Ransomware has been weaponized by cybercriminals and malicious governments, representing a possibly lethal risk to companies that fall victim. The latest variations of crypto-ransomware target everything, including backup, making even selective restoration a complex and costly exercise. Novel strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Conti and Nephilim have emerged, replacing WannaCry, Spora, and Petya in prominence, sophistication, and destructive impact.
Most ransomware breaches come from innocuous-seeming emails with malicious links or file attachments, and many are "zero-day" attacks that elude the defenses of traditional signature-based antivirus (AV) tools. While user education and up-front detection are critical to defend your network against ransomware, leading practices demand that you expect that some attacks will eventually get through and that you put in place a solid backup mechanism that allows you to repair the damage quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service centered around a remote discussion with a Progent security consultant skilled in ransomware protection and repair. In the course of this assessment Progent will collaborate directly with your Dayton IT managers to collect critical data concerning your cybersecurity configuration and backup processes. Progent will utilize this data to produce a Basic Security and Best Practices Report documenting how to apply best practices for configuring and administering your cybersecurity and backup solution to block or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights key areas associated with ransomware defense and restoration recovery. The report addresses:
- Proper use of admin accounts
- Appropriate NTFS and SMB authorizations
- Optimal firewall configuration
- Safe RDP configuration
- Guidance for AntiVirus (AV) filtering identification and configuration
The online interview for the ProSight Ransomware Vulnerability Report service takes about one hour for a typical small business and requires more time for larger or more complex IT environments. The written report includes suggestions for improving your ability to ward off or recover from a ransomware incident and Progent can provide as-needed consulting services to assist you to create a cost-effective security/data backup solution tailored to your specific needs.
- Split permission model for backup integrity
- Backing up required servers including Active Directory
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or deletes files so they are unusable or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To prevent the carnage, the target is required to pay a certain amount of money, usually via a crypto currency such as Bitcoin, within a brief period of time. It is not guaranteed that paying the ransom will restore the lost data or avoid its publication. Files can be encrypted or deleted throughout a network based on the target's write permissions, and you cannot solve the military-grade encryption algorithms used on the hostage files. A common ransomware attack vector is tainted email, whereby the target is tricked into interacting with by a social engineering technique called spear phishing. This makes the email message to appear to come from a familiar sender. Another popular attack vector is a poorly secured Remote Desktop Protocol port.
The ransomware variant CryptoLocker opened the new age of crypto-ransomware in 2013, and the monetary losses caused by different strains of ransomware is said to be billions of dollars annually, more than doubling every other year. Notorious attacks are WannaCry, and Petya. Recent headline threats like Ryuk, DoppelPaymer and TeslaCrypt are more complex and have wreaked more damage than older versions. Even if your backup/recovery procedures enable your business to restore your encrypted files, you can still be hurt by so-called exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because additional variants of ransomware are launched daily, there is no guarantee that traditional signature-based anti-virus filters will detect a new malware. If threat does show up in an email, it is important that your users have been taught to be aware of social engineering techniques. Your ultimate protection is a sound process for scheduling and keeping remote backups and the deployment of reliable restoration tools.
Ask Progent About the ProSight Ransomware Susceptibility Testing in Dayton
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Preparedness Consultation can enhance your defense against ransomware in Dayton, call Progent at 800-462-8800 or see Contact Progent.