Ransomware has become the weapon of choice for cyber extortionists and malicious governments, posing a potentially lethal threat to businesses that are successfully attacked. Modern variations of crypto-ransomware target everything, including backup, making even selective restoration a challenging and costly process. Novel versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Nephilim have emerged, displacing Locky, TeslaCrypt, and Petya in notoriety, sophistication, and destructiveness.
Most ransomware penetrations come from innocuous-looking emails that have dangerous hyperlinks or file attachments, and a high percentage are so-called "zero-day" attacks that elude detection by legacy signature-matching antivirus (AV) filters. Although user training and up-front identification are critical to protect against ransomware, leading practices dictate that you assume some malware will inevitably get through and that you implement a solid backup mechanism that enables you to recover rapidly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service centered around a remote discussion with a Progent security consultant skilled in ransomware defense and recovery. During this interview Progent will collaborate directly with your Durham IT managers to collect critical information about your security configuration and backup processes. Progent will use this data to generate a Basic Security and Best Practices Assessment detailing how to adhere to leading practices for configuring and administering your security and backup solution to block or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital areas related to crypto-ransomware defense and restoration recovery. The review addresses:
- Correct use of administration accounts
- Correct NTFS (New Technology File System) and SMB authorizations
- Optimal firewall setup
- Safe RDP connections
- Recommend AntiVirus (AV) filtering selection and configuration
The remote interview included with the ProSight Ransomware Vulnerability Checkup service takes about one hour for the average small company and longer for bigger or more complex environments. The written report contains suggestions for enhancing your ability to block or clean up after a ransomware incident and Progent can provide as-needed expertise to assist your business to design and deploy a cost-effective security/backup solution tailored to your specific needs.
- Split permission model for backup protection
- Protecting critical servers such as AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a form of malicious software that encrypts or deletes a victim's files so they cannot be used or are made publicly available. Crypto-ransomware often locks the target's computer. To prevent the carnage, the target is required to pay a specified ransom, typically in the form of a crypto currency like Bitcoin, within a brief period of time. There is no guarantee that paying the ransom will restore the damaged data or avoid its publication. Files can be encrypted or erased throughout a network depending on the target's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the hostage files. A typical ransomware attack vector is spoofed email, whereby the victim is lured into responding to by a social engineering technique called spear phishing. This causes the email to appear to come from a familiar sender. Another common attack vector is an improperly secured RDP port.
The ransomware variant CryptoLocker opened the modern era of crypto-ransomware in 2013, and the monetary losses attributed to by the many versions of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Famous attacks include Locky, and NotPetya. Recent high-profile threats like Ryuk, Maze and Cerber are more sophisticated and have caused more damage than earlier strains. Even if your backup/recovery processes permit your business to recover your encrypted files, you can still be threatened by so-called exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new versions of ransomware crop up daily, there is no guarantee that conventional signature-based anti-virus filters will detect the latest attack. If an attack does appear in an email, it is critical that your users have learned to identify social engineering tricks. Your ultimate defense is a solid process for scheduling and retaining remote backups plus the use of dependable restoration platforms.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Checkup in Durham
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Testing can bolster your defense against crypto-ransomware in Durham, phone Progent at 800-462-8800 or visit Contact Progent.