Ransomware : Your Crippling IT Disaster
Ransomware has become a modern cyberplague that represents an enterprise-level threat for businesses unprepared for an assault. Multiple generations of crypto-ransomware such as CryptoLocker, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for a long time and continue to cause harm. Modern variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, as well as daily as yet unnamed viruses, not only do encryption of on-line files but also infect most accessible system protection mechanisms. Information replicated to off-site disaster recovery sites can also be ransomed. In a vulnerable environment, this can render automated restoration hopeless and basically knocks the entire system back to zero.
Getting back programs and information following a ransomware intrusion becomes a race against time as the targeted organization struggles to contain the damage and remove the ransomware and to restore mission-critical activity. Since ransomware needs time to move laterally, penetrations are usually launched during nights and weekends, when successful attacks are likely to take more time to recognize. This multiplies the difficulty of quickly assembling and orchestrating an experienced mitigation team.
Progent has a range of solutions for securing Adelaide organizations from ransomware attacks. Among these are team member training to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based threat defense to discover and quarantine zero-day malware attacks. Progent also can provide the assistance of veteran ransomware recovery engineers with the skills and perseverance to reconstruct a breached network as urgently as possible.
Progent's Ransomware Restoration Help
After a ransomware penetration, even paying the ransom demands in cryptocurrency does not guarantee that cyber hackers will respond with the needed keys to unencrypt any or all of your data. Kaspersky Labs determined that seventeen percent of ransomware victims never recovered their files even after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the average ransomware demands, which ZDNET estimated to be around $13,000 for small businesses. The alternative is to piece back together the critical components of your IT environment. Without access to essential information backups, this requires a broad complement of skills, top notch project management, and the ability to work continuously until the task is done.
For twenty years, Progent has provided professional Information Technology services for businesses across the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have attained advanced certifications in leading technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security consultants have garnered internationally-renowned industry certifications including CISM, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of experience affords Progent the ability to quickly understand important systems and consolidate the remaining pieces of your Information Technology system following a ransomware penetration and rebuild them into a functioning network.
Progent's recovery team uses powerful project management systems to coordinate the sophisticated restoration process. Progent appreciates the importance of acting quickly and together with a client's management and IT staff to assign priority to tasks and to put the most important applications back online as fast as possible.
Client Case Study: A Successful Ransomware Virus Recovery
A client hired Progent after their network was attacked by the Ryuk ransomware virus. Ryuk is believed to have been launched by North Korean government sponsored cybercriminals, suspected of adopting strategies exposed from the U.S. National Security Agency. Ryuk attacks specific organizations with limited room for disruption and is among the most profitable incarnations of ransomware viruses. Major victims include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturer based in Chicago and has about 500 employees. The Ryuk penetration had brought down all essential operations and manufacturing processes. Most of the client's data backups had been directly accessible at the beginning of the intrusion and were destroyed. The client was pursuing financing for paying the ransom (exceeding $200,000) and hoping for the best, but in the end engaged Progent.
Progent worked hand in hand the customer to quickly understand and assign priority to the essential areas that needed to be restored to make it possible to continue company functions:
In less than 48 hours, Progent was able to re-build Windows Active Directory to its pre-penetration state. Progent then performed rebuilding and storage recovery of critical servers. All Exchange Server data and attributes were intact, which accelerated the restore of Exchange. Progent was also able to locate intact OST data files (Outlook Off-Line Folder Files) on staff desktop computers and laptops in order to recover mail information. A recent off-line backup of the client's financials/ERP systems made them able to return these vital programs back on-line. Although major work still had to be done to recover completely from the Ryuk attack, critical services were restored quickly:
Throughout the following couple of weeks critical milestones in the recovery process were accomplished through tight cooperation between Progent consultants and the client:
Conclusion
A potential business disaster was averted through the efforts of dedicated experts, a wide spectrum of subject matter expertise, and close collaboration. Although in analyzing the event afterwards the ransomware virus penetration described here could have been disabled with advanced security solutions and ISO/IEC 27001 best practices, staff training, and well thought out security procedures for data protection and keeping systems up to date with security patches, the fact remains that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware incident, feel confident that Progent's roster of professionals has extensive experience in crypto-ransomware virus blocking, mitigation, and information systems disaster recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Adelaide
For ransomware cleanup consulting in the Adelaide area, phone Progent at