Ransomware has become the weapon of choice for cybercriminals and rogue governments, representing a potentially lethal threat to businesses that are breached. Modern variations of crypto-ransomware target everything, including online backup, making even selective recovery a complex and costly exercise. Novel variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, LockBit and Nephilim have made the headlines, displacing Locky, TeslaCrypt, and NotPetya in notoriety, elaborateness, and destructiveness.
Most ransomware infections are caused by innocent-seeming emails with malicious hyperlinks or file attachments, and a high percentage are so-called "zero-day" attacks that can escape detection by legacy signature-matching antivirus (AV) tools. Although user education and frontline identification are important to protect against ransomware attacks, leading practices demand that you expect that some malware will eventually get through and that you prepare a strong backup mechanism that enables you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Report is an ultra-affordable service centered around an online interview with a Progent security consultant skilled in ransomware protection and repair. In the course of this assessment Progent will work with your Edmonton network management staff to gather pertinent information about your cybersecurity configuration and backup environment. Progent will utilize this information to generate a Basic Security and Best Practices Assessment documenting how to apply best practices for configuring and administering your security and backup solution to block or recover from a ransomware attack.
Progent's Basic Security and Best Practices Report focuses on key areas associated with crypto-ransomware defense and restoration recovery. The report covers:
- Correct use of admin accounts
- Correct NTFS and SMB (Server Message Block) authorizations
- Proper firewall setup
- Secure Remote Desktop Protocol configuration
- Recommend AntiVirus (AV) tools identification and deployment
The remote interview for the ProSight Ransomware Preparedness Checkup service lasts about one hour for the average small company and longer for larger or more complex environments. The written report features recommendations for improving your ability to ward off or clean up after a ransomware attack and Progent offers as-needed consulting services to help your business to create an efficient security/data backup solution customized for your business needs.
- Split permission model for backup integrity
- Backing up required servers including AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or deletes files so they are unusable or are made publicly available. Crypto-ransomware often locks the victim's computer. To prevent the carnage, the target is asked to send a certain ransom, typically in the form of a crypto currency like Bitcoin, within a brief period of time. It is never certain that paying the ransom will recover the lost data or avoid its publication. Files can be altered or erased throughout a network depending on the victim's write permissions, and you cannot solve the military-grade encryption technologies used on the compromised files. A typical ransomware attack vector is tainted email, in which the target is tricked into interacting with by a social engineering technique known as spear phishing. This makes the email to look as though it came from a familiar sender. Another common vulnerability is a poorly protected RDP port.
CryptoLocker opened the modern era of crypto-ransomware in 2013, and the damage caused by the many strains of ransomware is estimated at billions of dollars annually, more than doubling every two years. Famous examples include WannaCry, and NotPetya. Current headline threats like Ryuk, DoppelPaymer and CryptoWall are more sophisticated and have caused more havoc than earlier strains. Even if your backup processes permit your business to restore your ransomed files, you can still be hurt by so-called exfiltration, where ransomed documents are exposed to the public. Because additional variants of ransomware are launched daily, there is no certainty that traditional signature-matching anti-virus filters will block a new malware. If an attack does show up in an email, it is important that your users have been taught to be aware of phishing tricks. Your ultimate defense is a sound scheme for scheduling and retaining offsite backups plus the deployment of dependable restoration platforms.
Contact Progent About the ProSight Ransomware Susceptibility Audit in Edmonton
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Preparedness Testing can enhance your defense against ransomware in Edmonton, call Progent at 800-462-8800 or see Contact Progent.