Ransomware has become the weapon of choice for the major cyber-crime organizations and rogue states, posing a possibly existential risk to businesses that fall victim. The latest strains of ransomware target all vulnerable resources, including online backup, making even selective recovery a long and expensive exercise. Novel variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Lockbit and Egregor have made the headlines, displacing Locky, TeslaCrypt, and Petya in notoriety, sophistication, and destructiveness.
Most ransomware infections are the result of innocuous-seeming emails that include malicious hyperlinks or attachments, and a high percentage are so-called "zero-day" strains that can escape detection by traditional signature-based antivirus (AV) tools. While user education and up-front identification are important to defend against ransomware attacks, best practices dictate that you expect that some attacks will eventually succeed and that you deploy a solid backup mechanism that allows you to restore files and services rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service built around a remote interview with a Progent security expert skilled in ransomware protection and recovery. During this interview Progent will cooperate directly with your Dayton IT management staff to collect pertinent information concerning your security setup and backup environment. Progent will utilize this data to generate a Basic Security and Best Practices Report documenting how to apply leading practices for configuring and administering your security and backup systems to prevent or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital issues related to crypto-ransomware prevention and restoration recovery. The review addresses:
- Effective use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall setup
- Secure Remote Desktop Protocol (RDP) connections
- Guidance for AntiVirus filtering identification and configuration
The remote interview process for the ProSight Ransomware Vulnerability Report service lasts about one hour for the average small business network and longer for bigger or more complicated environments. The written report contains suggestions for enhancing your ability to ward off or recover from a ransomware incident and Progent offers on-demand expertise to help you and your IT staff to design and deploy an efficient security/data backup system customized for your business needs.
- Split permission architecture for backup integrity
- Protecting critical servers such as AD
- Offsite backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or deletes a victim's files so they cannot be used or are publicized. Ransomware often locks the target's computer. To avoid the carnage, the victim is required to pay a certain amount of money, usually in the form of a crypto currency like Bitcoin, within a brief time window. It is never certain that paying the ransom will restore the damaged data or avoid its publication. Files can be altered or erased across a network based on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A typical ransomware attack vector is spoofed email, whereby the target is tricked into interacting with by a social engineering exploit called spear phishing. This makes the email message to look as though it came from a familiar sender. Another common attack vector is a poorly protected Remote Desktop Protocol port.
CryptoLocker opened the new age of ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is estimated at billions of dollars annually, more than doubling every two years. Famous examples include Locky, and Petya. Recent high-profile variants like Ryuk, Sodinokibi and Spora are more elaborate and have caused more havoc than earlier versions. Even if your backup processes enable your business to restore your ransomed data, you can still be hurt by so-called exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because additional variants of ransomware crop up every day, there is no guarantee that conventional signature-matching anti-virus tools will detect a new attack. If threat does show up in an email, it is important that your users have been taught to be aware of phishing techniques. Your ultimate protection is a solid scheme for scheduling and retaining remote backups and the use of dependable recovery platforms.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Assessment in Dayton
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Checkup can enhance your defense against crypto-ransomware in Dayton, phone Progent at 800-993-9400 or see Contact Progent.