Ransomware has been weaponized by the major cyber-crime organizations and rogue governments, posing a potentially lethal threat to businesses that are victimized. Modern variations of ransomware go after everything, including backup, making even partial restoration a complex and expensive process. Novel variations of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Nephilim have made the headlines, displacing Locky, Spora, and CryptoWall in prominence, sophistication, and destructiveness.
Most crypto-ransomware penetrations come from innocuous-seeming emails with malicious hyperlinks or attachments, and many are "zero-day" variants that elude the defenses of legacy signature-based antivirus (AV) filters. While user training and up-front detection are critical to defend your network against ransomware attacks, best practices demand that you take for granted some attacks will eventually get through and that you prepare a strong backup mechanism that allows you to restore files and services quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service centered around an online discussion with a Progent cybersecurity expert skilled in ransomware defense and repair. During this assessment Progent will work with your Curitiba network managers to gather pertinent information about your security profile and backup environment. Progent will utilize this data to create a Basic Security and Best Practices Report detailing how to adhere to leading practices for implementing and managing your cybersecurity and backup systems to block or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on vital areas associated with ransomware defense and restoration recovery. The report covers:
- Proper allocation and use of administration accounts
- Assigning NTFS and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Safe Remote Desktop Protocol configuration
- Recommend AntiVirus tools identification and configuration
The online interview process included with the ProSight Ransomware Preparedness Report service lasts about an hour for a typical small business network and requires more time for bigger or more complex environments. The report document features recommendations for improving your ability to block or recover from a ransomware assault and Progent offers as-needed consulting services to assist your business to create an efficient security/data backup system tailored to your specific needs.
- Split permission architecture for backup integrity
- Backing up key servers including Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To avoid the carnage, the victim is asked to send a specified amount of money, typically via a crypto currency such as Bitcoin, within a short period of time. It is never certain that delivering the extortion price will recover the lost data or prevent its exposure to the public. Files can be altered or erased across a network based on the target's write permissions, and you cannot break the military-grade encryption technologies used on the hostage files. A common ransomware attack vector is tainted email, in which the victim is tricked into interacting with by means of a social engineering exploit called spear phishing. This makes the email message to appear to come from a trusted sender. Another popular vulnerability is an improperly secured Remote Desktop Protocol port.
CryptoLocker ushered in the modern era of ransomware in 2013, and the damage attributed to by different strains of ransomware is estimated at billions of dollars annually, roughly doubling every two years. Famous examples are Locky, and NotPetya. Current headline variants like Ryuk, DoppelPaymer and Cerber are more complex and have wreaked more damage than older versions. Even if your backup procedures permit your business to recover your ransomed data, you can still be threatened by so-called exfiltration, where stolen documents are made public (known as "doxxing"). Because additional versions of ransomware are launched every day, there is no guarantee that conventional signature-matching anti-virus filters will block a new malware. If threat does show up in an email, it is critical that your users have learned to be aware of phishing techniques. Your last line of protection is a sound scheme for performing and retaining remote backups and the deployment of dependable recovery platforms.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Assessment in Curitiba
For pricing details and to learn more about how Progent's ProSight Ransomware Susceptibility Consultation can bolster your defense against ransomware in Curitiba, call Progent at 800-993-9400 or visit Contact Progent.