Ransomware has become the weapon of choice for cybercriminals and malicious governments, posing a possibly lethal threat to companies that are successfully attacked. Current strains of crypto-ransomware target all vulnerable resources, including online backup, making even partial recovery a long and expensive exercise. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Egregor have made the headlines, replacing WannaCry, TeslaCrypt, and NotPetya in notoriety, sophistication, and destructive impact.
Most ransomware penetrations come from innocuous-looking emails with malicious hyperlinks or attachments, and a high percentage are so-called "zero-day" variants that elude detection by legacy signature-matching antivirus tools. While user training and up-front identification are critical to defend against ransomware, leading practices dictate that you take for granted some attacks will eventually get through and that you put in place a solid backup solution that allows you to restore files and services rapidly with minimal losses.
Progent's ProSight Ransomware Vulnerability Report is an ultra-affordable service centered around an online interview with a Progent cybersecurity expert experienced in ransomware defense and repair. During this interview Progent will collaborate with your Edmonton network managers to gather critical information about your cybersecurity profile and backup environment. Progent will use this information to create a Basic Security and Best Practices Assessment documenting how to apply leading practices for implementing and managing your cybersecurity and backup systems to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital issues associated with ransomware prevention and restoration recovery. The review covers:
- Proper allocation and use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Proper firewall configuration
- Safe Remote Desktop Protocol (RDP) configuration
- Recommend AntiVirus tools identification and deployment
The online interview process included with the ProSight Ransomware Vulnerability Assessment service takes about an hour for the average small business network and longer for larger or more complex environments. The written report features suggestions for enhancing your ability to block or recover from a ransomware attack and Progent offers as-needed consulting services to assist your business to design and deploy a cost-effective security/backup solution customized for your specific requirements.
- Split permission architecture for backup integrity
- Protecting critical servers including AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals files so they cannot be used or are publicized. Ransomware sometimes locks the victim's computer. To avoid the damage, the target is asked to send a certain amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short period of time. It is never certain that delivering the extortion price will restore the lost data or prevent its exposure to the public. Files can be altered or erased across a network depending on the victim's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the compromised files. A common ransomware attack vector is tainted email, whereby the target is lured into interacting with by a social engineering technique known as spear phishing. This causes the email to appear to come from a familiar sender. Another popular attack vector is an improperly secured RDP port.
CryptoLocker ushered in the new age of ransomware in 2013, and the monetary losses attributed to by the many strains of ransomware is said to be billions of dollars per year, roughly doubling every two years. Notorious examples are Locky, and Petya. Recent headline variants like Ryuk, Sodinokibi and CryptoWall are more elaborate and have wreaked more damage than older versions. Even if your backup processes allow you to recover your encrypted data, you can still be threatened by so-called exfiltration, where stolen documents are exposed to the public. Because new variants of ransomware are launched every day, there is no certainty that traditional signature-matching anti-virus tools will block a new attack. If an attack does appear in an email, it is important that your end users have learned to identify phishing tricks. Your last line of defense is a sound scheme for scheduling and keeping remote backups plus the use of reliable restoration platforms.
Ask Progent About the ProSight Ransomware Readiness Assessment in Edmonton
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Vulnerability Assessment can enhance your defense against ransomware in Edmonton, call Progent at 800-462-8800 or see Contact Progent.