Crypto-Ransomware : Your Crippling Information Technology Disaster
Ransomware has become an escalating cyber pandemic that poses an existential threat for businesses vulnerable to an assault. Versions of crypto-ransomware such as CryptoLocker, Fusob, Locky, SamSam and MongoLock cryptoworms have been around for many years and still inflict damage. Newer versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, as well as more as yet unnamed viruses, not only encrypt online information but also infect all configured system backup. Data replicated to cloud environments can also be rendered useless. In a poorly architected system, it can render automatic recovery useless and basically sets the network back to square one.
Getting back online applications and data after a ransomware event becomes a race against time as the victim struggles to stop the spread, cleanup the crypto-ransomware, and resume business-critical operations. Since ransomware requires time to move laterally across a targeted network, penetrations are often sprung during weekends and nights, when attacks in many cases take longer to identify. This multiplies the difficulty of promptly marshalling and orchestrating an experienced response team.
Progent provides a range of solutions for protecting Allentown organizations from crypto-ransomware events. These include user education to help identify and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat defense to discover and suppress day-zero modern malware assaults. Progent in addition provides the services of seasoned ransomware recovery consultants with the skills and perseverance to reconstruct a compromised system as soon as possible.
Progent's Ransomware Restoration Help
Following a ransomware event, paying the ransom demands in cryptocurrency does not ensure that distant criminals will provide the codes to decrypt any of your files. Kaspersky estimated that 17% of ransomware victims never restored their information even after having paid the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms are commonly several hundred thousand dollars. For larger enterprises, the ransom can be in the millions. The fallback is to re-install the critical elements of your IT environment. Absent the availability of full system backups, this requires a broad complement of skills, well-coordinated team management, and the willingness to work continuously until the recovery project is finished.
For decades, Progent has offered certified expert IT services for companies across the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have attained advanced industry certifications in important technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security specialists have earned internationally-recognized industry certifications including CISA, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has expertise with financial management and ERP applications. This breadth of expertise gives Progent the skills to quickly identify necessary systems and re-organize the surviving parts of your network environment following a crypto-ransomware penetration and rebuild them into an operational system.
Progent's recovery team utilizes best of breed project management systems to coordinate the complex recovery process. Progent understands the importance of working rapidly and together with a customer's management and IT resources to prioritize tasks and to put essential applications back online as fast as humanly possible.
Customer Story: A Successful Crypto-Ransomware Intrusion Recovery
A small business hired Progent after their company was attacked by the Ryuk ransomware. Ryuk is thought to have been developed by North Korean government sponsored cybercriminals, possibly adopting technology exposed from America's NSA organization. Ryuk targets specific companies with limited room for operational disruption and is among the most lucrative versions of ransomware. Major targets include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing business located in the Chicago metro area with around 500 staff members. The Ryuk intrusion had paralyzed all business operations and manufacturing processes. The majority of the client's data protection had been directly accessible at the beginning of the intrusion and were encrypted. The client was pursuing financing for paying the ransom demand (in excess of $200,000) and wishfully thinking for the best, but ultimately made the decision to use Progent.
Progent worked with the customer to rapidly identify and assign priority to the most important areas that needed to be addressed in order to continue company operations:
Within 2 days, Progent was able to restore Windows Active Directory to its pre-intrusion state. Progent then initiated reinstallations and hard drive recovery of key servers. All Exchange ties and attributes were usable, which accelerated the rebuild of Exchange. Progent was able to collect non-encrypted OST data files (Outlook Email Offline Folder Files) on staff workstations and laptops to recover mail information. A not too old off-line backup of the businesses accounting systems made them able to return these vital programs back available to users. Although a lot of work still had to be done to recover completely from the Ryuk attack, essential services were returned to operations rapidly:
Throughout the following month important milestones in the restoration project were achieved in tight collaboration between Progent team members and the customer:
Conclusion
A probable business-ending disaster was avoided due to dedicated professionals, a broad spectrum of IT skills, and close collaboration. Although in post mortem the ransomware penetration described here should have been identified and stopped with current security technology and best practices, user and IT administrator training, and well designed security procedures for data backup and keeping systems up to date with security patches, the fact remains that government-sponsored cybercriminals from China, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a crypto-ransomware incursion, remember that Progent's team of professionals has substantial experience in ransomware virus blocking, remediation, and data recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Allentown
For ransomware recovery consulting in the Allentown metro area, phone Progent at