Ransomware : Your Crippling Information Technology Catastrophe
Crypto-Ransomware has become a too-frequent cyberplague that presents an enterprise-level threat for businesses of all sizes vulnerable to an assault. Versions of crypto-ransomware such as CryptoLocker, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been out in the wild for many years and continue to inflict damage. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, as well as more as yet unnamed viruses, not only encrypt on-line information but also infiltrate most available system backup. Data synched to cloud environments can also be corrupted. In a poorly architected data protection solution, it can render automated restoration hopeless and basically sets the network back to square one.
Restoring services and information following a ransomware event becomes a sprint against the clock as the targeted business struggles to stop lateral movement, remove the crypto-ransomware, and resume mission-critical operations. Because ransomware needs time to replicate across a targeted network, assaults are usually launched during nights and weekends, when attacks typically take longer to notice. This multiplies the difficulty of rapidly marshalling and coordinating a knowledgeable response team.
Progent offers an assortment of support services for protecting Allentown enterprises from crypto-ransomware attacks. These include team education to help recognize and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based threat defense to discover and quarantine day-zero malware attacks. Progent also provides the assistance of experienced crypto-ransomware recovery consultants with the skills and perseverance to re-deploy a compromised network as soon as possible.
Progent's Crypto-Ransomware Restoration Services
After a crypto-ransomware invasion, paying the ransom in cryptocurrency does not ensure that criminal gangs will provide the needed codes to decipher any of your data. Kaspersky ascertained that 17% of crypto-ransomware victims never recovered their information after having sent off the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms are commonly several hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The fallback is to piece back together the critical components of your Information Technology environment. Without the availability of complete system backups, this requires a wide range of IT skills, well-coordinated project management, and the willingness to work 24x7 until the task is over.
For two decades, Progent has offered certified expert Information Technology services for businesses across the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have earned top industry certifications in foundation technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have garnered internationally-renowned certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has expertise with financial management and ERP software solutions. This breadth of expertise affords Progent the capability to knowledgably identify important systems and organize the surviving parts of your network system following a ransomware penetration and rebuild them into a functioning system.
Progent's ransomware group uses top notch project management tools to orchestrate the complex restoration process. Progent appreciates the importance of working rapidly and in unison with a client's management and Information Technology staff to prioritize tasks and to put essential systems back on-line as fast as humanly possible.
Client Case Study: A Successful Ransomware Attack Recovery
A client contacted Progent after their company was taken over by the Ryuk ransomware. Ryuk is believed to have been created by North Korean state sponsored cybercriminals, possibly using strategies leaked from America's National Security Agency. Ryuk attacks specific companies with little room for disruption and is among the most lucrative instances of crypto-ransomware. Major organizations include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing company headquartered in Chicago and has around 500 employees. The Ryuk event had brought down all essential operations and manufacturing capabilities. The majority of the client's data backups had been online at the beginning of the intrusion and were destroyed. The client was pursuing financing for paying the ransom (more than $200K) and wishfully thinking for the best, but ultimately utilized Progent.
Progent worked hand in hand the customer to quickly identify and assign priority to the critical services that needed to be recovered in order to resume business operations:
In less than 2 days, Progent was able to re-build Active Directory services to its pre-penetration state. Progent then assisted with reinstallations and storage recovery on essential systems. All Exchange schema and attributes were usable, which greatly helped the rebuild of Exchange. Progent was also able to locate non-encrypted OST data files (Outlook Off-Line Data Files) on staff workstations to recover email information. A not too old offline backup of the customer's accounting systems made it possible to recover these required applications back online for users. Although a large amount of work still had to be done to recover completely from the Ryuk virus, the most important systems were returned to operations quickly:
Over the following few weeks important milestones in the restoration project were made in close collaboration between Progent engineers and the customer:
Conclusion
A potential business catastrophe was dodged by hard-working experts, a broad spectrum of knowledge, and close collaboration. Although in analyzing the event afterwards the ransomware incident detailed here would have been identified and prevented with up-to-date cyber security solutions and security best practices, user and IT administrator education, and properly executed security procedures for data protection and proper patching controls, the reality remains that state-sponsored cybercriminals from Russia, China and elsewhere are relentless and are not going away. If you do fall victim to a crypto-ransomware incursion, remember that Progent's roster of professionals has extensive experience in ransomware virus defense, removal, and information systems disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting in Allentown
For ransomware system restoration consulting services in the Allentown metro area, phone Progent at