Ransomware has been weaponized by cyber extortionists and malicious governments, representing a possibly existential threat to businesses that are successfully attacked. Current variations of crypto-ransomware go after everything, including backup, making even partial restoration a challenging and expensive exercise. Novel strains of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Egregor have made the headlines, replacing Locky, Spora, and CryptoWall in prominence, elaborateness, and destructive impact.
90% of crypto-ransomware penetrations are caused by innocuous-seeming emails that have dangerous hyperlinks or file attachments, and many are so-called "zero-day" variants that elude detection by legacy signature-matching antivirus filters. Although user education and up-front detection are important to protect against ransomware attacks, best practices dictate that you expect that some attacks will inevitably succeed and that you deploy a solid backup solution that permits you to recover quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service built around an online interview with a Progent cybersecurity expert skilled in ransomware protection and recovery. During this interview Progent will collaborate directly with your Detroit IT management staff to collect critical information about your security posture and backup processes. Progent will use this information to generate a Basic Security and Best Practices Assessment documenting how to follow best practices for implementing and administering your cybersecurity and backup solution to prevent or clean up after a crypto-ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights vital issues related to ransomware prevention and restoration recovery. The review covers:
- Correct allocation and use of administration accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall settings
- Safe RDP access
- Advice about AntiVirus filtering identification and deployment
The online interview included with the ProSight Ransomware Preparedness Checkup service lasts about one hour for a typical small business and longer for larger or more complex IT environments. The written report includes recommendations for improving your ability to block or clean up after a ransomware attack and Progent offers on-demand consulting services to help your business to create an efficient security/data backup system tailored to your business requirements.
- Split permission architecture for backup protection
- Protecting key servers including AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they cannot be used or are publicized. Ransomware sometimes locks the target's computer. To prevent the carnage, the victim is asked to pay a specified ransom, usually via a crypto currency like Bitcoin, within a short time window. It is never certain that delivering the extortion price will recover the damaged data or avoid its exposure to the public. Files can be encrypted or erased across a network based on the victim's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the hostage files. A typical ransomware delivery package is spoofed email, in which the target is lured into interacting with by means of a social engineering technique known as spear phishing. This causes the email to look as though it came from a trusted source. Another popular attack vector is a poorly protected Remote Desktop Protocol port.
CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the monetary losses attributed to by the many strains of ransomware is said to be billions of dollars annually, more than doubling every two years. Famous attacks are WannaCry, and Petya. Recent high-profile variants like Ryuk, DoppelPaymer and Cerber are more complex and have wreaked more damage than earlier strains. Even if your backup/recovery procedures permit your business to restore your ransomed data, you can still be hurt by exfiltration, where ransomed data are exposed to the public. Because new variants of ransomware are launched every day, there is no guarantee that traditional signature-matching anti-virus tools will detect the latest malware. If an attack does show up in an email, it is important that your users have been taught to be aware of phishing techniques. Your ultimate defense is a solid process for performing and retaining offsite backups and the use of dependable recovery platforms.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Testing in Detroit
For pricing information and to learn more about how Progent's ProSight Ransomware Readiness Testing can bolster your defense against ransomware in Detroit, call Progent at 800-462-8800 or see Contact Progent.