Crypto-Ransomware : Your Feared IT Nightmare
Ransomware has become a modern cyberplague that presents an enterprise-level danger for businesses of all sizes unprepared for an attack. Different iterations of ransomware such as CrySIS, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for many years and still inflict damage. More recent variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, plus more unnamed malware, not only encrypt online files but also infect any accessible system restores and backups. Files replicated to cloud environments can also be ransomed. In a poorly architected environment, this can make any restoration impossible and basically knocks the entire system back to square one.
Restoring applications and information after a ransomware event becomes a sprint against the clock as the victim struggles to stop the spread and cleanup the crypto-ransomware and to restore mission-critical operations. Since ransomware requires time to spread, attacks are often sprung during nights and weekends, when successful penetrations are likely to take longer to discover. This compounds the difficulty of promptly mobilizing and coordinating a capable mitigation team.
Progent offers a range of help services for protecting Allentown organizations from ransomware penetrations. Among these are team education to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat defense to discover and disable day-zero malware assaults. Progent also offers the assistance of seasoned ransomware recovery engineers with the track record and perseverance to rebuild a compromised network as rapidly as possible.
Progent's Ransomware Recovery Support Services
Following a crypto-ransomware attack, sending the ransom in Bitcoin cryptocurrency does not ensure that cyber criminals will provide the keys to decrypt all your data. Kaspersky determined that seventeen percent of ransomware victims never recovered their files even after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is well higher than the average ransomware demands, which ZDNET determined to be approximately $13,000 for small businesses. The other path is to piece back together the essential parts of your IT environment. Absent access to complete system backups, this calls for a broad complement of skill sets, professional project management, and the capability to work 24x7 until the task is done.
For two decades, Progent has made available expert IT services for companies throughout the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have been awarded high-level industry certifications in leading technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have garnered internationally-renowned certifications including CISA, CISSP-ISSAP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has expertise in financial management and ERP applications. This breadth of expertise affords Progent the ability to knowledgably understand necessary systems and re-organize the surviving components of your computer network environment after a crypto-ransomware penetration and rebuild them into an operational network.
Progent's security group deploys powerful project management systems to coordinate the complex recovery process. Progent appreciates the urgency of acting swiftly and in unison with a client's management and IT staff to assign priority to tasks and to put critical applications back online as fast as humanly possible.
Customer Story: A Successful Ransomware Virus Restoration
A business contacted Progent after their network was attacked by Ryuk ransomware. Ryuk is believed to have been created by Northern Korean state criminal gangs, suspected of adopting techniques exposed from America's NSA organization. Ryuk seeks specific companies with little room for operational disruption and is one of the most profitable instances of ransomware viruses. Well Known victims include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturing company located in the Chicago metro area with around 500 staff members. The Ryuk penetration had paralyzed all essential operations and manufacturing capabilities. Most of the client's data protection had been directly accessible at the beginning of the attack and were destroyed. The client was taking steps for paying the ransom demand (more than $200K) and hoping for the best, but in the end brought in Progent.
Progent worked hand in hand the client to quickly understand and prioritize the most important services that needed to be recovered in order to restart company operations:
In less than 2 days, Progent was able to recover Active Directory to its pre-penetration state. Progent then accomplished rebuilding and hard drive recovery of key applications. All Exchange data and configuration information were intact, which accelerated the restore of Exchange. Progent was also able to assemble non-encrypted OST data files (Outlook Offline Folder Files) on user workstations in order to recover mail information. A recent off-line backup of the client's manufacturing software made them able to recover these required applications back online for users. Although significant work needed to be completed to recover completely from the Ryuk attack, critical systems were returned to operations rapidly:
Over the following month important milestones in the restoration process were completed in tight cooperation between Progent consultants and the client:
Conclusion
A probable business-ending disaster was evaded with results-oriented professionals, a broad spectrum of subject matter expertise, and tight teamwork. Although in analyzing the event afterwards the crypto-ransomware virus attack detailed here could have been identified and disabled with up-to-date security solutions and security best practices, team education, and properly executed incident response procedures for information protection and applying software patches, the reality remains that state-sponsored hackers from Russia, China and elsewhere are tireless and are an ongoing threat. If you do fall victim to a ransomware incursion, remember that Progent's team of experts has extensive experience in crypto-ransomware virus blocking, mitigation, and data recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer story, click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Allentown
For ransomware cleanup services in the Allentown area, phone Progent at