Ransomware has been weaponized by cyber extortionists and malicious states, posing a potentially existential risk to businesses that are successfully attacked. Current variations of crypto-ransomware go after everything, including online backup, making even selective restoration a long and expensive process. New versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, LockBit and Nephilim have made the headlines, displacing Locky, Cerber, and Petya in prominence, elaborateness, and destructive impact.
90% of crypto-ransomware infections are the result of innocent-seeming emails with malicious links or file attachments, and a high percentage are "zero-day" variants that can escape detection by traditional signature-matching antivirus tools. While user education and frontline identification are important to defend your network against ransomware attacks, best practices demand that you expect that some malware will inevitably get through and that you implement a strong backup mechanism that allows you to repair the damage quickly with little if any damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service centered around an online discussion with a Progent security expert experienced in ransomware protection and repair. In the course of this interview Progent will cooperate with you to gather pertinent data about your cybersecurity setup and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Report documenting how to apply leading practices for implementing and administering your cybersecurity and backup solution to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas associated with crypto-ransomware defense and restoration recovery. The review covers:
- Proper allocation and use of admin accounts
- Assigning NTFS (New Technology File System) and SMB authorizations
- Optimal firewall configuration
- Safe Remote Desktop Protocol configuration
- Advice about AntiVirus filtering identification and configuration
The online interview process included with the ProSight Ransomware Vulnerability Report service lasts about an hour for a typical small business and longer for bigger or more complicated environments. The report document contains suggestions for enhancing your ability to block or recover from a ransomware incident and Progent offers as-needed expertise to help your business to create an efficient cybersecurity/backup system tailored to your specific needs.
- Split permission architecture for backup integrity
- Backing up required servers such as Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a type of malware that encrypts or deletes a victim's files so they are unusable or are made publicly available. Ransomware sometimes locks the target's computer. To avoid the carnage, the target is asked to send a specified ransom, typically via a crypto currency like Bitcoin, within a short period of time. It is not guaranteed that delivering the ransom will recover the lost data or prevent its publication. Files can be encrypted or erased across a network based on the target's write permissions, and you cannot reverse engineer the military-grade encryption technologies used on the hostage files. A typical ransomware delivery package is booby-trapped email, whereby the victim is lured into responding to by means of a social engineering technique called spear phishing. This causes the email to look as though it came from a trusted source. Another common vulnerability is an improperly secured Remote Desktop Protocol port.
CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses caused by different versions of ransomware is said to be billions of dollars per year, more than doubling every other year. Notorious examples include Locky, and NotPetya. Recent high-profile variants like Ryuk, Sodinokibi and CryptoWall are more sophisticated and have wreaked more damage than earlier strains. Even if your backup/recovery procedures enable you to recover your encrypted data, you can still be hurt by so-called exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because additional versions of ransomware crop up every day, there is no guarantee that conventional signature-matching anti-virus filters will detect the latest attack. If threat does show up in an email, it is critical that your users have been taught to be aware of phishing techniques. Your last line of protection is a solid process for scheduling and retaining remote backups plus the deployment of reliable restoration platforms.
Ask Progent About the ProSight Ransomware Preparedness Assessment
For pricing details and to find out more about how Progent's ProSight Ransomware Preparedness Checkup can bolster your defense against crypto-ransomware, call Progent at 800-462-8800 or see Contact Progent.