about your cybersecurity configuration and backup environment. Progent will utilize this information to generate a Basic Security and Best Practices Report detailing how to apply leading practices for configuring and administering your security and backup solution to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights key issues related to crypto-ransomware prevention and restoration recovery. The report addresses:
- Effective use of administration accounts
- Correct NTFS and SMB authorizations
- Proper firewall configuration
- Safe Remote Desktop Protocol access
- Advice about AntiVirus (AV) filtering selection and configuration
The remote interview included with the ProSight Ransomware Preparedness Checkup service takes about one hour for the average small business network and requires more time for larger or more complex environments. The report document includes recommendations for improving your ability to block or clean up after a ransomware assault and Progent can provide as-needed consulting services to assist your business to create an efficient cybersecurity/data backup solution tailored to your specific requirements.
- Split permission architecture for backup integrity
- Backing up required servers including Active Directory
- Offsite backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Crypto-ransomware sometimes locks the victim's computer. To prevent the damage, the victim is asked to pay a specified ransom, usually in the form of a crypto currency such as Bitcoin, within a short time window. There is no guarantee that paying the extortion price will restore the damaged data or prevent its publication. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot solve the strong encryption algorithms used on the compromised files. A typical ransomware attack vector is tainted email, whereby the target is tricked into responding to by means of a social engineering technique called spear phishing. This makes the email to look as though it came from a familiar source. Another popular vulnerability is a poorly protected RDP port.
CryptoLocker ushered in the new age of ransomware in 2013, and the damage attributed to by different versions of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Notorious examples include Locky, and Petya. Recent high-profile variants like Ryuk, Maze and Cerber are more complex and have wreaked more damage than earlier versions. Even if your backup/recovery processes allow your business to restore your encrypted data, you can still be threatened by exfiltration, where ransomed documents are exposed to the public. Because additional versions of ransomware are launched daily, there is no guarantee that conventional signature-matching anti-virus tools will block a new malware. If an attack does show up in an email, it is critical that your end users have learned to identify social engineering tricks. Your ultimate defense is a sound scheme for scheduling and keeping remote backups and the deployment of dependable restoration tools.
Contact Progent About the ProSight Crypto-Ransomware Readiness Checkup in Cleveland
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Report can bolster your defense against crypto-ransomware in Cleveland, phone Progent at 800-462-8800 or see Contact Progent.