Ransomware has been weaponized by cyber extortionists and malicious states, posing a possibly existential threat to companies that are successfully attacked. The latest versions of crypto-ransomware target everything, including online backup, making even selective recovery a challenging and expensive exercise. New variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Nephilim have emerged, displacing Locky, Spora, and Petya in notoriety, elaborateness, and destructive impact.
Most crypto-ransomware infections come from innocent-seeming emails that have malicious hyperlinks or attachments, and a high percentage are "zero-day" strains that can escape detection by legacy signature-based antivirus (AV) filters. Although user training and frontline identification are critical to protect against ransomware, leading practices demand that you expect that some malware will eventually get through and that you deploy a solid backup mechanism that allows you to recover rapidly with little if any losses.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service built around an online interview with a Progent cybersecurity expert skilled in ransomware protection and repair. In the course of this assessment Progent will work with your Des Moines network management staff to collect critical data concerning your cybersecurity setup and backup environment. Progent will use this information to produce a Basic Security and Best Practices Report detailing how to follow leading practices for implementing and administering your cybersecurity and backup systems to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital areas associated with ransomware defense and restoration recovery. The review covers:
- Proper use of admin accounts
- Correct NTFS and SMB (Server Message Block) permissions
- Proper firewall settings
- Safe Remote Desktop Protocol (RDP) configuration
- Advice about AntiVirus filtering identification and configuration
The online interview for the ProSight Ransomware Vulnerability Checkup service takes about an hour for the average small company and longer for bigger or more complex IT environments. The report document features suggestions for improving your ability to ward off or clean up after a ransomware assault and Progent can provide as-needed consulting services to assist you to design and deploy an efficient security/backup solution tailored to your business needs.
- Split permission model for backup integrity
- Backing up key servers such as Active Directory
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a type of malware that encrypts or deletes files so they are unusable or are made publicly available. Crypto-ransomware sometimes locks the victim's computer. To avoid the damage, the target is asked to pay a specified amount of money, usually via a crypto currency such as Bitcoin, within a short period of time. There is no guarantee that paying the ransom will recover the lost files or prevent its publication. Files can be encrypted or deleted throughout a network depending on the target's write permissions, and you cannot reverse engineer the strong encryption technologies used on the hostage files. A typical ransomware attack vector is booby-trapped email, whereby the victim is tricked into responding to by a social engineering technique known as spear phishing. This causes the email to look as though it came from a trusted sender. Another common attack vector is a poorly protected Remote Desktop Protocol port.
CryptoLocker opened the modern era of crypto-ransomware in 2013, and the monetary losses caused by different strains of ransomware is said to be billions of dollars annually, roughly doubling every other year. Famous examples include WannaCry, and NotPetya. Recent high-profile variants like Ryuk, Sodinokibi and Cerber are more sophisticated and have caused more havoc than earlier versions. Even if your backup/recovery procedures enable you to restore your encrypted data, you can still be threatened by so-called exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new versions of ransomware crop up daily, there is no guarantee that conventional signature-matching anti-virus filters will block the latest malware. If an attack does show up in an email, it is critical that your users have learned to identify phishing tricks. Your last line of defense is a sound scheme for performing and retaining offsite backups plus the deployment of reliable recovery platforms.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Checkup in Des Moines
For pricing information and to learn more about how Progent's ProSight Ransomware Vulnerability Review can bolster your defense against ransomware in Des Moines, call Progent at 800-462-8800 or see Contact Progent.