Ransomware has become the weapon of choice for cybercriminals and bad-actor governments, representing a possibly existential threat to companies that fall victim. Modern variations of ransomware go after everything, including backup, making even partial restoration a long and costly process. Novel versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Egregor have made the headlines, replacing WannaCry, Cerber, and CryptoWall in notoriety, sophistication, and destructiveness.
Most ransomware penetrations are caused by innocuous-seeming emails that have dangerous hyperlinks or attachments, and many are so-called "zero-day" attacks that elude the defenses of traditional signature-matching antivirus filters. While user education and up-front detection are important to protect your network against ransomware attacks, leading practices dictate that you assume some malware will inevitably get through and that you put in place a strong backup solution that enables you to repair the damage quickly with minimal losses.
Progent's ProSight Ransomware Preparedness Report is a low-cost service built around an online interview with a Progent security expert skilled in ransomware protection and repair. In the course of this interview Progent will work directly with your Corpus Christi IT management staff to collect pertinent information about your cybersecurity configuration and backup processes. Progent will utilize this information to create a Basic Security and Best Practices Report documenting how to adhere to best practices for implementing and administering your security and backup solution to block or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights vital areas associated with ransomware defense and restoration recovery. The review covers:
- Correct use of administration accounts
- Correct NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Proper firewall setup
- Secure Remote Desktop Protocol access
- Advice about AntiVirus (AV) filtering selection and configuration
The online interview process for the ProSight Ransomware Preparedness Report service lasts about one hour for a typical small company and requires more time for larger or more complicated environments. The written report contains suggestions for enhancing your ability to block or recover from a ransomware incident and Progent offers on-demand consulting services to assist you and your IT staff to design and deploy a cost-effective security/backup solution tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting critical servers including Active Directory
- Offsite backups with cloud backup to Azure
Ransomware is a type of malicious software that encrypts or deletes files so they cannot be used or are publicized. Crypto-ransomware often locks the victim's computer. To avoid the carnage, the target is asked to send a specified amount of money (the ransom), usually in the form of a crypto currency like Bitcoin, within a short period of time. It is not guaranteed that paying the extortion price will recover the lost files or avoid its exposure to the public. Files can be encrypted or erased across a network depending on the victim's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A typical ransomware delivery package is booby-trapped email, in which the target is tricked into interacting with by a social engineering technique called spear phishing. This makes the email to appear to come from a trusted source. Another common attack vector is a poorly protected RDP port.
The ransomware variant CryptoLocker opened the new age of crypto-ransomware in 2013, and the damage attributed to by the many versions of ransomware is estimated at billions of dollars annually, more than doubling every two years. Famous examples include WannaCry, and Petya. Current high-profile threats like Ryuk, DoppelPaymer and Spora are more complex and have wreaked more havoc than earlier strains. Even if your backup processes permit you to restore your encrypted data, you can still be threatened by exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because additional variants of ransomware crop up every day, there is no guarantee that conventional signature-based anti-virus filters will block the latest attack. If threat does show up in an email, it is important that your users have learned to identify phishing tricks. Your last line of defense is a solid process for scheduling and retaining remote backups and the use of reliable restoration platforms.
Contact Progent About the ProSight Ransomware Preparedness Evaluation in Corpus Christi
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Audit can bolster your defense against ransomware in Corpus Christi, phone Progent at 800-462-8800 or see Contact Progent.