Ransomware has been widely adopted by the major cyber-crime organizations and rogue governments, representing a possibly lethal threat to businesses that are successfully attacked. The latest strains of ransomware go after everything, including online backup, making even partial restoration a long and costly process. New strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Conti and Nephilim have emerged, displacing Locky, Cerber, and NotPetya in notoriety, elaborateness, and destructive impact.
Most ransomware breaches come from innocent-seeming emails that include dangerous hyperlinks or attachments, and many are so-called "zero-day" variants that can escape the defenses of legacy signature-based antivirus filters. Although user training and frontline detection are important to protect against ransomware attacks, best practices demand that you assume some attacks will eventually get through and that you implement a strong backup solution that enables you to recover quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service centered around an online discussion with a Progent security expert skilled in ransomware protection and repair. During this assessment Progent will cooperate directly with your IT staff to collect pertinent data concerning your security setup and backup processes. Progent will use this data to produce a Basic Security and Best Practices Report detailing how to follow best practices for implementing and administering your cybersecurity and backup systems to prevent or clean up after a crypto-ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on vital areas associated with crypto-ransomware prevention and restoration recovery. The review covers:
- Effective use of administration accounts
- Assigning NTFS and SMB (Server Message Block) authorizations
- Optimal firewall settings
- Secure Remote Desktop Protocol configuration
- Guidance for AntiVirus (AV) tools identification and deployment
The online interview process for the ProSight Ransomware Preparedness Checkup service takes about one hour for a typical small company and requires more time for bigger or more complicated environments. The written report includes recommendations for improving your ability to ward off or clean up after a ransomware incident and Progent can provide as-needed expertise to assist you to create a cost-effective cybersecurity/data backup system customized for your business requirements.
- Split permission model for backup protection
- Protecting critical servers such as AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a type of malicious software that encrypts or steals files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To avoid the carnage, the victim is required to send a certain amount of money (the ransom), usually in the form of a crypto currency like Bitcoin, within a brief period of time. There is no guarantee that delivering the extortion price will recover the damaged files or avoid its publication. Files can be encrypted or erased across a network depending on the target's write permissions, and you cannot break the military-grade encryption technologies used on the hostage files. A typical ransomware delivery package is spoofed email, in which the user is tricked into responding to by means of a social engineering exploit known as spear phishing. This makes the email to look as though it came from a trusted source. Another popular vulnerability is an improperly secured RDP port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the damage caused by the many versions of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Notorious examples include Locky, and NotPetya. Recent headline threats like Ryuk, Maze and Spora are more elaborate and have caused more damage than earlier strains. Even if your backup/recovery procedures permit you to restore your encrypted files, you can still be hurt by so-called exfiltration, where ransomed documents are made public (known as "doxxing"). Because additional versions of ransomware are launched every day, there is no guarantee that conventional signature-based anti-virus tools will detect a new malware. If an attack does appear in an email, it is critical that your end users have been taught to be aware of social engineering techniques. Your last line of defense is a sound process for scheduling and retaining remote backups plus the use of reliable recovery platforms.
Contact Progent About the ProSight Ransomware Vulnerability Report
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Report can bolster your protection against ransomware, call Progent at 800-462-8800 or see Contact Progent.