Ransomware has been weaponized by cybercriminals and rogue governments, representing a possibly existential risk to companies that fall victim. The latest strains of ransomware target everything, including online backup, making even partial restoration a challenging and expensive exercise. New strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Egregor have emerged, replacing Locky, Spora, and NotPetya in prominence, sophistication, and destructive impact.
Most crypto-ransomware infections are the result of innocent-looking emails that have dangerous hyperlinks or attachments, and a high percentage are "zero-day" variants that elude the defenses of traditional signature-based antivirus (AV) tools. While user training and up-front identification are critical to defend against ransomware attacks, leading practices demand that you take for granted some malware will eventually succeed and that you prepare a solid backup mechanism that allows you to restore files and services rapidly with minimal losses.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around a remote discussion with a Progent cybersecurity consultant skilled in ransomware defense and repair. During this interview Progent will collaborate with you to collect critical information concerning your security setup and backup environment. Progent will use this data to create a Basic Security and Best Practices Assessment detailing how to adhere to leading practices for configuring and managing your cybersecurity and backup solution to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas associated with ransomware prevention and restoration recovery. The report covers:
- Correct allocation and use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Secure RDP connections
- Recommend AntiVirus (AV) filtering selection and configuration
The online interview for the ProSight Ransomware Preparedness Report service takes about one hour for a typical small company and requires more time for bigger or more complex IT environments. The written report features recommendations for enhancing your ability to block or recover from a ransomware assault and Progent offers on-demand expertise to assist you to create a cost-effective security/backup solution customized for your specific requirements.
- Split permission model for backup integrity
- Backing up required servers such as AD
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes a victim's files so they are unusable or are made publicly available. Ransomware sometimes locks the victim's computer. To avoid the damage, the victim is asked to pay a specified amount of money, usually in the form of a crypto currency like Bitcoin, within a brief time window. It is not guaranteed that paying the extortion price will recover the damaged data or avoid its publication. Files can be altered or erased throughout a network depending on the victim's write permissions, and you cannot solve the military-grade encryption technologies used on the hostage files. A typical ransomware attack vector is tainted email, in which the victim is lured into responding to by a social engineering technique called spear phishing. This makes the email message to appear to come from a familiar sender. Another common attack vector is a poorly secured Remote Desktop Protocol port.
CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the damage attributed to by different strains of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous attacks are Locky, and NotPetya. Current headline variants like Ryuk, Maze and CryptoWall are more elaborate and have wreaked more havoc than earlier versions. Even if your backup/recovery processes allow you to restore your encrypted data, you can still be threatened by exfiltration, where ransomed data are made public. Because new variants of ransomware crop up daily, there is no guarantee that traditional signature-based anti-virus tools will detect a new malware. If threat does show up in an email, it is critical that your users have learned to be aware of phishing tricks. Your last line of defense is a sound process for scheduling and keeping offsite backups plus the use of dependable restoration tools.
Contact Progent About the ProSight Ransomware Vulnerability Checkup
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Assessment can enhance your defense against ransomware, call Progent at 800-462-8800 or see Contact Progent.