Ransomware has been weaponized by cyber extortionists and malicious governments, posing a possibly existential threat to businesses that are breached. Modern versions of crypto-ransomware go after all vulnerable resources, including online backup, making even partial recovery a complex and costly exercise. New variations of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Snatch and Nephilim have emerged, replacing Locky, Spora, and Petya in prominence, elaborateness, and destructiveness.
Most crypto-ransomware infections are the result of innocent-looking emails that include dangerous hyperlinks or file attachments, and a high percentage are so-called "zero-day" strains that elude the defenses of traditional signature-matching antivirus tools. While user training and frontline identification are important to defend against ransomware attacks, leading practices dictate that you take for granted some malware will inevitably succeed and that you put in place a strong backup solution that allows you to repair the damage quickly with minimal damage.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service built around a remote discussion with a Progent cybersecurity consultant experienced in ransomware defense and recovery. During this interview Progent will cooperate with your Detroit IT management staff to gather critical information concerning your cybersecurity configuration and backup processes. Progent will use this information to produce a Basic Security and Best Practices Assessment detailing how to follow leading practices for implementing and managing your security and backup solution to prevent or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key areas related to ransomware prevention and restoration recovery. The report addresses:
- Correct allocation and use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Optimal firewall setup
- Safe RDP connections
- Recommend AntiVirus tools identification and deployment
The remote interview process for the ProSight Ransomware Preparedness Checkup service takes about an hour for the average small company and requires more time for larger or more complex IT environments. The report document features suggestions for improving your ability to block or clean up after a ransomware attack and Progent can provide on-demand consulting services to help you and your IT staff to create an efficient cybersecurity/backup solution customized for your specific requirements.
- Split permission model for backup protection
- Protecting critical servers including AD
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a variety of malware that encrypts or steals a victim's files so they cannot be used or are made publicly available. Ransomware sometimes locks the target's computer. To avoid the damage, the target is required to pay a certain amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short time window. It is never certain that delivering the extortion price will restore the lost files or prevent its publication. Files can be altered or deleted throughout a network based on the victim's write permissions, and you cannot reverse engineer the strong encryption technologies used on the compromised files. A common ransomware attack vector is spoofed email, whereby the user is tricked into interacting with by a social engineering exploit called spear phishing. This makes the email to appear to come from a familiar source. Another common vulnerability is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the damage caused by the many strains of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Notorious attacks are WannaCry, and Petya. Recent headline variants like Ryuk, DoppelPaymer and CryptoWall are more complex and have caused more havoc than earlier strains. Even if your backup/recovery processes permit your business to recover your encrypted files, you can still be threatened by so-called exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because additional versions of ransomware crop up every day, there is no guarantee that conventional signature-matching anti-virus filters will block the latest malware. If threat does appear in an email, it is critical that your users have learned to identify phishing techniques. Your ultimate defense is a sound process for scheduling and keeping offsite backups and the use of dependable restoration platforms.
Contact Progent About the ProSight Ransomware Readiness Review in Detroit
For pricing details and to find out more about how Progent's ProSight Ransomware Readiness Assessment can bolster your defense against crypto-ransomware in Detroit, call Progent at 800-462-8800 or visit Contact Progent.