Ransomware has become the weapon of choice for cyber extortionists and rogue states, representing a possibly existential risk to companies that are victimized. Current versions of ransomware target all vulnerable resources, including backup, making even partial restoration a complex and expensive process. New versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Nephilim have made the headlines, replacing WannaCry, Spora, and CryptoWall in prominence, elaborateness, and destructive impact.
Most crypto-ransomware infections are the result of innocent-seeming emails that have dangerous links or attachments, and a high percentage are so-called "zero-day" attacks that can escape detection by legacy signature-based antivirus (AV) tools. While user training and up-front detection are critical to defend your network against ransomware attacks, best practices dictate that you expect that some attacks will inevitably get through and that you put in place a strong backup mechanism that allows you to repair the damage rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Checkup is an ultra-affordable service centered around a remote discussion with a Progent security consultant experienced in ransomware protection and recovery. During this assessment Progent will work with your Irvine IT managers to gather pertinent data about your cybersecurity setup and backup environment. Progent will use this information to generate a Basic Security and Best Practices Report documenting how to adhere to leading practices for configuring and managing your cybersecurity and backup solution to block or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on key areas related to ransomware defense and restoration recovery. The report covers:
- Proper allocation and use of admin accounts
- Appropriate NTFS and SMB (Server Message Block) permissions
- Proper firewall setup
- Safe Remote Desktop Protocol (RDP) connections
- Advice about AntiVirus (AV) tools selection and configuration
The remote interview process for the ProSight Ransomware Vulnerability Checkup service lasts about one hour for the average small company and longer for bigger or more complex IT environments. The report document includes suggestions for enhancing your ability to ward off or recover from a ransomware incident and Progent offers on-demand consulting services to help you and your IT staff to create a cost-effective cybersecurity/data backup solution tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting key servers such as AD
- Offsite backups including cloud backup to Azure
Ransomware is a form of malware that encrypts or steals files so they cannot be used or are made publicly available. Ransomware sometimes locks the victim's computer. To avoid the damage, the victim is asked to pay a specified ransom, usually in the form of a crypto currency such as Bitcoin, within a brief period of time. It is never certain that delivering the ransom will recover the lost data or prevent its publication. Files can be encrypted or deleted across a network depending on the victim's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the compromised files. A common ransomware attack vector is spoofed email, whereby the victim is tricked into interacting with by means of a social engineering exploit called spear phishing. This causes the email to appear to come from a trusted sender. Another common attack vector is a poorly protected RDP port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the monetary losses caused by the many strains of ransomware is estimated at billions of dollars annually, roughly doubling every two years. Notorious attacks include Locky, and Petya. Recent high-profile threats like Ryuk, Sodinokibi and Cerber are more sophisticated and have caused more damage than earlier versions. Even if your backup processes permit you to recover your ransomed files, you can still be threatened by exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because additional versions of ransomware crop up daily, there is no certainty that traditional signature-based anti-virus tools will detect the latest attack. If an attack does appear in an email, it is critical that your end users have been taught to identify social engineering tricks. Your ultimate protection is a sound scheme for scheduling and keeping remote backups plus the use of reliable restoration platforms.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Assessment in Irvine
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Preparedness Evaluation can bolster your defense against crypto-ransomware in Irvine, call Progent at 800-462-8800 or visit Contact Progent.