Ransomware has become the weapon of choice for the major cyber-crime organizations and malicious states, posing a potentially lethal threat to companies that are breached. The latest variations of ransomware target all vulnerable resources, including online backup, making even partial restoration a long and costly exercise. Novel strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, LockBit and Nephilim have emerged, replacing WannaCry, TeslaCrypt, and Petya in notoriety, sophistication, and destructiveness.
90% of crypto-ransomware breaches are the result of innocuous-seeming emails that include dangerous hyperlinks or file attachments, and a high percentage are "zero-day" variants that elude the defenses of traditional signature-matching antivirus filters. While user education and up-front detection are important to defend your network against ransomware attacks, leading practices dictate that you assume some attacks will eventually get through and that you deploy a solid backup solution that allows you to restore files and services rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Checkup is an ultra-affordable service built around an online interview with a Progent security consultant skilled in ransomware protection and repair. During this interview Progent will collaborate with your IT staff to gather pertinent information about your security configuration and backup processes. Progent will use this data to generate a Basic Security and Best Practices Report detailing how to follow best practices for configuring and administering your cybersecurity and backup systems to block or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on vital areas associated with ransomware defense and restoration recovery. The review addresses:
- Proper use of admin accounts
- Assigning NTFS and SMB (Server Message Block) authorizations
- Proper firewall setup
- Secure Remote Desktop Protocol access
- Advice about AntiVirus (AV) tools identification and configuration
The online interview process included with the ProSight Ransomware Vulnerability Checkup service takes about one hour for the average small business network and requires more time for larger or more complex environments. The report document includes recommendations for enhancing your ability to block or recover from a ransomware attack and Progent offers on-demand consulting services to assist your business to create a cost-effective cybersecurity/backup system tailored to your specific requirements.
- Split permission architecture for backup protection
- Protecting key servers such as Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes files so they are unusable or are publicized. Ransomware sometimes locks the target's computer. To avoid the damage, the victim is required to pay a certain amount of money, typically via a crypto currency such as Bitcoin, within a brief period of time. It is never certain that paying the extortion price will restore the damaged files or prevent its exposure to the public. Files can be encrypted or erased throughout a network based on the target's write permissions, and you cannot solve the strong encryption algorithms used on the compromised files. A common ransomware attack vector is booby-trapped email, in which the victim is tricked into responding to by means of a social engineering technique called spear phishing. This makes the email to appear to come from a trusted sender. Another common attack vector is an improperly protected Remote Desktop Protocol port.
CryptoLocker ushered in the new age of ransomware in 2013, and the damage caused by different strains of ransomware is estimated at billions of dollars annually, more than doubling every two years. Famous attacks are Locky, and NotPetya. Recent headline variants like Ryuk, DoppelPaymer and Cerber are more complex and have wreaked more havoc than older versions. Even if your backup/recovery procedures allow you to recover your encrypted data, you can still be hurt by so-called exfiltration, where ransomed documents are made public. Because new versions of ransomware are launched every day, there is no certainty that conventional signature-matching anti-virus tools will detect a new attack. If threat does appear in an email, it is critical that your end users have learned to identify social engineering techniques. Your ultimate defense is a sound scheme for scheduling and retaining offsite backups and the deployment of reliable recovery platforms.
Ask Progent About the ProSight Ransomware Vulnerability Report
For pricing details and to learn more about how Progent's ProSight Ransomware Vulnerability Checkup can bolster your protection against crypto-ransomware, call Progent at 800-462-8800 or visit Contact Progent.