Crypto-Ransomware : Your Crippling IT Catastrophe
Ransomware has become a modern cyber pandemic that presents an extinction-level danger for organizations unprepared for an attack. Different versions of ransomware such as Dharma, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been out in the wild for years and continue to inflict harm. Modern versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with additional unnamed malware, not only do encryption of online data but also infiltrate most accessible system backups. Information synchronized to the cloud can also be encrypted. In a vulnerable system, this can make automatic restoration hopeless and basically sets the entire system back to zero.
Restoring programs and information following a crypto-ransomware event becomes a sprint against the clock as the targeted business struggles to stop the spread and eradicate the virus and to resume business-critical operations. Since ransomware takes time to spread, penetrations are often sprung during nights and weekends, when penetrations in many cases take more time to uncover. This multiplies the difficulty of rapidly marshalling and coordinating an experienced mitigation team.
Progent makes available an assortment of solutions for securing Arlington businesses from ransomware events. Among these are user training to help recognize and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's behavior-based threat protection to discover and quarantine zero-day modern malware attacks. Progent also offers the assistance of expert ransomware recovery professionals with the skills and perseverance to re-deploy a breached network as soon as possible.
Progent's Ransomware Restoration Help
Soon after a crypto-ransomware penetration, paying the ransom demands in cryptocurrency does not ensure that cyber criminals will provide the needed codes to unencrypt any or all of your information. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their files after having paid the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is well above the average crypto-ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller organizations. The other path is to piece back together the vital elements of your IT environment. Without the availability of essential information backups, this calls for a broad complement of skills, professional project management, and the willingness to work 24x7 until the task is completed.
For two decades, Progent has made available professional Information Technology services for businesses across the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have earned high-level industry certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has expertise in financial management and ERP software solutions. This breadth of expertise affords Progent the ability to knowledgably understand important systems and organize the surviving components of your Information Technology system following a ransomware penetration and assemble them into an operational network.
Progent's security team of experts utilizes top notch project management applications to coordinate the complex recovery process. Progent appreciates the urgency of acting swiftly and together with a customer's management and IT team members to assign priority to tasks and to put the most important applications back on-line as fast as humanly possible.
Client Story: A Successful Crypto-Ransomware Incident Restoration
A customer engaged Progent after their network system was attacked by the Ryuk ransomware. Ryuk is believed to have been developed by Northern Korean government sponsored hackers, suspected of adopting strategies exposed from the United States National Security Agency. Ryuk seeks specific businesses with limited ability to sustain operational disruption and is among the most lucrative instances of ransomware malware. Well Known victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing company headquartered in Chicago with about 500 workers. The Ryuk event had shut down all essential operations and manufacturing capabilities. The majority of the client's information backups had been on-line at the beginning of the intrusion and were destroyed. The client considered paying the ransom demand (in excess of $200K) and praying for the best, but ultimately called Progent.
Progent worked with the client to quickly assess and assign priority to the mission critical systems that had to be recovered to make it possible to continue company operations:
In less than 48 hours, Progent was able to recover Active Directory services to its pre-virus state. Progent then completed rebuilding and hard drive recovery of critical applications. All Exchange Server ties and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to assemble non-encrypted OST files (Outlook Offline Folder Files) on team workstations to recover mail data. A recent offline backup of the client's financials/ERP software made it possible to recover these vital services back online. Although major work was left to recover fully from the Ryuk attack, essential services were returned to operations quickly:
During the next month key milestones in the recovery process were accomplished through tight cooperation between Progent team members and the client:
Conclusion
A probable business disaster was dodged through the efforts of top-tier professionals, a broad array of IT skills, and tight collaboration. Although in post mortem the crypto-ransomware virus incident detailed here would have been identified and disabled with modern security technology solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, team training, and well designed incident response procedures for information backup and proper patching controls, the fact is that state-sponsored cyber criminals from Russia, North Korea and elsewhere are tireless and are not going away. If you do get hit by a crypto-ransomware incursion, remember that Progent's roster of experts has extensive experience in ransomware virus defense, cleanup, and data disaster recovery.
Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Arlington
For ransomware system recovery consulting in the Arlington area, call Progent at