Ransomware has been weaponized by the major cyber-crime organizations and bad-actor states, posing a possibly existential risk to businesses that are breached. Current variations of ransomware go after everything, including online backup, making even selective recovery a challenging and costly process. Novel versions of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Nephilim have made the headlines, replacing WannaCry, Cerber, and Petya in prominence, sophistication, and destructive impact.
90% of crypto-ransomware breaches are caused by innocent-looking emails that have malicious links or file attachments, and many are so-called "zero-day" attacks that elude detection by legacy signature-based antivirus (AV) filters. Although user training and up-front identification are critical to defend your network against ransomware, best practices demand that you expect that some malware will inevitably succeed and that you implement a solid backup mechanism that allows you to repair the damage quickly with little if any damage.
Progent's ProSight Ransomware Vulnerability Checkup is an ultra-affordable service built around a remote interview with a Progent security consultant experienced in ransomware protection and repair. In the course of this assessment Progent will work with your Florianópolis IT management staff to collect pertinent data concerning your security profile and backup environment. Progent will utilize this data to create a Basic Security and Best Practices Report documenting how to apply leading practices for implementing and administering your cybersecurity and backup solution to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights key issues associated with ransomware defense and restoration recovery. The review covers:
- Effective allocation and use of administration accounts
- Appropriate NTFS (New Technology File System) and SMB permissions
- Optimal firewall settings
- Safe Remote Desktop Protocol configuration
- Advice about AntiVirus tools selection and configuration
The remote interview included with the ProSight Ransomware Preparedness Assessment service lasts about one hour for a typical small business and longer for larger or more complicated environments. The report document includes suggestions for enhancing your ability to ward off or clean up after a ransomware attack and Progent can provide on-demand consulting services to help your business to create an efficient cybersecurity/data backup system tailored to your business requirements.
- Split permission model for backup integrity
- Backing up critical servers including AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a type of malware that encrypts or deletes a victim's files so they cannot be used or are made publicly available. Ransomware sometimes locks the target's computer. To avoid the damage, the victim is asked to pay a specified amount of money (the ransom), usually via a crypto currency like Bitcoin, within a short period of time. It is not guaranteed that paying the extortion price will restore the lost files or avoid its publication. Files can be encrypted or erased throughout a network based on the victim's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A typical ransomware delivery package is booby-trapped email, whereby the target is lured into responding to by means of a social engineering technique called spear phishing. This causes the email message to look as though it came from a trusted source. Another common attack vector is an improperly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses attributed to by different strains of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Notorious attacks are Locky, and NotPetya. Recent high-profile variants like Ryuk, Sodinokibi and Spora are more complex and have caused more damage than older versions. Even if your backup/recovery processes permit your business to restore your encrypted data, you can still be hurt by so-called exfiltration, where stolen documents are exposed to the public. Because new variants of ransomware are launched daily, there is no certainty that traditional signature-matching anti-virus filters will block the latest malware. If threat does appear in an email, it is critical that your users have been taught to be aware of phishing tricks. Your last line of defense is a sound scheme for performing and keeping remote backups and the use of dependable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Readiness Testing in Florianópolis
For pricing information and to find out more about how Progent's ProSight Ransomware Preparedness Report can enhance your protection against ransomware in Florianópolis, phone Progent at 800-462-8800 or visit Contact Progent.