Ransomware : Your Worst Information Technology Catastrophe
Ransomware has become an escalating cyberplague that represents an existential threat for businesses of all sizes unprepared for an assault. Different iterations of ransomware such as CrySIS, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been replicating for years and continue to cause destruction. More recent versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, plus additional unnamed malware, not only encrypt online files but also infect all configured system protection mechanisms. Data synchronized to off-site disaster recovery sites can also be encrypted. In a vulnerable system, this can make automated restore operations hopeless and basically sets the network back to square one.
Getting back online applications and data following a ransomware event becomes a race against the clock as the targeted organization struggles to stop the spread and clear the crypto-ransomware and to restore enterprise-critical activity. Due to the fact that ransomware takes time to move laterally, attacks are usually sprung at night, when penetrations tend to take more time to detect. This compounds the difficulty of rapidly mobilizing and organizing a knowledgeable mitigation team.
Progent offers a range of help services for securing Anaheim enterprises from crypto-ransomware penetrations. These include team education to become familiar with and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based threat defense to detect and suppress zero-day malware attacks. Progent also offers the assistance of veteran ransomware recovery professionals with the track record and perseverance to re-deploy a breached environment as rapidly as possible.
Progent's Ransomware Restoration Services
After a ransomware event, even paying the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will respond with the needed codes to unencrypt all your files. Kaspersky ascertained that seventeen percent of crypto-ransomware victims never restored their information even after having paid the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the average crypto-ransomware demands, which ZDNET estimated to be around $13,000 for smaller businesses. The alternative is to piece back together the essential elements of your Information Technology environment. Without the availability of complete data backups, this calls for a broad range of skill sets, top notch team management, and the ability to work 24x7 until the task is completed.
For decades, Progent has made available expert IT services for businesses across the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have attained high-level certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity engineers have earned internationally-renowned certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has expertise with financial systems and ERP applications. This breadth of expertise provides Progent the capability to knowledgably understand necessary systems and organize the remaining parts of your IT system following a ransomware attack and configure them into an operational system.
Progent's ransomware team of experts deploys top notch project management applications to coordinate the complicated recovery process. Progent understands the importance of working quickly and in concert with a client's management and IT staff to prioritize tasks and to get the most important services back on line as fast as possible.
Customer Story: A Successful Ransomware Intrusion Recovery
A small business sought out Progent after their organization was attacked by the Ryuk crypto-ransomware. Ryuk is believed to have been created by Northern Korean state sponsored criminal gangs, possibly using strategies exposed from America's NSA organization. Ryuk goes after specific organizations with little or no room for operational disruption and is one of the most profitable iterations of ransomware malware. High publicized victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturer located in Chicago and has around 500 workers. The Ryuk intrusion had shut down all business operations and manufacturing capabilities. The majority of the client's information backups had been on-line at the beginning of the attack and were encrypted. The client was evaluating paying the ransom demand (in excess of two hundred thousand dollars) and hoping for the best, but ultimately called Progent.
Progent worked together with the customer to rapidly understand and prioritize the critical elements that had to be restored in order to resume company functions:
In less than 48 hours, Progent was able to recover Windows Active Directory to its pre-penetration state. Progent then charged ahead with setup and storage recovery on the most important applications. All Exchange Server data and configuration information were usable, which accelerated the rebuild of Exchange. Progent was also able to locate intact OST data files (Outlook Email Offline Data Files) on various desktop computers and laptops in order to recover email data. A not too old off-line backup of the businesses financials/ERP software made them able to recover these required programs back online for users. Although significant work still had to be done to recover totally from the Ryuk attack, core services were recovered quickly:
Throughout the following month key milestones in the recovery process were made through tight collaboration between Progent team members and the customer:
A possible business extinction disaster was avoided by top-tier experts, a wide spectrum of knowledge, and tight collaboration. Although in analyzing the event afterwards the ransomware virus penetration detailed here should have been identified and stopped with advanced cyber security solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user training, and well thought out security procedures for data backup and proper patching controls, the fact remains that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a ransomware incident, feel confident that Progent's team of professionals has a proven track record in ransomware virus defense, cleanup, and data recovery.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Expertise in Anaheim
For ransomware system recovery expertise in the Anaheim metro area, call Progent at