Ransomware has been weaponized by cybercriminals and rogue governments, posing a possibly existential risk to businesses that are victimized. Current variations of crypto-ransomware target everything, including online backup, making even selective recovery a challenging and expensive process. New strains of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Nephilim have made the headlines, displacing WannaCry, TeslaCrypt, and CryptoWall in notoriety, elaborateness, and destructive impact.
Most crypto-ransomware penetrations are caused by innocent-seeming emails that include malicious links or file attachments, and many are so-called "zero-day" strains that can escape detection by legacy signature-based antivirus (AV) filters. While user education and frontline identification are critical to protect against ransomware attacks, leading practices dictate that you expect that some malware will eventually succeed and that you implement a solid backup solution that allows you to restore files and services quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service centered around a remote discussion with a Progent cybersecurity expert experienced in ransomware defense and repair. During this interview Progent will work directly with your Columbus network management staff to collect critical information about your security profile and backup processes. Progent will utilize this data to create a Basic Security and Best Practices Report documenting how to follow best practices for implementing and managing your cybersecurity and backup systems to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report highlights key issues related to crypto-ransomware prevention and restoration recovery. The review covers:
- Effective use of admin accounts
- Appropriate NTFS and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Safe RDP access
- Guidance for AntiVirus filtering selection and configuration
The online interview included with the ProSight Ransomware Preparedness Assessment service takes about an hour for a typical small company and longer for larger or more complex IT environments. The report document includes suggestions for enhancing your ability to ward off or recover from a ransomware incident and Progent can provide on-demand consulting services to help you to create a cost-effective security/data backup system tailored to your business needs.
- Split permission model for backup integrity
- Backing up critical servers including Active Directory
- Offsite backups with cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes a victim's files so they cannot be used or are made publicly available. Crypto-ransomware often locks the victim's computer. To prevent the damage, the target is required to send a certain amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a short time window. There is no guarantee that delivering the extortion price will restore the lost files or avoid its exposure to the public. Files can be encrypted or erased across a network depending on the victim's write permissions, and you cannot reverse engineer the military-grade encryption technologies used on the compromised files. A common ransomware attack vector is spoofed email, whereby the target is lured into responding to by a social engineering technique known as spear phishing. This causes the email message to appear to come from a trusted sender. Another popular vulnerability is an improperly protected Remote Desktop Protocol (RDP) port.
CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses attributed to by the many strains of ransomware is said to be billions of dollars annually, roughly doubling every other year. Notorious examples include Locky, and NotPetya. Current high-profile variants like Ryuk, DoppelPaymer and CryptoWall are more complex and have caused more damage than earlier versions. Even if your backup procedures enable your business to recover your encrypted data, you can still be threatened by so-called exfiltration, where stolen documents are made public (known as "doxxing"). Because additional variants of ransomware are launched daily, there is no certainty that conventional signature-matching anti-virus filters will detect the latest malware. If an attack does show up in an email, it is critical that your users have been taught to be aware of phishing tricks. Your last line of defense is a solid process for scheduling and keeping offsite backups plus the deployment of dependable restoration tools.
Ask Progent About the ProSight Ransomware Readiness Evaluation in Columbus
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Readiness Review can enhance your defense against crypto-ransomware in Columbus, call Progent at 800-462-8800 or visit Contact Progent.