Ransomware has become the weapon of choice for cybercriminals and malicious states, representing a possibly existential risk to companies that are breached. Modern versions of ransomware target all vulnerable resources, including online backup, making even partial restoration a long and costly exercise. New strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, LockBit and Egregor have made the headlines, displacing Locky, Cerber, and NotPetya in prominence, elaborateness, and destructiveness.
90% of ransomware breaches are the result of innocuous-looking emails that include dangerous links or file attachments, and many are so-called "zero-day" variants that elude the defenses of legacy signature-matching antivirus (AV) filters. While user training and frontline detection are critical to defend against ransomware, best practices demand that you expect that some attacks will eventually get through and that you prepare a strong backup solution that enables you to restore files and services rapidly with little if any losses.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service centered around an online interview with a Progent security consultant experienced in ransomware defense and recovery. During this interview Progent will collaborate with your Durham network managers to collect critical information about your cybersecurity configuration and backup environment. Progent will use this information to produce a Basic Security and Best Practices Report documenting how to adhere to best practices for configuring and managing your cybersecurity and backup solution to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report highlights key issues associated with crypto-ransomware defense and restoration recovery. The report covers:
- Effective allocation and use of administration accounts
- Correct NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Proper firewall configuration
- Secure RDP access
- Guidance for AntiVirus filtering identification and configuration
The remote interview included with the ProSight Ransomware Preparedness Report service takes about one hour for the average small business and requires more time for bigger or more complicated environments. The report document contains suggestions for enhancing your ability to ward off or clean up after a ransomware incident and Progent offers as-needed expertise to help your business to create an efficient cybersecurity/backup system tailored to your specific requirements.
- Split permission model for backup protection
- Protecting key servers such as Active Directory
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or deletes files so they are unusable or are publicized. Ransomware sometimes locks the victim's computer. To prevent the damage, the target is required to pay a certain amount of money (the ransom), typically in the form of a crypto currency such as Bitcoin, within a brief period of time. There is no guarantee that delivering the ransom will restore the lost data or avoid its publication. Files can be encrypted or deleted across a network depending on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the hostage files. A common ransomware attack vector is booby-trapped email, whereby the victim is lured into responding to by means of a social engineering exploit known as spear phishing. This causes the email message to appear to come from a trusted sender. Another common attack vector is a poorly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the modern era of ransomware in 2013, and the damage caused by different strains of ransomware is said to be billions of dollars annually, more than doubling every other year. Notorious attacks include Locky, and Petya. Recent high-profile threats like Ryuk, Sodinokibi and TeslaCrypt are more complex and have wreaked more damage than earlier strains. Even if your backup processes enable your business to restore your ransomed data, you can still be hurt by exfiltration, where ransomed documents are made public (known as "doxxing"). Because new variants of ransomware crop up daily, there is no certainty that conventional signature-based anti-virus filters will detect a new attack. If threat does show up in an email, it is important that your users have been taught to be aware of social engineering tricks. Your ultimate protection is a sound scheme for scheduling and retaining remote backups and the use of dependable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Checkup in Durham
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Vulnerability Checkup can bolster your protection against ransomware in Durham, phone Progent at 800-462-8800 or see Contact Progent.