Ransomware has been weaponized by the major cyber-crime organizations and malicious states, posing a potentially lethal risk to companies that fall victim. Current versions of crypto-ransomware target everything, including backup, making even partial restoration a long and costly exercise. Novel variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Snatch and Egregor have emerged, displacing Locky, Spora, and CryptoWall in prominence, sophistication, and destructive impact.
Most ransomware penetrations come from innocent-seeming emails that have dangerous hyperlinks or file attachments, and a high percentage are "zero-day" strains that elude detection by legacy signature-based antivirus (AV) tools. Although user training and up-front identification are important to defend against ransomware, best practices demand that you take for granted some malware will eventually succeed and that you prepare a strong backup solution that enables you to restore files and services quickly with minimal damage.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service centered around an online discussion with a Progent security expert skilled in ransomware protection and repair. In the course of this assessment Progent will cooperate directly with your Dallas network management staff to collect critical information about your cybersecurity setup and backup environment. Progent will use this information to generate a Basic Security and Best Practices Report detailing how to follow best practices for configuring and administering your security and backup systems to prevent or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key issues related to ransomware defense and restoration recovery. The report covers:
- Proper allocation and use of administration accounts
- Correct NTFS (New Technology File System) and SMB authorizations
- Optimal firewall configuration
- Safe Remote Desktop Protocol configuration
- Advice about AntiVirus (AV) filtering selection and deployment
The remote interview for the ProSight Ransomware Vulnerability Checkup service takes about one hour for the average small business network and requires more time for bigger or more complex IT environments. The report document includes recommendations for enhancing your ability to ward off or recover from a ransomware incident and Progent can provide as-needed consulting services to help you and your IT staff to design and deploy a cost-effective cybersecurity/backup system tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting required servers including Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a type of malware that encrypts or deletes files so they are unusable or are publicized. Ransomware often locks the target's computer. To prevent the damage, the victim is required to send a certain amount of money, usually in the form of a crypto currency such as Bitcoin, within a brief time window. It is never certain that delivering the ransom will restore the lost data or prevent its publication. Files can be encrypted or deleted throughout a network based on the target's write permissions, and you cannot break the strong encryption algorithms used on the hostage files. A typical ransomware delivery package is booby-trapped email, in which the user is lured into interacting with by a social engineering technique known as spear phishing. This makes the email to look as though it came from a trusted source. Another common vulnerability is a poorly protected Remote Desktop Protocol port.
CryptoLocker ushered in the new age of ransomware in 2013, and the damage caused by the many versions of ransomware is said to be billions of dollars per year, more than doubling every other year. Notorious attacks are WannaCry, and Petya. Current high-profile threats like Ryuk, Sodinokibi and Spora are more sophisticated and have caused more damage than earlier strains. Even if your backup/recovery procedures enable you to restore your encrypted files, you can still be threatened by exfiltration, where stolen documents are made public. Because new variants of ransomware are launched daily, there is no guarantee that traditional signature-matching anti-virus tools will detect the latest malware. If an attack does appear in an email, it is critical that your users have been taught to be aware of phishing tricks. Your last line of defense is a solid process for performing and keeping remote backups and the deployment of dependable recovery tools.
Ask Progent About the ProSight Ransomware Preparedness Evaluation in Dallas
For pricing details and to learn more about how Progent's ProSight Ransomware Preparedness Audit can enhance your defense against ransomware in Dallas, phone Progent at 800-462-8800 or see Contact Progent.