Ransomware : Your Feared IT Nightmare
Crypto-Ransomware has become a too-frequent cyber pandemic that presents an extinction-level danger for businesses vulnerable to an attack. Different versions of crypto-ransomware like the Reveton, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been around for years and continue to inflict harm. Newer variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, along with additional as yet unnamed newcomers, not only encrypt online critical data but also infiltrate any available system backup. Information replicated to cloud environments can also be ransomed. In a poorly designed data protection solution, it can make automated restoration hopeless and basically knocks the network back to square one.
Getting back on-line programs and information following a ransomware outage becomes a sprint against time as the victim tries its best to contain the damage and eradicate the virus and to restore business-critical activity. Since ransomware needs time to move laterally, penetrations are frequently launched on weekends, when successful attacks tend to take more time to recognize. This multiplies the difficulty of promptly assembling and organizing a knowledgeable response team.
Progent makes available a variety of solutions for protecting Allentown organizations from ransomware events. These include team member education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, plus setup and configuration of the latest generation security gateways with artificial intelligence technology to quickly detect and suppress zero-day cyber attacks. Progent in addition provides the services of expert ransomware recovery engineers with the skills and commitment to re-deploy a breached system as quickly as possible.
Progent's Ransomware Restoration Help
Following a crypto-ransomware penetration, sending the ransom in cryptocurrency does not provide any assurance that cyber criminals will provide the codes to decrypt any or all of your data. Kaspersky determined that 17% of ransomware victims never restored their information after having paid the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is greatly above the typical crypto-ransomware demands, which ZDNET estimated to be around $13,000 for small organizations. The alternative is to piece back together the mission-critical elements of your IT environment. Without the availability of full system backups, this requires a broad complement of skills, well-coordinated team management, and the ability to work 24x7 until the task is completed.
For twenty years, Progent has provided certified expert IT services for businesses across the US and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have attained advanced certifications in key technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have garnered internationally-renowned certifications including CISM, CISSP-ISSAP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent also has experience with financial systems and ERP software solutions. This breadth of expertise affords Progent the capability to knowledgably ascertain necessary systems and consolidate the remaining pieces of your network environment after a crypto-ransomware attack and assemble them into a functioning network.
Progent's recovery team of experts utilizes powerful project management tools to coordinate the sophisticated restoration process. Progent knows the urgency of acting quickly and together with a customer’s management and IT team members to prioritize tasks and to get essential services back online as fast as possible.
Case Study: A Successful Ransomware Attack Recovery
A customer engaged Progent after their network was attacked by Ryuk crypto-ransomware. Ryuk is thought to have been deployed by Northern Korean state sponsored criminal gangs, possibly using technology exposed from America’s National Security Agency. Ryuk targets specific businesses with little or no tolerance for disruption and is one of the most lucrative versions of ransomware. Headline victims include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturer located in the Chicago metro area with about 500 workers. The Ryuk penetration had shut down all essential operations and manufacturing processes. Most of the client's data protection had been on-line at the beginning of the intrusion and were destroyed. The client was actively seeking loans for paying the ransom demand (exceeding $200,000) and praying for good luck, but in the end made the decision to use Progent.
Progent worked hand in hand the customer to rapidly assess and assign priority to the mission critical services that needed to be recovered to make it possible to continue business operations:
In less than 48 hours, Progent was able to recover Active Directory services to its pre-attack state. Progent then completed reinstallations and hard drive recovery on critical servers. All Exchange Server data and attributes were intact, which greatly helped the rebuild of Exchange. Progent was also able to find non-encrypted OST files (Outlook Email Offline Data Files) on staff PCs and laptops to recover email messages. A recent offline backup of the client's accounting/MRP systems made them able to return these vital applications back online. Although significant work was left to recover completely from the Ryuk damage, critical systems were recovered rapidly:
During the next few weeks critical milestones in the recovery project were made through close cooperation between Progent engineers and the client:
Conclusion
A probable business catastrophe was avoided with dedicated professionals, a wide array of knowledge, and close collaboration. Although in retrospect the ransomware penetration described here should have been identified and stopped with current security technology solutions and recognized best practices, user and IT administrator training, and well thought out incident response procedures for backup and applying software patches, the reality remains that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware incident, remember that Progent's roster of experts has extensive experience in crypto-ransomware virus defense, mitigation, and file restoration.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer story, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Allentown
For ransomware system recovery expertise in the Allentown area, phone Progent at