Ransomware : Your Worst IT Nightmare
Ransomware has become an escalating cyberplague that represents an enterprise-level danger for organizations vulnerable to an assault. Different iterations of ransomware like the CrySIS, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for years and continue to cause havoc. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, plus additional unnamed newcomers, not only encrypt online critical data but also infiltrate any available system backup. Files synched to cloud environments can also be encrypted. In a poorly architected system, this can make any recovery hopeless and basically knocks the network back to zero.
Restoring applications and information following a crypto-ransomware outage becomes a race against the clock as the victim struggles to stop the spread and cleanup the crypto-ransomware and to resume enterprise-critical operations. Due to the fact that ransomware needs time to spread, penetrations are often launched on weekends and holidays, when successful attacks may take longer to discover. This multiplies the difficulty of quickly marshalling and coordinating a qualified mitigation team.
Progent has a variety of help services for protecting Adelaide enterprises from ransomware attacks. Among these are user training to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus installation of modern security gateways with artificial intelligence technology to quickly detect and suppress day-zero cyber threats. Progent in addition provides the services of expert ransomware recovery engineers with the track record and commitment to re-deploy a compromised network as soon as possible.
Progent's Ransomware Recovery Services
Following a ransomware attack, sending the ransom demands in cryptocurrency does not guarantee that distant criminals will return the needed keys to decipher any or all of your files. Kaspersky estimated that 17% of ransomware victims never restored their information after having sent off the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the average crypto-ransomware demands, which ZDNET determined to be approximately $13,000 for smaller organizations. The alternative is to setup from scratch the essential parts of your IT environment. Absent access to complete system backups, this requires a wide range of skill sets, professional project management, and the willingness to work non-stop until the task is finished.
For two decades, Progent has made available certified expert Information Technology services for companies throughout the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have earned top industry certifications in key technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity engineers have earned internationally-renowned certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has expertise in accounting and ERP applications. This breadth of experience gives Progent the skills to quickly ascertain critical systems and organize the surviving parts of your IT system following a ransomware penetration and rebuild them into an operational system.
Progent's recovery team of experts has top notch project management systems to orchestrate the complex restoration process. Progent understands the urgency of acting swiftly and in concert with a client's management and IT resources to assign priority to tasks and to put key applications back online as soon as possible.
Client Case Study: A Successful Crypto-Ransomware Intrusion Recovery
A small business escalated to Progent after their network system was attacked by Ryuk crypto-ransomware. Ryuk is believed to have been launched by North Korean state cybercriminals, suspected of using strategies leaked from the U.S. National Security Agency. Ryuk attacks specific companies with little room for operational disruption and is one of the most lucrative iterations of crypto-ransomware. Well Known organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturer located in Chicago and has about 500 workers. The Ryuk event had paralyzed all company operations and manufacturing capabilities. The majority of the client's data protection had been online at the beginning of the intrusion and were damaged. The client was pursuing financing for paying the ransom demand (in excess of two hundred thousand dollars) and hoping for the best, but in the end brought in Progent.
Progent worked together with the customer to rapidly assess and prioritize the most important areas that needed to be addressed to make it possible to resume company functions:
Within 48 hours, Progent was able to restore Active Directory services to its pre-attack state. Progent then initiated setup and storage recovery on critical systems. All Exchange ties and configuration information were usable, which greatly helped the restore of Exchange. Progent was also able to locate intact OST data files (Outlook Email Offline Data Files) on team PCs in order to recover email data. A recent offline backup of the client's accounting systems made them able to restore these required applications back online. Although major work was left to recover totally from the Ryuk event, essential systems were returned to operations rapidly:
During the following month critical milestones in the restoration project were accomplished through tight cooperation between Progent engineers and the client:
Conclusion
A likely business-killing catastrophe was averted by dedicated experts, a broad range of IT skills, and close collaboration. Although in retrospect the ransomware virus incident described here should have been identified and prevented with advanced cyber security systems and security best practices, team education, and well thought out security procedures for data protection and applying software patches, the fact remains that state-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do get hit by a crypto-ransomware incident, feel confident that Progent's team of experts has proven experience in crypto-ransomware virus defense, removal, and data recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Expertise in Adelaide
For ransomware cleanup services in the Adelaide area, phone Progent at