Ransomware : Your Feared IT Catastrophe
Ransomware has become a too-frequent cyberplague that represents an extinction-level threat for organizations poorly prepared for an attack. Multiple generations of ransomware such as CrySIS, WannaCry, Locky, Syskey and MongoLock cryptoworms have been out in the wild for a long time and still inflict harm. More recent versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, plus additional unnamed malware, not only perform encryption of online data files but also infect most configured system backup. Information replicated to cloud environments can also be corrupted. In a poorly architected environment, this can make any restoration useless and basically knocks the network back to square one.
Restoring services and information following a crypto-ransomware attack becomes a race against time as the targeted business struggles to contain, clear the ransomware, and resume enterprise-critical operations. Since ransomware requires time to replicate throughout a targeted network, penetrations are usually sprung on weekends and holidays, when penetrations typically take longer to uncover. This compounds the difficulty of rapidly marshalling and orchestrating a knowledgeable mitigation team.
Progent provides an assortment of help services for securing Allentown organizations from ransomware penetrations. These include team training to become familiar with and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat defense to discover and extinguish day-zero malware assaults. Progent also can provide the assistance of veteran crypto-ransomware recovery professionals with the track record and commitment to re-deploy a breached environment as soon as possible.
Progent's Ransomware Restoration Services
Subsequent to a ransomware penetration, paying the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will provide the codes to unencrypt any of your files. Kaspersky estimated that 17% of ransomware victims never recovered their files even after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms are commonly several hundred thousand dollars. For larger enterprises, the ransom can reach millions. The other path is to setup from scratch the critical elements of your Information Technology environment. Absent the availability of complete information backups, this calls for a broad range of IT skills, professional team management, and the capability to work non-stop until the task is complete.
For decades, Progent has offered professional IT services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned high-level industry certifications in important technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have earned internationally-renowned certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience in financial systems and ERP software solutions. This breadth of expertise affords Progent the skills to quickly understand critical systems and organize the remaining parts of your computer network environment following a crypto-ransomware penetration and configure them into an operational network.
Progent's ransomware team of experts has state-of-the-art project management systems to coordinate the complex recovery process. Progent knows the urgency of acting quickly and in concert with a client's management and Information Technology resources to prioritize tasks and to put key applications back online as soon as possible.
Business Case Study: A Successful Ransomware Intrusion Recovery
A small business escalated to Progent after their network was attacked by the Ryuk ransomware. Ryuk is believed to have been developed by North Korean state cybercriminals, possibly using strategies leaked from America's National Security Agency. Ryuk goes after specific organizations with limited ability to sustain operational disruption and is among the most lucrative iterations of crypto-ransomware. Headline victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturing company headquartered in Chicago and has around 500 employees. The Ryuk penetration had frozen all essential operations and manufacturing processes. Most of the client's data protection had been on-line at the start of the attack and were damaged. The client considered paying the ransom (in excess of $200,000) and hoping for the best, but in the end made the decision to use Progent.
Progent worked with the client to rapidly get our arms around and assign priority to the essential services that had to be addressed in order to resume departmental functions:
Within two days, Progent was able to recover Active Directory services to its pre-penetration state. Progent then initiated rebuilding and hard drive recovery of mission critical applications. All Microsoft Exchange Server ties and attributes were usable, which facilitated the restore of Exchange. Progent was also able to assemble non-encrypted OST files (Outlook Email Off-Line Folder Files) on user workstations and laptops to recover mail data. A not too old off-line backup of the businesses financials/ERP software made them able to recover these required programs back available to users. Although a lot of work still had to be done to recover completely from the Ryuk damage, core systems were returned to operations rapidly:
Throughout the following couple of weeks key milestones in the recovery project were made through close collaboration between Progent team members and the client:
Conclusion
A possible business-ending disaster was avoided by top-tier experts, a broad array of subject matter expertise, and tight collaboration. Although in analyzing the event afterwards the ransomware virus incident detailed here could have been prevented with advanced security solutions and best practices, staff training, and well designed security procedures for backup and keeping systems up to date with security patches, the reality is that government-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a crypto-ransomware penetration, remember that Progent's team of professionals has a proven track record in ransomware virus blocking, remediation, and data recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Allentown
For ransomware recovery expertise in the Allentown area, phone Progent at