Ransomware has been weaponized by the major cyber-crime organizations and bad-actor governments, representing a potentially existential threat to companies that fall victim. Modern versions of crypto-ransomware go after everything, including online backup, making even selective recovery a long and expensive exercise. New variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Egregor have made the headlines, displacing Locky, Spora, and NotPetya in notoriety, sophistication, and destructiveness.
90% of crypto-ransomware infections are the result of innocuous-seeming emails that have malicious hyperlinks or file attachments, and a high percentage are so-called "zero-day" variants that can escape detection by legacy signature-based antivirus (AV) filters. Although user education and up-front identification are important to defend against ransomware, best practices dictate that you assume some malware will eventually succeed and that you deploy a solid backup mechanism that permits you to repair the damage quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Report is an ultra-affordable service built around an online interview with a Progent security consultant experienced in ransomware defense and recovery. During this assessment Progent will work with your Des Moines IT managers to collect pertinent data about your cybersecurity setup and backup processes. Progent will use this information to create a Basic Security and Best Practices Assessment detailing how to follow leading practices for implementing and administering your security and backup solution to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights key issues associated with ransomware defense and restoration recovery. The report addresses:
- Effective use of admin accounts
- Appropriate NTFS and SMB authorizations
- Proper firewall settings
- Safe RDP configuration
- Advice about AntiVirus (AV) filtering selection and configuration
The online interview included with the ProSight Ransomware Vulnerability Checkup service takes about one hour for the average small business and longer for larger or more complex environments. The written report includes suggestions for improving your ability to block or recover from a ransomware attack and Progent offers on-demand consulting services to assist your business to design and deploy a cost-effective security/data backup solution customized for your specific needs.
- Split permission model for backup protection
- Protecting required servers such as AD
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To prevent the damage, the victim is required to pay a certain amount of money, usually via a crypto currency such as Bitcoin, within a short period of time. It is never certain that paying the extortion price will restore the lost files or prevent its exposure to the public. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot solve the military-grade encryption technologies used on the hostage files. A typical ransomware attack vector is booby-trapped email, whereby the user is lured into responding to by a social engineering technique called spear phishing. This makes the email message to look as though it came from a trusted sender. Another popular attack vector is an improperly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the monetary losses attributed to by the many versions of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous attacks include WannaCry, and Petya. Current high-profile threats like Ryuk, Sodinokibi and CryptoWall are more sophisticated and have caused more havoc than earlier versions. Even if your backup processes permit you to restore your encrypted data, you can still be hurt by so-called exfiltration, where ransomed documents are made public. Because new versions of ransomware are launched every day, there is no guarantee that conventional signature-based anti-virus filters will detect a new attack. If an attack does appear in an email, it is important that your users have been taught to be aware of social engineering tricks. Your ultimate protection is a sound process for scheduling and retaining remote backups and the deployment of reliable recovery tools.
Ask Progent About the ProSight Crypto-Ransomware Readiness Review in Des Moines
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Readiness Consultation can enhance your defense against crypto-ransomware in Des Moines, call Progent at 800-462-8800 or visit Contact Progent.