Ransomware has been widely adopted by cybercriminals and malicious states, posing a potentially lethal threat to companies that are victimized. Modern variations of crypto-ransomware go after everything, including backup, making even selective restoration a challenging and expensive exercise. New versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Nephilim have made the headlines, replacing Locky, Spora, and Petya in notoriety, elaborateness, and destructiveness.
90% of ransomware infections are caused by innocuous-seeming emails with malicious links or attachments, and a high percentage are "zero-day" attacks that elude detection by legacy signature-matching antivirus (AV) tools. Although user education and frontline identification are important to defend your network against ransomware, best practices dictate that you expect that some malware will eventually succeed and that you deploy a strong backup solution that enables you to recover rapidly with minimal damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service centered around an online discussion with a Progent cybersecurity consultant experienced in ransomware protection and recovery. In the course of this assessment Progent will work with your Manchester IT managers to collect pertinent data about your cybersecurity profile and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Report detailing how to apply leading practices for implementing and managing your cybersecurity and backup solution to prevent or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report highlights vital areas associated with ransomware defense and restoration recovery. The review addresses:
- Proper use of admin accounts
- Correct NTFS (New Technology File System) and SMB permissions
- Proper firewall settings
- Safe Remote Desktop Protocol configuration
- Advice about AntiVirus (AV) tools selection and deployment
The remote interview process for the ProSight Ransomware Vulnerability Checkup service takes about an hour for the average small company and longer for larger or more complicated environments. The report document includes recommendations for improving your ability to block or recover from a ransomware assault and Progent can provide on-demand consulting services to assist your business to design and deploy a cost-effective cybersecurity/backup solution tailored to your specific needs.
- Split permission model for backup protection
- Protecting critical servers including Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a variety of malicious software that encrypts or steals files so they cannot be used or are publicized. Ransomware often locks the victim's computer. To prevent the damage, the target is asked to send a certain ransom, typically in the form of a crypto currency such as Bitcoin, within a short period of time. It is not guaranteed that paying the extortion price will recover the damaged files or avoid its publication. Files can be altered or deleted across a network based on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A typical ransomware attack vector is booby-trapped email, whereby the target is tricked into interacting with by a social engineering technique known as spear phishing. This makes the email to look as though it came from a familiar source. Another popular attack vector is an improperly secured RDP port.
CryptoLocker ushered in the modern era of ransomware in 2013, and the monetary losses attributed to by the many versions of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Notorious attacks are Locky, and Petya. Current headline threats like Ryuk, Sodinokibi and Cerber are more complex and have caused more havoc than older strains. Even if your backup processes permit your business to recover your encrypted files, you can still be hurt by exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new variants of ransomware are launched daily, there is no certainty that conventional signature-based anti-virus filters will block a new attack. If an attack does appear in an email, it is important that your end users have been taught to identify social engineering techniques. Your last line of protection is a sound process for scheduling and keeping remote backups plus the use of dependable recovery platforms.
Contact Progent About the ProSight Ransomware Preparedness Consultation in Manchester
For pricing information and to learn more about how Progent's ProSight Ransomware Susceptibility Audit can bolster your defense against crypto-ransomware in Manchester, phone Progent at 800-462-8800 or visit Contact Progent.