Ransomware : Your Worst Information Technology Nightmare
Crypto-Ransomware has become an escalating cyber pandemic that poses an enterprise-level danger for businesses poorly prepared for an assault. Different iterations of ransomware like the Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been circulating for many years and continue to inflict destruction. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, plus daily unnamed newcomers, not only perform encryption of on-line critical data but also infiltrate most accessible system protection mechanisms. Files synchronized to cloud environments can also be ransomed. In a poorly architected data protection solution, it can render automatic restoration useless and basically sets the datacenter back to zero.
Recovering programs and data following a ransomware intrusion becomes a race against time as the victim struggles to contain, clear the virus, and restore enterprise-critical operations. Due to the fact that ransomware needs time to move laterally across a network, penetrations are usually launched on weekends, when attacks in many cases take more time to detect. This compounds the difficulty of quickly mobilizing and orchestrating a capable response team.
Progent provides an assortment of help services for protecting Anaheim enterprises from ransomware penetrations. These include staff education to become familiar with and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat protection to detect and disable zero-day malware assaults. Progent also can provide the services of experienced ransomware recovery consultants with the skills and perseverance to reconstruct a breached system as rapidly as possible.
Progent's Ransomware Recovery Services
After a crypto-ransomware invasion, sending the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will respond with the keys to decrypt any or all of your information. Kaspersky ascertained that 17% of crypto-ransomware victims never restored their data even after having sent off the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The alternative is to piece back together the mission-critical elements of your IT environment. Absent the availability of complete information backups, this calls for a wide complement of skills, well-coordinated team management, and the willingness to work 24x7 until the recovery project is done.
For two decades, Progent has provided certified expert IT services for companies throughout the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have been awarded high-level certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have earned internationally-recognized industry certifications including CISA, CISSP, CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience in financial management and ERP software solutions. This breadth of expertise provides Progent the skills to rapidly understand critical systems and consolidate the surviving components of your network system after a ransomware event and rebuild them into an operational network.
Progent's recovery team of experts uses state-of-the-art project management applications to orchestrate the complex restoration process. Progent understands the urgency of working rapidly and together with a customer's management and IT resources to prioritize tasks and to put key services back on line as fast as possible.
Business Case Study: A Successful Ransomware Incident Recovery
A business sought out Progent after their company was crashed by Ryuk crypto-ransomware. Ryuk is thought to have been created by North Korean government sponsored cybercriminals, possibly adopting algorithms exposed from the U.S. National Security Agency. Ryuk attacks specific businesses with limited ability to sustain operational disruption and is one of the most lucrative examples of ransomware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing business based in Chicago and has around 500 employees. The Ryuk event had shut down all essential operations and manufacturing capabilities. Most of the client's data backups had been directly accessible at the beginning of the intrusion and were damaged. The client was evaluating paying the ransom (in excess of $200,000) and praying for good luck, but in the end brought in Progent.
Progent worked hand in hand the client to rapidly determine and prioritize the key systems that needed to be recovered to make it possible to continue business functions:
In less than two days, Progent was able to recover Active Directory services to its pre-penetration state. Progent then helped perform rebuilding and storage recovery of critical applications. All Microsoft Exchange Server data and configuration information were usable, which greatly helped the restore of Exchange. Progent was able to collect intact OST data files (Outlook Offline Data Files) on staff PCs and laptops to recover email information. A not too old offline backup of the customer's accounting software made it possible to restore these required services back on-line. Although significant work was left to recover completely from the Ryuk event, the most important systems were returned to operations quickly:
Over the next couple of weeks important milestones in the recovery process were completed in tight cooperation between Progent engineers and the customer:
Conclusion
A potential business catastrophe was avoided with results-oriented professionals, a broad array of subject matter expertise, and close teamwork. Although in hindsight the ransomware virus penetration detailed here could have been disabled with advanced security technology and NIST Cybersecurity Framework best practices, user and IT administrator education, and well thought out incident response procedures for backup and keeping systems up to date with security patches, the reality is that government-sponsored criminal cyber gangs from China, North Korea and elsewhere are tireless and are an ongoing threat. If you do fall victim to a crypto-ransomware virus, feel confident that Progent's roster of professionals has a proven track record in crypto-ransomware virus defense, removal, and information systems disaster recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Anaheim
For ransomware system restoration services in the Anaheim area, phone Progent at