Ransomware has been weaponized by cyber extortionists and rogue states, representing a potentially lethal risk to businesses that fall victim. Modern strains of ransomware go after everything, including backup, making even selective recovery a complex and costly exercise. New strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Egregor have made the headlines, replacing WannaCry, Spora, and Petya in prominence, elaborateness, and destructiveness.
Most crypto-ransomware penetrations are the result of innocuous-seeming emails that include malicious links or file attachments, and many are "zero-day" attacks that elude the defenses of traditional signature-matching antivirus tools. Although user education and up-front detection are important to protect your network against ransomware, best practices dictate that you take for granted some malware will inevitably get through and that you put in place a solid backup solution that permits you to recover quickly with little if any damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service built around an online interview with a Progent security consultant experienced in ransomware defense and recovery. In the course of this assessment Progent will work directly with your Perth network management staff to collect pertinent data concerning your cybersecurity setup and backup processes. Progent will utilize this data to produce a Basic Security and Best Practices Assessment detailing how to adhere to best practices for implementing and managing your security and backup systems to block or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on vital areas associated with ransomware prevention and restoration recovery. The review covers:
- Proper allocation and use of admin accounts
- Correct NTFS (New Technology File System) and SMB authorizations
- Proper firewall settings
- Safe RDP access
- Guidance for AntiVirus tools selection and deployment
The online interview process included with the ProSight Ransomware Vulnerability Assessment service takes about one hour for the average small company and requires more time for larger or more complex environments. The written report contains suggestions for enhancing your ability to ward off or clean up after a ransomware attack and Progent can provide on-demand consulting services to assist your business to create an efficient cybersecurity/data backup system tailored to your business requirements.
- Split permission model for backup protection
- Protecting critical servers such as Active Directory
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a type of malware that encrypts or steals files so they are unusable or are publicized. Ransomware sometimes locks the target's computer. To avoid the carnage, the victim is asked to send a certain ransom, usually in the form of a crypto currency such as Bitcoin, within a brief time window. It is never certain that paying the extortion price will restore the damaged files or avoid its publication. Files can be encrypted or erased throughout a network based on the victim's write permissions, and you cannot break the military-grade encryption algorithms used on the hostage files. A common ransomware attack vector is tainted email, whereby the target is tricked into interacting with by means of a social engineering technique known as spear phishing. This causes the email to look as though it came from a trusted sender. Another popular attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage attributed to by the many strains of ransomware is said to be billions of dollars annually, roughly doubling every two years. Famous examples include Locky, and Petya. Recent high-profile threats like Ryuk, Maze and Spora are more complex and have caused more damage than older strains. Even if your backup processes permit you to recover your ransomed files, you can still be hurt by so-called exfiltration, where stolen documents are made public (known as "doxxing"). Because new versions of ransomware crop up every day, there is no guarantee that conventional signature-based anti-virus filters will block a new attack. If threat does appear in an email, it is important that your end users have been taught to be aware of social engineering techniques. Your ultimate defense is a sound scheme for scheduling and retaining remote backups plus the use of reliable recovery platforms.
Contact Progent About the ProSight Ransomware Preparedness Report in Perth
For pricing details and to learn more about how Progent's ProSight Ransomware Susceptibility Audit can bolster your defense against crypto-ransomware in Perth, phone Progent at 800-462-8800 or visit Contact Progent.