Ransomware : Your Crippling IT Disaster
Ransomware has become a modern cyber pandemic that poses an enterprise-level threat for organizations poorly prepared for an assault. Different versions of crypto-ransomware like the CrySIS, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been circulating for many years and still cause damage. Modern strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, plus frequent as yet unnamed newcomers, not only encrypt online data but also infect most available system backup. Data synched to cloud environments can also be rendered useless. In a poorly designed data protection solution, this can make automated recovery useless and effectively sets the entire system back to square one.
Getting back online applications and information following a ransomware attack becomes a race against the clock as the victim tries its best to stop the spread and remove the ransomware and to restore enterprise-critical activity. Due to the fact that ransomware requires time to replicate, penetrations are usually sprung at night, when successful penetrations in many cases take longer to detect. This multiplies the difficulty of quickly marshalling and orchestrating an experienced mitigation team.
Progent makes available an assortment of solutions for protecting Anaheim businesses from crypto-ransomware events. These include team member education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of modern security gateways with machine learning technology to quickly identify and quarantine zero-day cyber threats. Progent in addition offers the services of seasoned ransomware recovery consultants with the track record and commitment to reconstruct a compromised system as urgently as possible.
Progent's Ransomware Restoration Services
After a crypto-ransomware attack, even paying the ransom in cryptocurrency does not ensure that criminal gangs will respond with the codes to decrypt any of your data. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their files after having sent off the ransom, resulting in more losses. The risk is also very costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the average ransomware demands, which ZDNET determined to be around $13,000 for smaller businesses. The alternative is to re-install the mission-critical components of your IT environment. Without access to complete data backups, this calls for a broad range of IT skills, well-coordinated team management, and the willingness to work non-stop until the task is done.
For decades, Progent has offered professional Information Technology services for companies throughout the U.S. and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have earned top certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity engineers have earned internationally-renowned certifications including CISM, CISSP-ISSAP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has expertise in financial systems and ERP applications. This breadth of experience affords Progent the capability to knowledgably ascertain important systems and consolidate the remaining pieces of your network environment following a crypto-ransomware attack and assemble them into an operational network.
Progent's recovery team of experts utilizes best of breed project management tools to coordinate the complex recovery process. Progent understands the importance of working swiftly and together with a client's management and IT team members to assign priority to tasks and to get the most important services back online as soon as humanly possible.
Client Story: A Successful Crypto-Ransomware Incident Restoration
A customer hired Progent after their network was brought down by Ryuk ransomware. Ryuk is believed to have been deployed by North Korean state sponsored cybercriminals, suspected of using algorithms exposed from America’s National Security Agency. Ryuk attacks specific businesses with little or no room for disruption and is one of the most profitable versions of ransomware viruses. Headline victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing business located in Chicago and has about 500 workers. The Ryuk intrusion had disabled all business operations and manufacturing capabilities. Most of the client's data backups had been on-line at the start of the attack and were destroyed. The client was taking steps for paying the ransom (exceeding two hundred thousand dollars) and hoping for the best, but ultimately engaged Progent.
Progent worked with the customer to quickly get our arms around and prioritize the mission critical elements that needed to be addressed to make it possible to continue business operations:
Within 48 hours, Progent was able to rebuild Active Directory services to its pre-intrusion state. Progent then helped perform reinstallations and storage recovery on key systems. All Exchange data and configuration information were intact, which accelerated the rebuild of Exchange. Progent was also able to assemble non-encrypted OST files (Microsoft Outlook Offline Data Files) on various workstations to recover email messages. A recent offline backup of the client's accounting/ERP software made them able to restore these required programs back online for users. Although significant work was left to recover totally from the Ryuk virus, essential systems were restored rapidly:
Throughout the following month key milestones in the restoration project were made in close cooperation between Progent team members and the client:
Conclusion
A likely business-killing catastrophe was averted by hard-working experts, a broad array of technical expertise, and tight collaboration. Although in analyzing the event afterwards the ransomware attack detailed here should have been shut down with modern security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, staff training, and well thought out incident response procedures for backup and applying software patches, the reality is that government-sponsored hackers from Russia, North Korea and elsewhere are tireless and will continue. If you do fall victim to a ransomware incursion, feel confident that Progent's team of professionals has substantial experience in ransomware virus blocking, cleanup, and data restoration.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting Services in Anaheim
For ransomware system recovery expertise in the Anaheim area, phone Progent at