Ransomware has been weaponized by cyber extortionists and rogue states, representing a possibly existential risk to businesses that fall victim. Current variations of crypto-ransomware go after all vulnerable resources, including backup, making even partial recovery a complex and expensive process. Novel versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Snatch and Egregor have made the headlines, replacing Locky, Spora, and CryptoWall in notoriety, sophistication, and destructive impact.
Most crypto-ransomware infections are caused by innocent-looking emails with dangerous links or file attachments, and a high percentage are "zero-day" attacks that can escape the defenses of traditional signature-matching antivirus (AV) tools. Although user education and up-front identification are critical to defend against ransomware attacks, leading practices demand that you take for granted some malware will eventually succeed and that you put in place a solid backup solution that enables you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Checkup is an ultra-affordable service built around an online discussion with a Progent cybersecurity expert experienced in ransomware protection and recovery. In the course of this interview Progent will collaborate directly with your Dayton IT managers to collect pertinent data concerning your cybersecurity profile and backup environment. Progent will use this information to create a Basic Security and Best Practices Assessment detailing how to apply best practices for implementing and administering your security and backup solution to prevent or clean up after a crypto-ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on key issues associated with crypto-ransomware defense and restoration recovery. The review addresses:
- Effective allocation and use of administration accounts
- Appropriate NTFS and SMB (Server Message Block) authorizations
- Proper firewall configuration
- Secure RDP configuration
- Guidance for AntiVirus tools selection and deployment
The remote interview process for the ProSight Ransomware Vulnerability Checkup service lasts about an hour for a typical small company and longer for bigger or more complicated environments. The written report contains recommendations for improving your ability to block or clean up after a ransomware attack and Progent offers as-needed consulting services to assist you and your IT staff to design and deploy an efficient cybersecurity/data backup system customized for your business requirements.
- Split permission model for backup protection
- Protecting critical servers including AD
- Offsite backups with cloud backup to Azure
Ransomware is a type of malicious software that encrypts or deletes a victim's files so they are unusable or are publicized. Ransomware sometimes locks the victim's computer. To avoid the damage, the victim is asked to pay a certain amount of money, usually via a crypto currency such as Bitcoin, within a brief period of time. There is no guarantee that paying the ransom will restore the lost data or avoid its publication. Files can be altered or erased across a network depending on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the hostage files. A typical ransomware delivery package is booby-trapped email, whereby the user is tricked into responding to by means of a social engineering exploit known as spear phishing. This causes the email to look as though it came from a familiar sender. Another popular vulnerability is a poorly protected Remote Desktop Protocol (RDP) port.
CryptoLocker opened the modern era of ransomware in 2013, and the damage caused by different strains of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Notorious examples are Locky, and Petya. Recent high-profile threats like Ryuk, Sodinokibi and Cerber are more complex and have caused more havoc than older versions. Even if your backup/recovery processes enable your business to recover your ransomed files, you can still be threatened by so-called exfiltration, where stolen data are exposed to the public. Because additional versions of ransomware are launched daily, there is no certainty that conventional signature-matching anti-virus filters will block a new malware. If an attack does show up in an email, it is critical that your end users have learned to be aware of phishing techniques. Your last line of defense is a solid scheme for performing and keeping remote backups plus the use of reliable restoration tools.
Ask Progent About the ProSight Ransomware Susceptibility Evaluation in Dayton
For pricing details and to learn more about how Progent's ProSight Ransomware Preparedness Testing can enhance your defense against crypto-ransomware in Dayton, call Progent at 800-462-8800 or see Contact Progent.