Ransomware : Your Crippling IT Disaster
Crypto-Ransomware has become a modern cyberplague that represents an extinction-level danger for businesses of all sizes vulnerable to an attack. Versions of ransomware like the Reveton, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been circulating for many years and continue to cause harm. More recent strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as frequent unnamed malware, not only encrypt online files but also infect any accessible system backup. Information synchronized to off-premises disaster recovery sites can also be encrypted. In a vulnerable environment, this can make automated restore operations impossible and basically knocks the entire system back to square one.
Getting back online services and information after a ransomware attack becomes a sprint against the clock as the targeted organization struggles to contain, remove the crypto-ransomware, and restore business-critical operations. Since ransomware requires time to spread across a network, assaults are often sprung on weekends, when successful penetrations are likely to take more time to recognize. This compounds the difficulty of quickly marshalling and organizing a capable response team.
Progent provides a variety of services for protecting Arlington businesses from ransomware penetrations. Among these are user training to become familiar with and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat defense to discover and quarantine day-zero malware assaults. Progent in addition can provide the assistance of expert crypto-ransomware recovery consultants with the skills and commitment to rebuild a compromised system as quickly as possible.
Progent's Ransomware Restoration Support Services
Following a ransomware attack, even paying the ransom demands in cryptocurrency does not ensure that cyber hackers will provide the needed codes to decipher any or all of your files. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their information even after having sent off the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms are often a few hundred thousand dollars. For larger organizations, the ransom can be in the millions of dollars. The other path is to re-install the key parts of your IT environment. Absent access to complete system backups, this calls for a broad complement of skills, professional project management, and the ability to work 24x7 until the recovery project is completed.
For two decades, Progent has provided professional IT services for companies throughout the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have been awarded high-level industry certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security experts have garnered internationally-renowned certifications including CISM, CISSP-ISSAP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has experience in financial systems and ERP software solutions. This breadth of expertise gives Progent the capability to rapidly identify important systems and re-organize the remaining components of your network environment after a ransomware penetration and rebuild them into a functioning system.
Progent's ransomware team of experts has powerful project management systems to orchestrate the complex recovery process. Progent knows the urgency of acting quickly and in unison with a customer's management and IT resources to prioritize tasks and to put key applications back on-line as soon as humanly possible.
Client Case Study: A Successful Ransomware Attack Restoration
A business contacted Progent after their company was attacked by the Ryuk ransomware. Ryuk is thought to have been launched by North Korean government sponsored cybercriminals, suspected of using approaches leaked from the United States NSA organization. Ryuk goes after specific companies with little room for disruption and is one of the most lucrative examples of crypto-ransomware. Headline organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in Chicago with around 500 employees. The Ryuk penetration had brought down all business operations and manufacturing processes. The majority of the client's backups had been on-line at the beginning of the intrusion and were encrypted. The client considered paying the ransom (in excess of two hundred thousand dollars) and praying for the best, but in the end brought in Progent.
Progent worked with the customer to rapidly identify and prioritize the critical services that needed to be recovered to make it possible to resume departmental functions:
Within 48 hours, Progent was able to recover Windows Active Directory to its pre-intrusion state. Progent then charged ahead with setup and hard drive recovery of critical applications. All Microsoft Exchange Server schema and configuration information were intact, which accelerated the restore of Exchange. Progent was also able to assemble intact OST files (Outlook Email Off-Line Data Files) on staff PCs and laptops in order to recover email data. A not too old off-line backup of the customer's financials/ERP software made them able to recover these required programs back available to users. Although major work was left to recover totally from the Ryuk virus, the most important systems were recovered rapidly:
Throughout the following month critical milestones in the restoration project were made in tight cooperation between Progent engineers and the client:
Conclusion
A probable company-ending catastrophe was evaded with results-oriented professionals, a broad range of subject matter expertise, and close collaboration. Although in hindsight the crypto-ransomware virus penetration described here would have been identified and prevented with advanced security technology and best practices, user education, and well thought out incident response procedures for information protection and applying software patches, the reality remains that state-sponsored cyber criminals from China, North Korea and elsewhere are relentless and will continue. If you do get hit by a crypto-ransomware incident, remember that Progent's roster of experts has extensive experience in ransomware virus blocking, cleanup, and information systems disaster recovery.
Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Arlington
For ransomware cleanup consulting in the Arlington metro area, phone Progent at