Ransomware has become the weapon of choice for cybercriminals and rogue states, representing a possibly existential risk to companies that fall victim. Current strains of ransomware target all vulnerable resources, including backup, making even selective restoration a long and expensive process. New variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Egregor have made the headlines, replacing Locky, Spora, and Petya in prominence, elaborateness, and destructive impact.
Most ransomware penetrations are the result of innocent-looking emails with malicious links or attachments, and a high percentage are "zero-day" strains that can escape the defenses of traditional signature-based antivirus tools. While user training and frontline identification are critical to defend your network against ransomware attacks, best practices demand that you take for granted some malware will inevitably get through and that you implement a solid backup mechanism that enables you to repair the damage quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service built around a remote interview with a Progent cybersecurity expert skilled in ransomware protection and repair. In the course of this interview Progent will collaborate directly with your Des Moines network management staff to gather critical data concerning your security setup and backup processes. Progent will utilize this data to generate a Basic Security and Best Practices Report documenting how to apply leading practices for implementing and administering your cybersecurity and backup solution to block or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Report focuses on key areas related to crypto-ransomware defense and restoration recovery. The report covers:
- Effective use of admin accounts
- Correct NTFS and SMB (Server Message Block) permissions
- Optimal firewall setup
- Secure Remote Desktop Protocol (RDP) connections
- Recommend AntiVirus filtering selection and deployment
The remote interview included with the ProSight Ransomware Vulnerability Assessment service lasts about one hour for the average small business and longer for bigger or more complex environments. The report document features suggestions for improving your ability to block or clean up after a ransomware attack and Progent can provide as-needed expertise to help you to create a cost-effective cybersecurity/data backup solution tailored to your specific needs.
- Split permission architecture for backup integrity
- Protecting required servers such as AD
- Offsite backups including cloud backup to Azure
Ransomware is a type of malware that encrypts or steals a victim's files so they cannot be used or are publicized. Ransomware often locks the target's computer. To avoid the carnage, the target is asked to send a certain ransom, usually via a crypto currency like Bitcoin, within a brief time window. There is no guarantee that delivering the extortion price will restore the lost data or avoid its publication. Files can be encrypted or erased throughout a network depending on the target's write permissions, and you cannot solve the strong encryption algorithms used on the compromised files. A typical ransomware delivery package is booby-trapped email, in which the user is lured into responding to by a social engineering technique called spear phishing. This causes the email message to appear to come from a trusted sender. Another popular vulnerability is a poorly secured Remote Desktop Protocol port.
CryptoLocker ushered in the modern era of ransomware in 2013, and the monetary losses caused by different versions of ransomware is said to be billions of dollars per year, roughly doubling every two years. Notorious attacks are WannaCry, and NotPetya. Recent high-profile threats like Ryuk, DoppelPaymer and CryptoWall are more sophisticated and have wreaked more damage than older versions. Even if your backup/recovery processes enable you to restore your ransomed data, you can still be hurt by exfiltration, where stolen data are made public (known as "doxxing"). Because new versions of ransomware are launched daily, there is no certainty that conventional signature-based anti-virus filters will detect a new attack. If an attack does appear in an email, it is important that your end users have been taught to be aware of social engineering tricks. Your last line of defense is a sound process for performing and retaining offsite backups and the deployment of reliable restoration platforms.
Ask Progent About the ProSight Ransomware Susceptibility Report in Des Moines
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Readiness Audit can bolster your protection against crypto-ransomware in Des Moines, call Progent at 800-993-9400 or visit Contact Progent.