Ransomware : Your Feared IT Disaster
Ransomware has become a too-frequent cyber pandemic that represents an existential threat for businesses of all sizes unprepared for an assault. Different iterations of ransomware such as Reveton, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been replicating for many years and still cause harm. Modern versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, along with additional as yet unnamed newcomers, not only encrypt on-line files but also infiltrate many accessible system protection mechanisms. Files synchronized to the cloud can also be corrupted. In a poorly architected data protection solution, this can make automated recovery impossible and basically knocks the datacenter back to zero.
Recovering programs and information after a crypto-ransomware attack becomes a sprint against time as the victim tries its best to contain, cleanup the ransomware, and resume enterprise-critical activity. Due to the fact that crypto-ransomware needs time to replicate across a network, penetrations are frequently sprung at night, when attacks are likely to take longer to detect. This compounds the difficulty of promptly marshalling and coordinating a capable response team.
Progent has a range of support services for securing Arlington enterprises from crypto-ransomware events. These include user education to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based threat defense to identify and suppress zero-day malware assaults. Progent also provides the services of experienced ransomware recovery engineers with the track record and perseverance to restore a breached environment as quickly as possible.
Progent's Ransomware Recovery Services
Following a ransomware penetration, paying the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will provide the codes to decrypt any of your data. Kaspersky estimated that seventeen percent of ransomware victims never restored their files after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms are often a few hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions of dollars. The alternative is to piece back together the essential parts of your Information Technology environment. Without the availability of essential data backups, this requires a wide complement of skills, professional team management, and the capability to work continuously until the task is done.
For two decades, Progent has offered certified expert IT services for companies across the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have been awarded high-level industry certifications in important technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security consultants have earned internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience in accounting and ERP application software. This breadth of experience gives Progent the ability to efficiently understand important systems and re-organize the remaining parts of your Information Technology system after a crypto-ransomware event and configure them into an operational system.
Progent's security group uses best of breed project management tools to coordinate the complex restoration process. Progent appreciates the importance of acting rapidly and in unison with a client's management and Information Technology team members to prioritize tasks and to put the most important systems back on-line as fast as possible.
Client Story: A Successful Ransomware Virus Recovery
A business escalated to Progent after their company was attacked by the Ryuk crypto-ransomware. Ryuk is believed to have been deployed by North Korean state criminal gangs, possibly using strategies exposed from the United States National Security Agency. Ryuk targets specific companies with limited tolerance for disruption and is one of the most lucrative instances of ransomware. Major victims include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing business located in Chicago and has around 500 staff members. The Ryuk attack had frozen all company operations and manufacturing capabilities. The majority of the client's data protection had been directly accessible at the start of the attack and were encrypted. The client was evaluating paying the ransom demand (more than $200K) and praying for good luck, but in the end engaged Progent.
Progent worked hand in hand the client to rapidly assess and assign priority to the critical services that had to be recovered to make it possible to restart company functions:
Within two days, Progent was able to recover Active Directory to its pre-attack state. Progent then performed rebuilding and hard drive recovery on essential systems. All Exchange Server schema and configuration information were intact, which greatly helped the rebuild of Exchange. Progent was also able to assemble non-encrypted OST files (Outlook Email Offline Data Files) on team desktop computers in order to recover email messages. A not too old offline backup of the customer's accounting/MRP systems made it possible to return these essential programs back on-line. Although significant work remained to recover fully from the Ryuk damage, the most important services were returned to operations rapidly:
During the next month important milestones in the recovery project were accomplished through tight cooperation between Progent team members and the customer:
Conclusion
A potential business extinction catastrophe was averted by dedicated experts, a wide array of knowledge, and close teamwork. Although upon completion of forensics the crypto-ransomware incident described here should have been shut down with advanced cyber security systems and best practices, user training, and properly executed incident response procedures for data backup and keeping systems up to date with security patches, the fact remains that state-sponsored hackers from Russia, China and elsewhere are tireless and are not going away. If you do fall victim to a ransomware attack, remember that Progent's roster of experts has substantial experience in ransomware virus defense, mitigation, and information systems recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Expertise in Arlington
For ransomware system recovery services in the Arlington area, call Progent at