Ransomware has become the weapon of choice for cyber extortionists and rogue governments, representing a possibly existential threat to companies that are successfully attacked. Current strains of crypto-ransomware go after all vulnerable resources, including online backup, making even selective recovery a challenging and costly exercise. New versions of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Nephilim have made the headlines, replacing Locky, Spora, and Petya in prominence, elaborateness, and destructive impact.
Most ransomware penetrations come from innocuous-looking emails that include malicious hyperlinks or file attachments, and a high percentage are so-called "zero-day" variants that can escape detection by traditional signature-matching antivirus filters. Although user education and up-front identification are important to defend against ransomware, leading practices dictate that you assume some attacks will eventually get through and that you put in place a strong backup solution that enables you to repair the damage quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service centered around a remote interview with a Progent security expert experienced in ransomware protection and recovery. During this assessment Progent will collaborate directly with your São Paulo IT managers to gather pertinent information concerning your security configuration and backup processes. Progent will use this information to create a Basic Security and Best Practices Report detailing how to adhere to leading practices for implementing and managing your security and backup solution to prevent or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report highlights key issues related to ransomware defense and restoration recovery. The review addresses:
- Correct allocation and use of admin accounts
- Appropriate NTFS and SMB (Server Message Block) authorizations
- Optimal firewall configuration
- Secure RDP connections
- Guidance for AntiVirus (AV) filtering identification and deployment
The remote interview process included with the ProSight Ransomware Preparedness Assessment service takes about one hour for the average small company and requires more time for larger or more complicated environments. The written report includes suggestions for improving your ability to ward off or recover from a ransomware attack and Progent offers on-demand consulting services to help you to design and deploy an efficient security/backup system tailored to your business requirements.
- Split permission architecture for backup protection
- Backing up critical servers such as AD
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they are unusable or are publicized. Crypto-ransomware sometimes locks the target's computer. To avoid the carnage, the victim is required to pay a specified amount of money, usually in the form of a crypto currency like Bitcoin, within a short time window. There is no guarantee that delivering the ransom will recover the damaged data or prevent its exposure to the public. Files can be encrypted or erased throughout a network based on the victim's write permissions, and you cannot solve the strong encryption technologies used on the hostage files. A typical ransomware attack vector is booby-trapped email, in which the victim is tricked into responding to by means of a social engineering exploit known as spear phishing. This makes the email to appear to come from a trusted source. Another common attack vector is an improperly secured RDP port.
The ransomware variant CryptoLocker ushered in the new age of ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is said to be billions of dollars annually, roughly doubling every two years. Famous examples include Locky, and Petya. Recent high-profile variants like Ryuk, DoppelPaymer and CryptoWall are more elaborate and have wreaked more damage than earlier strains. Even if your backup procedures permit you to restore your ransomed files, you can still be hurt by exfiltration, where ransomed documents are made public (known as "doxxing"). Because additional versions of ransomware crop up every day, there is no certainty that traditional signature-based anti-virus filters will block a new malware. If threat does show up in an email, it is important that your users have been taught to be aware of social engineering techniques. Your last line of defense is a sound process for scheduling and retaining offsite backups and the use of dependable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Audit in São Paulo
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Readiness Assessment can bolster your protection against crypto-ransomware in São Paulo, phone Progent at 800-462-8800 or visit Contact Progent.