Ransomware has become the weapon of choice for the major cyber-crime organizations and malicious states, posing a possibly lethal risk to businesses that are victimized. Modern strains of crypto-ransomware target everything, including online backup, making even selective recovery a long and costly exercise. Novel variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Snatch and Nephilim have emerged, replacing Locky, Cerber, and Petya in prominence, elaborateness, and destructive impact.
Most ransomware infections come from innocuous-seeming emails that have dangerous hyperlinks or file attachments, and a high percentage are "zero-day" strains that can escape detection by legacy signature-based antivirus (AV) filters. Although user education and frontline detection are critical to protect your network against ransomware, best practices dictate that you assume some malware will eventually get through and that you deploy a solid backup mechanism that allows you to recover rapidly with little if any damage.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service built around a remote interview with a Progent security consultant skilled in ransomware protection and repair. In the course of this interview Progent will cooperate directly with your Durham IT managers to gather pertinent data about your security posture and backup processes. Progent will use this data to generate a Basic Security and Best Practices Report detailing how to apply leading practices for configuring and managing your cybersecurity and backup systems to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on vital areas associated with ransomware defense and restoration recovery. The review covers:
- Effective use of administration accounts
- Assigning NTFS and SMB authorizations
- Optimal firewall setup
- Secure Remote Desktop Protocol configuration
- Recommend AntiVirus tools identification and deployment
The online interview for the ProSight Ransomware Vulnerability Report service takes about one hour for a typical small company and requires more time for bigger or more complex IT environments. The written report features suggestions for enhancing your ability to ward off or recover from a ransomware attack and Progent can provide on-demand expertise to help you and your IT staff to create an efficient security/backup system customized for your specific requirements.
- Split permission architecture for backup protection
- Backing up key servers including AD
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or deletes files so they cannot be used or are made publicly available. Ransomware often locks the target's computer. To prevent the carnage, the victim is asked to send a specified amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a short time window. It is not guaranteed that paying the ransom will recover the damaged data or prevent its exposure to the public. Files can be encrypted or erased throughout a network depending on the target's write permissions, and you cannot reverse engineer the military-grade encryption technologies used on the compromised files. A typical ransomware attack vector is spoofed email, in which the victim is tricked into interacting with by a social engineering exploit called spear phishing. This makes the email to appear to come from a familiar source. Another common vulnerability is an improperly secured RDP port.
CryptoLocker opened the modern era of crypto-ransomware in 2013, and the monetary losses caused by different versions of ransomware is estimated at billions of dollars annually, more than doubling every two years. Famous examples include WannaCry, and NotPetya. Recent headline threats like Ryuk, Sodinokibi and TeslaCrypt are more complex and have wreaked more havoc than earlier strains. Even if your backup processes enable you to recover your ransomed files, you can still be hurt by exfiltration, where ransomed documents are made public. Because new versions of ransomware crop up daily, there is no certainty that conventional signature-matching anti-virus tools will block the latest malware. If threat does show up in an email, it is important that your users have learned to be aware of phishing tricks. Your last line of defense is a solid process for scheduling and retaining remote backups and the deployment of reliable recovery tools.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Testing in Durham
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Vulnerability Audit can bolster your protection against crypto-ransomware in Durham, call Progent at 800-462-8800 or visit Contact Progent.