Ransomware has been widely adopted by cyber extortionists and rogue governments, posing a potentially existential risk to companies that fall victim. The latest versions of crypto-ransomware go after all vulnerable resources, including online backup, making even partial restoration a challenging and expensive exercise. Novel strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Egregor have emerged, replacing WannaCry, TeslaCrypt, and NotPetya in notoriety, elaborateness, and destructive impact.
90% of ransomware penetrations come from innocuous-looking emails that have malicious hyperlinks or attachments, and many are so-called "zero-day" variants that can escape detection by traditional signature-based antivirus tools. While user training and frontline identification are important to defend your network against ransomware attacks, best practices demand that you assume some attacks will eventually get through and that you implement a solid backup solution that allows you to recover quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service built around a remote interview with a Progent cybersecurity expert skilled in ransomware protection and recovery. During this assessment Progent will collaborate with your IT staff to collect critical data concerning your cybersecurity configuration and backup environment. Progent will utilize this information to produce a Basic Security and Best Practices Report detailing how to apply leading practices for configuring and managing your cybersecurity and backup solution to block or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas associated with ransomware prevention and restoration recovery. The review covers:
Ransomware is a form of malware that encrypts or deletes files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the victim's computer. To avoid the carnage, the victim is required to pay a specified ransom, typically in the form of a crypto currency like Bitcoin, within a brief period of time. There is no guarantee that paying the ransom will restore the damaged data or prevent its exposure to the public. Files can be altered or erased throughout a network based on the victim's write permissions, and you cannot solve the military-grade encryption algorithms used on the compromised files. A common ransomware attack vector is tainted email, whereby the target is tricked into responding to by means of a social engineering exploit known as spear phishing. This causes the email to appear to come from a trusted sender. Another common attack vector is an improperly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker opened the new age of crypto-ransomware in 2013, and the damage attributed to by different versions of ransomware is said to be billions of dollars annually, more than doubling every other year. Famous examples are WannaCry, and NotPetya. Recent high-profile threats like Ryuk, Maze and Spora are more complex and have wreaked more damage than earlier strains. Even if your backup/recovery processes permit you to restore your ransomed files, you can still be threatened by so-called exfiltration, where stolen data are made public (known as "doxxing"). Because new versions of ransomware crop up daily, there is no guarantee that conventional signature-based anti-virus filters will detect a new attack. If an attack does appear in an email, it is critical that your users have learned to be aware of phishing techniques. Your last line of protection is a sound process for scheduling and keeping remote backups and the use of reliable restoration tools.
Contact Progent About the ProSight Ransomware Vulnerability Report
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Checkup can bolster your defense against crypto-ransomware, call Progent at