Ransomware has become the weapon of choice for cybercriminals and bad-actor states, representing a potentially existential risk to companies that are victimized. Current strains of crypto-ransomware target everything, including online backup, making even selective recovery a long and costly exercise. New variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Egregor have emerged, displacing WannaCry, Cerber, and Petya in prominence, sophistication, and destructive impact.
90% of ransomware penetrations come from innocent-looking emails that include malicious links or attachments, and a high percentage are "zero-day" attacks that elude detection by traditional signature-matching antivirus (AV) filters. While user education and frontline identification are important to protect your network against ransomware, best practices demand that you assume some attacks will eventually get through and that you put in place a strong backup solution that allows you to recover quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service centered around an online discussion with a Progent security expert skilled in ransomware protection and recovery. During this interview Progent will cooperate directly with your Dallas network managers to collect critical information concerning your security profile and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Report documenting how to adhere to best practices for implementing and administering your security and backup systems to prevent or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas related to ransomware prevention and restoration recovery. The review covers:
- Proper allocation and use of admin accounts
- Correct NTFS (New Technology File System) and SMB authorizations
- Optimal firewall configuration
- Safe Remote Desktop Protocol access
- Guidance for AntiVirus tools selection and configuration
The remote interview process included with the ProSight Ransomware Preparedness Assessment service takes about an hour for the average small business and longer for larger or more complex IT environments. The written report contains recommendations for enhancing your ability to block or recover from a ransomware incident and Progent can provide on-demand expertise to help you and your IT staff to create an efficient cybersecurity/backup solution customized for your business needs.
- Split permission architecture for backup integrity
- Backing up critical servers including Active Directory
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they are unusable or are publicized. Ransomware sometimes locks the victim's computer. To avoid the carnage, the victim is required to pay a specified ransom, usually in the form of a crypto currency such as Bitcoin, within a brief period of time. It is never certain that delivering the extortion price will restore the lost files or prevent its exposure to the public. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the hostage files. A typical ransomware attack vector is tainted email, whereby the target is tricked into interacting with by means of a social engineering technique called spear phishing. This makes the email message to look as though it came from a trusted source. Another common attack vector is a poorly protected Remote Desktop Protocol (RDP) port.
CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage attributed to by different strains of ransomware is said to be billions of dollars per year, more than doubling every two years. Famous examples are Locky, and NotPetya. Current high-profile threats like Ryuk, Sodinokibi and CryptoWall are more sophisticated and have caused more damage than older versions. Even if your backup/recovery procedures enable your business to recover your encrypted files, you can still be threatened by so-called exfiltration, where stolen documents are exposed to the public. Because additional variants of ransomware are launched daily, there is no certainty that conventional signature-matching anti-virus tools will detect the latest attack. If threat does show up in an email, it is critical that your users have learned to be aware of social engineering techniques. Your last line of defense is a sound process for performing and keeping offsite backups and the deployment of reliable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Susceptibility Assessment in Dallas
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Vulnerability Checkup can enhance your protection against crypto-ransomware in Dallas, phone Progent at 800-462-8800 or see Contact Progent.