Ransomware has been weaponized by the major cyber-crime organizations and malicious governments, representing a potentially lethal threat to companies that are victimized. The latest strains of crypto-ransomware target all vulnerable resources, including backup, making even partial restoration a challenging and costly exercise. New versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Egregor have emerged, replacing WannaCry, TeslaCrypt, and Petya in prominence, sophistication, and destructive impact.
90% of crypto-ransomware breaches come from innocuous-seeming emails that have malicious links or attachments, and a high percentage are so-called "zero-day" attacks that can escape the defenses of traditional signature-matching antivirus filters. While user education and up-front detection are critical to defend against ransomware, leading practices demand that you expect that some malware will inevitably succeed and that you implement a strong backup solution that allows you to repair the damage rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service built around an online discussion with a Progent cybersecurity expert skilled in ransomware protection and recovery. During this interview Progent will work with your Columbus IT managers to gather critical data concerning your cybersecurity posture and backup environment. Progent will use this information to create a Basic Security and Best Practices Assessment documenting how to adhere to leading practices for implementing and administering your cybersecurity and backup systems to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights key issues associated with crypto-ransomware defense and restoration recovery. The report covers:
- Proper use of admin accounts
- Appropriate NTFS and SMB authorizations
- Proper firewall configuration
- Secure Remote Desktop Protocol connections
- Guidance for AntiVirus (AV) filtering selection and deployment
The remote interview process for the ProSight Ransomware Preparedness Assessment service takes about an hour for a typical small business network and longer for bigger or more complex IT environments. The report document contains suggestions for enhancing your ability to block or recover from a ransomware assault and Progent can provide as-needed consulting services to help your business to create an efficient cybersecurity/backup solution customized for your business needs.
- Split permission architecture for backup integrity
- Protecting required servers including Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or deletes files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To prevent the damage, the victim is required to send a certain ransom, usually via a crypto currency such as Bitcoin, within a short period of time. It is not guaranteed that delivering the ransom will recover the damaged data or avoid its publication. Files can be altered or deleted across a network based on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the hostage files. A common ransomware delivery package is tainted email, whereby the target is tricked into interacting with by means of a social engineering exploit called spear phishing. This makes the email message to look as though it came from a trusted sender. Another popular vulnerability is a poorly protected RDP port.
CryptoLocker opened the modern era of ransomware in 2013, and the damage attributed to by the many strains of ransomware is said to be billions of dollars annually, roughly doubling every other year. Notorious examples are Locky, and Petya. Current headline variants like Ryuk, Maze and Spora are more elaborate and have wreaked more damage than older strains. Even if your backup processes allow you to recover your ransomed files, you can still be threatened by so-called exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because new versions of ransomware crop up daily, there is no guarantee that conventional signature-matching anti-virus tools will block the latest malware. If threat does show up in an email, it is critical that your end users have been taught to be aware of phishing tricks. Your ultimate defense is a sound scheme for scheduling and keeping remote backups and the deployment of reliable restoration platforms.
Ask Progent About the ProSight Ransomware Readiness Report in Columbus
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Readiness Checkup can enhance your defense against ransomware in Columbus, phone Progent at 800-462-8800 or see Contact Progent.