Ransomware has become the weapon of choice for the major cyber-crime organizations and bad-actor governments, posing a potentially existential risk to businesses that fall victim. Modern variations of ransomware target all vulnerable resources, including backup, making even partial restoration a long and expensive exercise. Novel strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Snatch and Egregor have emerged, displacing WannaCry, Spora, and CryptoWall in prominence, elaborateness, and destructiveness.
Most ransomware penetrations are the result of innocent-seeming emails that include dangerous links or file attachments, and many are so-called "zero-day" variants that can escape detection by legacy signature-based antivirus (AV) filters. Although user training and up-front detection are important to protect your network against ransomware, best practices dictate that you expect that some attacks will eventually succeed and that you deploy a strong backup solution that allows you to recover rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service built around an online discussion with a Progent security consultant skilled in ransomware protection and recovery. In the course of this assessment Progent will collaborate with your Fort Collins network managers to collect critical data about your security profile and backup processes. Progent will utilize this data to generate a Basic Security and Best Practices Report documenting how to apply best practices for implementing and administering your security and backup solution to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Report highlights key areas related to crypto-ransomware defense and restoration recovery. The report covers:
- Proper allocation and use of admin accounts
- Assigning NTFS (New Technology File System) and SMB permissions
- Optimal firewall configuration
- Secure RDP configuration
- Recommend AntiVirus filtering selection and configuration
The remote interview process included with the ProSight Ransomware Preparedness Assessment service takes about one hour for the average small company and longer for bigger or more complicated IT environments. The written report contains suggestions for improving your ability to ward off or clean up after a ransomware assault and Progent offers on-demand expertise to assist you and your IT staff to design and deploy an efficient security/data backup solution customized for your business requirements.
- Split permission model for backup protection
- Backing up key servers such as AD
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To avoid the damage, the victim is required to send a certain amount of money (the ransom), typically in the form of a crypto currency like Bitcoin, within a brief period of time. It is not guaranteed that delivering the extortion price will recover the lost files or prevent its publication. Files can be altered or erased throughout a network based on the target's write permissions, and you cannot solve the strong encryption technologies used on the hostage files. A typical ransomware attack vector is booby-trapped email, in which the target is lured into responding to by a social engineering exploit called spear phishing. This makes the email message to look as though it came from a familiar sender. Another popular attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the damage attributed to by different strains of ransomware is estimated at billions of dollars per year, more than doubling every other year. Notorious attacks include WannaCry, and NotPetya. Recent high-profile variants like Ryuk, Maze and Cerber are more complex and have caused more damage than older versions. Even if your backup procedures allow your business to restore your ransomed data, you can still be hurt by exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because additional variants of ransomware are launched every day, there is no guarantee that conventional signature-matching anti-virus tools will block the latest malware. If an attack does show up in an email, it is important that your end users have learned to be aware of social engineering tricks. Your ultimate defense is a sound process for performing and keeping offsite backups and the use of dependable recovery platforms.
Contact Progent About the ProSight Ransomware Readiness Checkup in Fort Collins
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Vulnerability Testing can enhance your protection against ransomware in Fort Collins, phone Progent at 800-993-9400 or see Contact Progent.