Ransomware has been weaponized by the major cyber-crime organizations and bad-actor states, representing a potentially lethal risk to businesses that are successfully attacked. Modern variations of crypto-ransomware go after all vulnerable resources, including backup, making even partial recovery a complex and costly process. New variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Nephilim have made the headlines, replacing WannaCry, Spora, and NotPetya in prominence, sophistication, and destructive impact.
90% of ransomware breaches come from innocent-looking emails that include dangerous hyperlinks or attachments, and a high percentage are "zero-day" attacks that elude detection by traditional signature-matching antivirus filters. While user training and up-front identification are critical to protect your network against ransomware, best practices dictate that you expect that some malware will inevitably get through and that you implement a strong backup solution that allows you to recover quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service built around an online discussion with a Progent cybersecurity consultant skilled in ransomware defense and recovery. During this assessment Progent will cooperate with your Edmonton IT managers to collect pertinent information concerning your cybersecurity posture and backup processes. Progent will use this data to create a Basic Security and Best Practices Report detailing how to follow leading practices for implementing and managing your security and backup systems to block or clean up after a crypto-ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights key areas associated with crypto-ransomware prevention and restoration recovery. The report addresses:
- Correct use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall settings
- Secure Remote Desktop Protocol configuration
- Guidance for AntiVirus tools selection and configuration
The remote interview process for the ProSight Ransomware Preparedness Checkup service lasts about one hour for a typical small company and longer for bigger or more complex IT environments. The report document features recommendations for enhancing your ability to ward off or clean up after a ransomware assault and Progent can provide on-demand expertise to help your business to create an efficient cybersecurity/data backup system customized for your specific needs.
- Split permission architecture for backup integrity
- Backing up required servers such as AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a variety of malware that encrypts or steals files so they cannot be used or are publicized. Ransomware often locks the victim's computer. To avoid the carnage, the victim is required to send a certain amount of money (the ransom), usually in the form of a crypto currency like Bitcoin, within a short period of time. There is no guarantee that delivering the extortion price will recover the damaged data or prevent its exposure to the public. Files can be altered or erased throughout a network depending on the target's write permissions, and you cannot break the strong encryption technologies used on the hostage files. A typical ransomware attack vector is spoofed email, in which the target is tricked into interacting with by means of a social engineering technique known as spear phishing. This makes the email to look as though it came from a trusted source. Another common vulnerability is a poorly protected RDP port.
The ransomware variant CryptoLocker ushered in the new age of ransomware in 2013, and the damage caused by the many strains of ransomware is said to be billions of dollars annually, more than doubling every other year. Notorious attacks include WannaCry, and Petya. Recent headline variants like Ryuk, Maze and Cerber are more complex and have caused more havoc than older versions. Even if your backup procedures allow you to restore your ransomed files, you can still be hurt by exfiltration, where ransomed data are made public (known as "doxxing"). Because new variants of ransomware are launched daily, there is no certainty that conventional signature-matching anti-virus tools will detect the latest attack. If threat does show up in an email, it is important that your users have learned to identify phishing tricks. Your ultimate defense is a sound scheme for performing and keeping remote backups and the use of dependable restoration tools.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Audit in Edmonton
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Readiness Testing can bolster your defense against crypto-ransomware in Edmonton, phone Progent at 800-462-8800 or visit Contact Progent.