Ransomware has been weaponized by cyber extortionists and bad-actor governments, representing a potentially existential risk to businesses that are successfully attacked. Current variations of ransomware go after everything, including backup, making even selective restoration a challenging and expensive process. New variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Conti and Egregor have made the headlines, displacing WannaCry, TeslaCrypt, and NotPetya in prominence, elaborateness, and destructive impact.
Most crypto-ransomware breaches come from innocent-looking emails that have dangerous hyperlinks or attachments, and a high percentage are so-called "zero-day" attacks that can escape detection by traditional signature-matching antivirus (AV) tools. Although user education and up-front identification are critical to defend your network against ransomware attacks, leading practices demand that you expect that some malware will eventually succeed and that you implement a solid backup solution that permits you to restore files and services rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is a low-cost service built around a remote discussion with a Progent cybersecurity consultant skilled in ransomware protection and recovery. In the course of this assessment Progent will cooperate directly with your Dayton IT management staff to gather critical information concerning your security posture and backup environment. Progent will utilize this data to generate a Basic Security and Best Practices Assessment detailing how to adhere to leading practices for implementing and administering your security and backup systems to block or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights key issues related to ransomware prevention and restoration recovery. The report addresses:
- Proper use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Proper firewall settings
- Safe RDP connections
- Advice about AntiVirus (AV) tools selection and configuration
The online interview for the ProSight Ransomware Preparedness Checkup service takes about one hour for the average small business and longer for bigger or more complex environments. The report document contains suggestions for improving your ability to ward off or clean up after a ransomware assault and Progent can provide as-needed expertise to assist you to create an efficient cybersecurity/backup solution tailored to your business needs.
- Split permission architecture for backup integrity
- Backing up key servers including AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a form of malicious software that encrypts or deletes files so they are unusable or are made publicly available. Ransomware sometimes locks the victim's computer. To prevent the damage, the target is asked to send a certain ransom, usually via a crypto currency such as Bitcoin, within a short time window. There is no guarantee that delivering the ransom will recover the lost files or avoid its publication. Files can be encrypted or deleted across a network based on the target's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A typical ransomware attack vector is tainted email, in which the user is lured into interacting with by means of a social engineering technique known as spear phishing. This causes the email message to appear to come from a familiar sender. Another popular vulnerability is an improperly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses caused by different strains of ransomware is estimated at billions of dollars annually, roughly doubling every two years. Notorious attacks are WannaCry, and Petya. Recent headline variants like Ryuk, Maze and TeslaCrypt are more elaborate and have caused more havoc than earlier versions. Even if your backup/recovery procedures allow you to recover your ransomed files, you can still be threatened by exfiltration, where stolen documents are made public (known as "doxxing"). Because additional variants of ransomware are launched daily, there is no guarantee that traditional signature-matching anti-virus tools will detect the latest attack. If threat does appear in an email, it is critical that your end users have been taught to identify phishing techniques. Your ultimate protection is a solid process for performing and keeping remote backups plus the deployment of dependable restoration platforms.
Ask Progent About the ProSight Ransomware Readiness Consultation in Dayton
For pricing details and to find out more about how Progent's ProSight Ransomware Vulnerability Review can bolster your defense against crypto-ransomware in Dayton, call Progent at 800-462-8800 or visit Contact Progent.