Ransomware : Your Crippling IT Nightmare
Ransomware has become a too-frequent cyberplague that poses an extinction-level threat for businesses of all sizes poorly prepared for an assault. Different iterations of ransomware like the CryptoLocker, Fusob, Locky, NotPetya and MongoLock cryptoworms have been around for years and continue to inflict damage. Modern variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as additional unnamed newcomers, not only perform encryption of on-line data files but also infect any configured system protection. Files synched to cloud environments can also be rendered useless. In a poorly architected data protection solution, it can render automatic restoration impossible and basically knocks the network back to zero.
Retrieving programs and data following a ransomware intrusion becomes a sprint against time as the victim tries its best to stop the spread, cleanup the ransomware, and restore business-critical activity. Since crypto-ransomware takes time to replicate across a targeted network, assaults are often sprung on weekends and holidays, when attacks in many cases take longer to notice. This multiplies the difficulty of promptly marshalling and organizing a qualified response team.
Progent has an assortment of help services for securing Adelaide enterprises from ransomware attacks. Among these are team member education to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based threat protection to discover and disable zero-day modern malware attacks. Progent in addition can provide the assistance of experienced ransomware recovery professionals with the skills and commitment to reconstruct a compromised network as rapidly as possible.
Progent's Crypto-Ransomware Restoration Help
After a ransomware event, even paying the ransom in cryptocurrency does not provide any assurance that distant criminals will respond with the needed keys to decipher any or all of your files. Kaspersky estimated that 17% of crypto-ransomware victims never restored their data even after having paid the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The fallback is to setup from scratch the vital elements of your IT environment. Absent access to full information backups, this requires a broad complement of skills, professional project management, and the ability to work 24x7 until the job is finished.
For two decades, Progent has provided certified expert IT services for companies across the US and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded high-level certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally-renowned certifications including CISM, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has expertise in financial management and ERP software solutions. This breadth of experience provides Progent the capability to efficiently determine critical systems and consolidate the remaining components of your IT environment following a crypto-ransomware penetration and configure them into a functioning network.
Progent's ransomware group utilizes state-of-the-art project management applications to orchestrate the sophisticated restoration process. Progent knows the importance of working quickly and together with a customer's management and IT staff to assign priority to tasks and to put critical systems back on-line as soon as humanly possible.
Client Case Study: A Successful Ransomware Incident Recovery
A business contacted Progent after their network system was attacked by Ryuk crypto-ransomware. Ryuk is believed to have been developed by North Korean state cybercriminals, possibly adopting algorithms exposed from the U.S. NSA organization. Ryuk goes after specific businesses with little ability to sustain operational disruption and is among the most lucrative instances of crypto-ransomware. Headline organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturer based in Chicago and has about 500 staff members. The Ryuk event had brought down all company operations and manufacturing processes. The majority of the client's data protection had been on-line at the time of the intrusion and were eventually encrypted. The client was evaluating paying the ransom (more than $200,000) and hoping for the best, but ultimately utilized Progent.
Progent worked hand in hand the customer to rapidly get our arms around and prioritize the essential areas that had to be recovered to make it possible to continue departmental functions:
Within 48 hours, Progent was able to rebuild Active Directory services to its pre-virus state. Progent then assisted with reinstallations and storage recovery on essential systems. All Exchange schema and configuration information were intact, which accelerated the restore of Exchange. Progent was also able to collect intact OST data files (Microsoft Outlook Offline Data Files) on user desktop computers and laptops in order to recover email messages. A recent off-line backup of the customer's accounting/ERP systems made them able to return these required applications back on-line. Although a lot of work still had to be done to recover fully from the Ryuk attack, the most important systems were returned to operations quickly:
During the following couple of weeks important milestones in the recovery process were accomplished in close collaboration between Progent team members and the client:
Conclusion
A potential enterprise-killing disaster was dodged through the efforts of results-oriented professionals, a broad range of knowledge, and close collaboration. Although in analyzing the event afterwards the ransomware attack described here would have been prevented with current cyber security solutions and recognized best practices, team training, and properly executed security procedures for information protection and proper patching controls, the reality is that state-sponsored cyber criminals from Russia, China and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a ransomware incident, remember that Progent's roster of experts has extensive experience in ransomware virus defense, remediation, and information systems restoration.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Adelaide
For ransomware cleanup services in the Adelaide area, call Progent at