Ransomware has been weaponized by the major cyber-crime organizations and rogue states, representing a possibly lethal threat to companies that are victimized. The latest versions of crypto-ransomware target everything, including online backup, making even selective restoration a complex and expensive exercise. Novel versions of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, LockBit and Egregor have emerged, displacing WannaCry, Spora, and Petya in notoriety, sophistication, and destructive impact.
90% of crypto-ransomware penetrations come from innocuous-seeming emails that include dangerous hyperlinks or file attachments, and a high percentage are so-called "zero-day" attacks that can escape the defenses of legacy signature-matching antivirus (AV) filters. Although user education and up-front identification are critical to protect against ransomware, best practices demand that you take for granted some attacks will inevitably get through and that you put in place a strong backup solution that permits you to recover rapidly with little if any damage.
Progent's ProSight Ransomware Preparedness Assessment is an ultra-affordable service centered around a remote interview with a Progent cybersecurity consultant experienced in ransomware protection and recovery. During this interview Progent will work directly with your Edmonton network management staff to collect critical information about your cybersecurity configuration and backup processes. Progent will utilize this information to create a Basic Security and Best Practices Report documenting how to apply best practices for configuring and administering your security and backup systems to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital issues related to ransomware defense and restoration recovery. The report covers:
- Correct allocation and use of admin accounts
- Correct NTFS (New Technology File System) and SMB permissions
- Optimal firewall setup
- Safe Remote Desktop Protocol configuration
- Advice about AntiVirus filtering selection and deployment
The online interview included with the ProSight Ransomware Vulnerability Assessment service takes about one hour for a typical small business network and longer for larger or more complicated IT environments. The written report includes recommendations for improving your ability to ward off or recover from a ransomware assault and Progent can provide on-demand consulting services to help your business to create a cost-effective cybersecurity/backup system customized for your specific needs.
- Split permission model for backup protection
- Backing up critical servers such as Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Crypto-ransomware often locks the victim's computer. To prevent the damage, the victim is asked to pay a specified ransom, usually in the form of a crypto currency such as Bitcoin, within a brief period of time. It is never certain that delivering the ransom will recover the lost files or prevent its publication. Files can be altered or deleted across a network based on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A typical ransomware attack vector is tainted email, in which the target is lured into interacting with by means of a social engineering technique known as spear phishing. This makes the email to look as though it came from a familiar sender. Another popular vulnerability is an improperly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage attributed to by the many versions of ransomware is estimated at billions of dollars per year, more than doubling every other year. Famous examples are Locky, and NotPetya. Current headline threats like Ryuk, DoppelPaymer and Spora are more elaborate and have caused more damage than older strains. Even if your backup procedures permit you to recover your encrypted files, you can still be threatened by exfiltration, where ransomed documents are exposed to the public. Because additional variants of ransomware crop up daily, there is no certainty that conventional signature-based anti-virus filters will block the latest attack. If an attack does appear in an email, it is critical that your users have learned to be aware of phishing techniques. Your ultimate protection is a sound process for scheduling and retaining offsite backups plus the deployment of reliable restoration tools.
Ask Progent About the ProSight Ransomware Susceptibility Consultation in Edmonton
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Readiness Audit can enhance your defense against ransomware in Edmonton, call Progent at 800-462-8800 or see Contact Progent.