Ransomware has been weaponized by the major cyber-crime organizations and rogue governments, representing a potentially existential threat to businesses that fall victim. Modern variations of ransomware go after all vulnerable resources, including online backup, making even selective recovery a complex and costly process. Novel versions of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Lockbit and Egregor have made the headlines, displacing Locky, TeslaCrypt, and Petya in notoriety, elaborateness, and destructive impact.
90% of crypto-ransomware infections are caused by innocent-looking emails that have malicious hyperlinks or attachments, and a high percentage are so-called "zero-day" strains that elude the defenses of traditional signature-matching antivirus (AV) filters. While user training and frontline identification are critical to defend your network against ransomware attacks, leading practices dictate that you expect that some malware will inevitably succeed and that you prepare a solid backup solution that allows you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around a remote interview with a Progent security expert skilled in ransomware protection and recovery. In the course of this assessment Progent will collaborate with your Edmonton IT managers to gather pertinent information about your security setup and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Assessment documenting how to adhere to leading practices for implementing and managing your cybersecurity and backup solution to prevent or recover from a ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights key areas associated with crypto-ransomware prevention and restoration recovery. The review covers:
- Proper use of administration accounts
- Correct NTFS and SMB (Server Message Block) authorizations
- Optimal firewall configuration
- Secure Remote Desktop Protocol (RDP) connections
- Guidance for AntiVirus tools identification and configuration
The online interview for the ProSight Ransomware Vulnerability Report service lasts about an hour for the average small business and longer for larger or more complex environments. The report document includes suggestions for improving your ability to ward off or clean up after a ransomware incident and Progent can provide as-needed consulting services to help you to create a cost-effective cybersecurity/backup system customized for your specific requirements.
- Split permission model for backup integrity
- Protecting required servers such as AD
- Offsite backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or deletes files so they cannot be used or are made publicly available. Ransomware sometimes locks the target's computer. To avoid the damage, the victim is asked to pay a certain ransom, usually in the form of a crypto currency such as Bitcoin, within a brief period of time. There is no guarantee that paying the ransom will restore the lost data or prevent its publication. Files can be altered or deleted throughout a network based on the victim's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the compromised files. A common ransomware delivery package is booby-trapped email, whereby the target is tricked into responding to by means of a social engineering technique known as spear phishing. This makes the email message to look as though it came from a familiar source. Another common vulnerability is a poorly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the monetary losses caused by the many versions of ransomware is said to be billions of dollars annually, more than doubling every two years. Famous attacks are Locky, and Petya. Recent high-profile variants like Ryuk, Maze and CryptoWall are more elaborate and have caused more damage than older strains. Even if your backup/recovery procedures permit your business to restore your ransomed files, you can still be hurt by exfiltration, where ransomed documents are exposed to the public (known as "doxxing"). Because new versions of ransomware crop up daily, there is no certainty that conventional signature-matching anti-virus tools will detect a new attack. If threat does appear in an email, it is important that your users have been taught to be aware of phishing techniques. Your last line of defense is a sound process for scheduling and retaining offsite backups plus the use of reliable restoration tools.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Evaluation in Edmonton
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Consultation can enhance your defense against crypto-ransomware in Edmonton, phone Progent at 800-462-8800 or see Contact Progent.