Ransomware has become the weapon of choice for cybercriminals and malicious states, representing a potentially lethal threat to companies that are successfully attacked. Current versions of ransomware go after all vulnerable resources, including backup, making even selective restoration a complex and expensive process. New strains of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Nephilim have made the headlines, replacing WannaCry, TeslaCrypt, and CryptoWall in notoriety, elaborateness, and destructiveness.
Most ransomware penetrations are the result of innocent-seeming emails with malicious links or attachments, and a high percentage are "zero-day" strains that elude the defenses of legacy signature-based antivirus tools. Although user education and frontline detection are critical to protect your network against ransomware attacks, leading practices demand that you take for granted some attacks will inevitably succeed and that you deploy a solid backup solution that allows you to recover rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service built around a remote discussion with a Progent cybersecurity expert experienced in ransomware protection and recovery. During this assessment Progent will cooperate with your IT staff to gather pertinent information concerning your security configuration and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Assessment detailing how to adhere to leading practices for configuring and managing your cybersecurity and backup systems to block or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on vital areas related to crypto-ransomware prevention and restoration recovery. The review covers:
- Effective use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB permissions
- Optimal firewall configuration
- Safe Remote Desktop Protocol configuration
- Advice about AntiVirus filtering identification and configuration
The online interview process for the ProSight Ransomware Vulnerability Assessment service takes about one hour for the average small business network and longer for bigger or more complicated IT environments. The written report includes suggestions for improving your ability to block or clean up after a ransomware attack and Progent offers on-demand consulting services to help you and your IT staff to design and deploy a cost-effective cybersecurity/data backup solution tailored to your specific requirements.
- Split permission architecture for backup protection
- Protecting critical servers including Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals files so they are unusable or are publicized. Crypto-ransomware sometimes locks the target's computer. To prevent the carnage, the target is asked to send a specified amount of money, usually via a crypto currency like Bitcoin, within a short period of time. There is no guarantee that paying the ransom will restore the damaged files or prevent its exposure to the public. Files can be encrypted or deleted throughout a network based on the target's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A common ransomware attack vector is tainted email, in which the victim is lured into responding to by means of a social engineering exploit known as spear phishing. This causes the email to look as though it came from a trusted sender. Another common attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
CryptoLocker opened the new age of crypto-ransomware in 2013, and the monetary losses caused by different strains of ransomware is said to be billions of dollars per year, roughly doubling every other year. Notorious attacks include WannaCry, and Petya. Recent headline threats like Ryuk, Maze and TeslaCrypt are more elaborate and have caused more havoc than older strains. Even if your backup processes enable your business to recover your encrypted files, you can still be hurt by so-called exfiltration, where ransomed data are exposed to the public. Because additional versions of ransomware crop up every day, there is no certainty that traditional signature-based anti-virus filters will block a new attack. If threat does show up in an email, it is important that your users have been taught to identify social engineering techniques. Your last line of defense is a solid scheme for performing and retaining offsite backups and the deployment of dependable restoration tools.
Ask Progent About the ProSight Ransomware Preparedness Report
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Report can bolster your defense against ransomware, call Progent at 800-993-9400 or visit Contact Progent.