Ransomware has been weaponized by the major cyber-crime organizations and malicious states, posing a possibly lethal risk to businesses that are successfully attacked. Modern strains of ransomware target everything, including backup, making even partial restoration a challenging and expensive exercise. Novel variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have emerged, displacing Locky, Cerber, and Petya in notoriety, sophistication, and destructive impact.
90% of ransomware penetrations are caused by innocent-seeming emails that include malicious links or attachments, and many are "zero-day" variants that can escape the defenses of legacy signature-matching antivirus (AV) tools. Although user training and frontline identification are critical to protect your network against ransomware attacks, leading practices dictate that you assume some attacks will inevitably succeed and that you put in place a strong backup mechanism that enables you to restore files and services rapidly with minimal losses.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service built around a remote discussion with a Progent cybersecurity expert experienced in ransomware defense and recovery. In the course of this assessment Progent will collaborate directly with your Colorado Springs network managers to collect critical data concerning your security setup and backup processes. Progent will utilize this data to produce a Basic Security and Best Practices Report documenting how to follow best practices for configuring and administering your cybersecurity and backup solution to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on key issues associated with ransomware prevention and restoration recovery. The report covers:
- Proper allocation and use of administration accounts
- Correct NTFS and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Safe Remote Desktop Protocol access
- Advice about AntiVirus tools selection and configuration
The online interview for the ProSight Ransomware Vulnerability Assessment service takes about one hour for a typical small business network and longer for bigger or more complex environments. The report document includes recommendations for improving your ability to block or clean up after a ransomware attack and Progent can provide as-needed expertise to help you to create a cost-effective cybersecurity/backup solution tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting required servers including Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or steals files so they are unusable or are publicized. Crypto-ransomware often locks the victim's computer. To avoid the carnage, the victim is required to pay a certain ransom, typically via a crypto currency such as Bitcoin, within a short period of time. It is not guaranteed that paying the extortion price will recover the damaged files or avoid its exposure to the public. Files can be encrypted or erased across a network depending on the victim's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A common ransomware delivery package is spoofed email, in which the victim is lured into interacting with by a social engineering technique called spear phishing. This makes the email message to look as though it came from a trusted sender. Another common vulnerability is an improperly protected RDP port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses attributed to by different strains of ransomware is estimated at billions of dollars annually, more than doubling every other year. Notorious attacks are WannaCry, and Petya. Recent headline threats like Ryuk, Sodinokibi and CryptoWall are more sophisticated and have wreaked more havoc than earlier strains. Even if your backup/recovery processes allow your business to recover your ransomed data, you can still be hurt by so-called exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because new versions of ransomware crop up every day, there is no certainty that conventional signature-matching anti-virus filters will block a new attack. If threat does appear in an email, it is critical that your users have learned to be aware of phishing techniques. Your last line of protection is a sound scheme for scheduling and keeping offsite backups plus the use of reliable recovery platforms.
Ask Progent About the ProSight Ransomware Preparedness Assessment in Colorado Springs
For pricing information and to find out more about how Progent's ProSight Ransomware Preparedness Audit can bolster your defense against ransomware in Colorado Springs, phone Progent at 800-462-8800 or see Contact Progent.