Ransomware has been weaponized by the major cyber-crime organizations and rogue governments, representing a potentially lethal risk to companies that are successfully attacked. The latest strains of crypto-ransomware target all vulnerable resources, including online backup, making even partial restoration a long and costly exercise. New strains of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Nephilim have emerged, displacing Locky, Spora, and NotPetya in notoriety, sophistication, and destructiveness.
90% of crypto-ransomware penetrations come from innocuous-seeming emails with dangerous hyperlinks or file attachments, and many are "zero-day" variants that can escape detection by legacy signature-matching antivirus (AV) filters. While user education and up-front detection are critical to defend your network against ransomware attacks, leading practices dictate that you expect that some attacks will inevitably get through and that you put in place a solid backup mechanism that enables you to repair the damage rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service centered around an online discussion with a Progent security consultant skilled in ransomware protection and recovery. In the course of this assessment Progent will cooperate directly with your Des Moines IT management staff to collect critical data concerning your security profile and backup processes. Progent will use this information to generate a Basic Security and Best Practices Assessment detailing how to follow leading practices for configuring and administering your security and backup systems to prevent or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key issues related to crypto-ransomware prevention and restoration recovery. The report covers:
- Effective use of administration accounts
- Appropriate NTFS and SMB permissions
- Optimal firewall settings
- Safe Remote Desktop Protocol access
- Advice about AntiVirus (AV) tools identification and deployment
The remote interview process for the ProSight Ransomware Vulnerability Checkup service takes about one hour for the average small company and requires more time for larger or more complicated IT environments. The written report features suggestions for improving your ability to block or recover from a ransomware attack and Progent offers on-demand expertise to help you to create an efficient cybersecurity/data backup solution tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting critical servers such as Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals a victim's files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the victim's computer. To avoid the carnage, the victim is required to send a certain ransom, typically in the form of a crypto currency such as Bitcoin, within a short time window. There is no guarantee that delivering the extortion price will recover the damaged data or avoid its publication. Files can be altered or erased across a network based on the target's write permissions, and you cannot break the strong encryption technologies used on the compromised files. A typical ransomware attack vector is tainted email, whereby the target is lured into responding to by means of a social engineering technique called spear phishing. This makes the email message to appear to come from a trusted sender. Another popular vulnerability is an improperly protected RDP port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the damage caused by different strains of ransomware is said to be billions of dollars per year, roughly doubling every other year. Famous examples are Locky, and Petya. Recent headline variants like Ryuk, DoppelPaymer and Spora are more elaborate and have wreaked more havoc than older versions. Even if your backup procedures enable your business to recover your ransomed files, you can still be threatened by exfiltration, where stolen data are made public. Because new variants of ransomware are launched every day, there is no certainty that conventional signature-matching anti-virus tools will block the latest malware. If threat does appear in an email, it is critical that your users have been taught to identify social engineering tricks. Your last line of protection is a solid scheme for performing and retaining remote backups plus the deployment of reliable restoration tools.
Contact Progent About the ProSight Crypto-Ransomware Susceptibility Report in Des Moines
For pricing details and to learn more about how Progent's ProSight Ransomware Readiness Evaluation can bolster your protection against crypto-ransomware in Des Moines, call Progent at 800-462-8800 or visit Contact Progent.