Ransomware has been widely adopted by cyber extortionists and rogue governments, representing a possibly existential threat to businesses that fall victim. The latest variations of crypto-ransomware target everything, including online backup, making even partial recovery a long and costly exercise. New variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, LockBit and Egregor have emerged, displacing Locky, TeslaCrypt, and Petya in notoriety, sophistication, and destructiveness.
90% of ransomware penetrations are caused by innocent-seeming emails that include malicious hyperlinks or attachments, and a high percentage are "zero-day" attacks that can escape detection by traditional signature-based antivirus (AV) filters. Although user education and up-front identification are critical to protect against ransomware attacks, best practices demand that you take for granted some malware will eventually succeed and that you deploy a strong backup mechanism that permits you to repair the damage rapidly with little if any damage.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service centered around a remote interview with a Progent cybersecurity expert experienced in ransomware protection and repair. In the course of this interview Progent will work directly with your Edison IT management staff to gather critical information about your security posture and backup processes. Progent will use this information to produce a Basic Security and Best Practices Report detailing how to apply leading practices for configuring and administering your security and backup systems to block or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key issues associated with ransomware defense and restoration recovery. The review addresses:
- Proper allocation and use of administration accounts
- Appropriate NTFS (New Technology File System) and SMB authorizations
- Optimal firewall configuration
- Secure Remote Desktop Protocol (RDP) configuration
- Guidance for AntiVirus filtering selection and configuration
The remote interview included with the ProSight Ransomware Preparedness Assessment service lasts about an hour for a typical small business network and requires more time for bigger or more complex environments. The report document includes suggestions for enhancing your ability to block or recover from a ransomware incident and Progent offers on-demand consulting services to help you to create an efficient cybersecurity/backup system tailored to your business needs.
- Split permission model for backup protection
- Backing up required servers such as AD
- Offsite backups including cloud backup to Azure
Ransomware is a type of malware that encrypts or deletes files so they are unusable or are publicized. Ransomware sometimes locks the target's computer. To prevent the carnage, the victim is required to send a certain amount of money (the ransom), usually in the form of a crypto currency like Bitcoin, within a short time window. There is no guarantee that paying the ransom will recover the damaged data or avoid its publication. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A common ransomware delivery package is booby-trapped email, in which the target is tricked into interacting with by a social engineering exploit called spear phishing. This makes the email message to appear to come from a trusted source. Another common attack vector is an improperly protected RDP port.
CryptoLocker ushered in the new age of ransomware in 2013, and the damage caused by different versions of ransomware is said to be billions of dollars annually, roughly doubling every two years. Notorious examples are Locky, and NotPetya. Recent high-profile threats like Ryuk, Maze and CryptoWall are more complex and have caused more havoc than older versions. Even if your backup/recovery processes allow you to recover your encrypted files, you can still be hurt by so-called exfiltration, where ransomed documents are exposed to the public (known as "doxxing"). Because additional variants of ransomware are launched daily, there is no certainty that conventional signature-matching anti-virus filters will block a new attack. If an attack does show up in an email, it is important that your end users have learned to be aware of phishing tricks. Your ultimate defense is a sound scheme for performing and retaining remote backups plus the use of reliable restoration platforms.
Ask Progent About the ProSight Ransomware Susceptibility Evaluation in Edison
For pricing details and to learn more about how Progent's ProSight Ransomware Readiness Assessment can bolster your defense against crypto-ransomware in Edison, phone Progent at 800-462-8800 or visit Contact Progent.