Ransomware : Your Crippling IT Catastrophe
Ransomware has become a too-frequent cyberplague that represents an extinction-level danger for organizations unprepared for an assault. Versions of ransomware like the Dharma, Fusob, Locky, SamSam and MongoLock cryptoworms have been around for many years and still inflict damage. More recent versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, as well as frequent unnamed malware, not only perform encryption of on-line files but also infect all accessible system backup. Information synched to the cloud can also be ransomed. In a vulnerable system, this can render automatic restore operations hopeless and basically sets the network back to square one.
Retrieving applications and data after a crypto-ransomware attack becomes a race against the clock as the victim fights to stop lateral movement, eradicate the ransomware, and resume enterprise-critical activity. Because ransomware takes time to move laterally throughout a targeted network, penetrations are often launched during weekends and nights, when attacks may take more time to notice. This multiplies the difficulty of rapidly mobilizing and organizing a qualified response team.
Progent has a variety of help services for protecting Adelaide businesses from ransomware events. Among these are user education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's AI-based threat defense to detect and extinguish zero-day malware attacks. Progent also can provide the assistance of veteran crypto-ransomware recovery consultants with the skills and perseverance to re-deploy a breached system as quickly as possible.
Progent's Ransomware Restoration Support Services
Subsequent to a crypto-ransomware attack, sending the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will respond with the needed keys to decrypt any or all of your files. Kaspersky ascertained that seventeen percent of crypto-ransomware victims never restored their files after having paid the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms are often a few hundred thousand dollars. For larger enterprises, the ransom can reach millions. The alternative is to piece back together the vital components of your Information Technology environment. Absent the availability of full system backups, this requires a broad range of skill sets, top notch team management, and the capability to work non-stop until the job is complete.
For twenty years, Progent has offered professional Information Technology services for businesses across the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have been awarded top certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have garnered internationally-recognized certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise with accounting and ERP applications. This breadth of expertise gives Progent the capability to rapidly determine critical systems and re-organize the remaining pieces of your Information Technology environment following a crypto-ransomware attack and rebuild them into an operational network.
Progent's security group utilizes top notch project management applications to orchestrate the complex recovery process. Progent appreciates the importance of working quickly and together with a customer's management and Information Technology resources to prioritize tasks and to put key services back on line as soon as possible.
Customer Case Study: A Successful Ransomware Intrusion Restoration
A business contacted Progent after their network was penetrated by Ryuk crypto-ransomware. Ryuk is believed to have been deployed by North Korean government sponsored criminal gangs, possibly adopting approaches exposed from the U.S. NSA organization. Ryuk seeks specific organizations with little or no ability to sustain operational disruption and is one of the most lucrative examples of ransomware. Well Known organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing company based in Chicago with about 500 staff members. The Ryuk intrusion had brought down all essential operations and manufacturing processes. Most of the client's information backups had been online at the beginning of the intrusion and were eventually encrypted. The client was pursuing financing for paying the ransom (more than two hundred thousand dollars) and hoping for the best, but in the end engaged Progent.
Progent worked with the client to quickly assess and prioritize the mission critical areas that needed to be addressed to make it possible to restart departmental operations:
Within 48 hours, Progent was able to re-build Active Directory to its pre-attack state. Progent then charged ahead with setup and storage recovery of the most important applications. All Exchange Server ties and configuration information were usable, which accelerated the restore of Exchange. Progent was also able to collect intact OST data files (Microsoft Outlook Off-Line Folder Files) on team workstations in order to recover mail messages. A recent off-line backup of the customer's accounting/MRP software made it possible to recover these essential services back online for users. Although a lot of work needed to be completed to recover totally from the Ryuk damage, critical systems were recovered quickly:
Over the following month important milestones in the recovery process were made in tight cooperation between Progent team members and the client:
Conclusion
A possible business disaster was avoided due to results-oriented professionals, a wide range of subject matter expertise, and tight collaboration. Although in analyzing the event afterwards the ransomware incident detailed here could have been prevented with advanced security technology and NIST Cybersecurity Framework best practices, user and IT administrator education, and well thought out incident response procedures for information protection and proper patching controls, the fact remains that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a ransomware attack, feel confident that Progent's roster of professionals has a proven track record in crypto-ransomware virus blocking, mitigation, and file disaster recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Adelaide
For ransomware cleanup services in the Adelaide metro area, phone Progent at