Ransomware has become the weapon of choice for cyber extortionists and bad-actor governments, posing a possibly existential risk to companies that are breached. The latest versions of ransomware go after everything, including online backup, making even partial restoration a complex and expensive exercise. New versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, LockBit and Nephilim have emerged, replacing Locky, TeslaCrypt, and CryptoWall in prominence, elaborateness, and destructive impact.
Most ransomware infections come from innocent-looking emails with malicious hyperlinks or attachments, and a high percentage are so-called "zero-day" attacks that elude the defenses of traditional signature-matching antivirus (AV) tools. Although user education and frontline detection are critical to defend against ransomware, leading practices dictate that you take for granted some attacks will inevitably succeed and that you prepare a solid backup mechanism that permits you to recover rapidly with little if any damage.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service built around a remote interview with a Progent cybersecurity consultant experienced in ransomware protection and repair. During this assessment Progent will cooperate with your IT staff to collect pertinent data about your security profile and backup processes. Progent will utilize this data to create a Basic Security and Best Practices Assessment documenting how to adhere to leading practices for configuring and managing your cybersecurity and backup systems to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Report focuses on key areas associated with ransomware prevention and restoration recovery. The report covers:
- Proper allocation and use of admin accounts
- Correct NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Secure Remote Desktop Protocol access
- Guidance for AntiVirus (AV) tools selection and deployment
The online interview for the ProSight Ransomware Vulnerability Report service takes about one hour for a typical small business and longer for larger or more complicated IT environments. The report document includes recommendations for improving your ability to ward off or clean up after a ransomware attack and Progent can provide as-needed expertise to assist you and your IT staff to design and deploy a cost-effective cybersecurity/backup solution tailored to your business requirements.
- Split permission architecture for backup integrity
- Protecting key servers including Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a type of malicious software that encrypts or deletes files so they cannot be used or are made publicly available. Crypto-ransomware often locks the victim's computer. To avoid the damage, the target is asked to send a specified amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a short time window. It is not guaranteed that delivering the extortion price will recover the damaged data or prevent its exposure to the public. Files can be encrypted or deleted throughout a network based on the victim's write permissions, and you cannot reverse engineer the military-grade encryption technologies used on the hostage files. A typical ransomware delivery package is booby-trapped email, whereby the user is tricked into responding to by a social engineering exploit known as spear phishing. This makes the email message to appear to come from a familiar sender. Another popular attack vector is a poorly protected RDP port.
CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the damage caused by different versions of ransomware is estimated at billions of dollars per year, roughly doubling every two years. Famous attacks are WannaCry, and NotPetya. Current headline variants like Ryuk, Sodinokibi and Cerber are more elaborate and have caused more havoc than older versions. Even if your backup/recovery procedures enable your business to recover your encrypted files, you can still be threatened by exfiltration, where ransomed data are made public (known as "doxxing"). Because new variants of ransomware are launched every day, there is no certainty that conventional signature-based anti-virus tools will block a new malware. If threat does appear in an email, it is critical that your end users have been taught to be aware of phishing techniques. Your ultimate protection is a sound scheme for scheduling and keeping offsite backups and the deployment of reliable recovery platforms.
Contact Progent About the ProSight Ransomware Vulnerability Checkup
For pricing information and to learn more about how Progent's ProSight Ransomware Vulnerability Report can enhance your defense against ransomware, call Progent at 800-462-8800 or see Contact Progent.