Crypto-Ransomware : Your Feared IT Disaster
Crypto-Ransomware has become a modern cyber pandemic that poses an enterprise-level threat for businesses of all sizes unprepared for an assault. Different versions of crypto-ransomware such as Reveton, WannaCry, Locky, Syskey and MongoLock cryptoworms have been replicating for a long time and continue to cause damage. Modern versions of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as additional as yet unnamed viruses, not only encrypt online files but also infiltrate most accessible system backups. Data synchronized to the cloud can also be rendered useless. In a vulnerable data protection solution, this can render automatic recovery impossible and effectively knocks the datacenter back to zero.
Getting back applications and information after a ransomware outage becomes a race against the clock as the victim tries its best to stop the spread, remove the crypto-ransomware, and resume mission-critical operations. Due to the fact that ransomware takes time to replicate throughout a targeted network, attacks are often sprung during nights and weekends, when successful attacks in many cases take longer to uncover. This compounds the difficulty of promptly mobilizing and orchestrating a capable response team.
Progent offers a range of services for securing Atlanta businesses from ransomware events. These include team member education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based threat protection to identify and disable zero-day modern malware attacks. Progent also can provide the assistance of seasoned ransomware recovery consultants with the track record and perseverance to re-deploy a breached environment as soon as possible.
Progent's Crypto-Ransomware Recovery Support Services
Subsequent to a crypto-ransomware event, sending the ransom demands in cryptocurrency does not guarantee that cyber criminals will return the keys to decrypt any of your information. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their files after having sent off the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms are commonly several hundred thousand dollars. For larger enterprises, the ransom demand can reach millions. The alternative is to setup from scratch the mission-critical components of your Information Technology environment. Absent the availability of complete data backups, this calls for a broad complement of IT skills, professional project management, and the ability to work 24x7 until the job is done.
For two decades, Progent has made available expert Information Technology services for companies throughout the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have earned advanced industry certifications in important technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have garnered internationally-recognized certifications including CISA, CISSP, CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience in accounting and ERP application software. This breadth of expertise provides Progent the skills to quickly determine critical systems and integrate the surviving pieces of your computer network environment after a ransomware attack and rebuild them into a functioning system.
Progent's recovery team of experts utilizes state-of-the-art project management tools to coordinate the complex recovery process. Progent knows the urgency of acting quickly and in concert with a customer's management and IT team members to prioritize tasks and to get critical applications back on line as soon as possible.
Customer Case Study: A Successful Crypto-Ransomware Virus Recovery
A customer engaged Progent after their company was brought down by the Ryuk ransomware. Ryuk is thought to have been deployed by North Korean state criminal gangs, suspected of adopting algorithms leaked from the United States NSA organization. Ryuk targets specific businesses with limited ability to sustain disruption and is among the most lucrative iterations of ransomware. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing business located in the Chicago metro area with about 500 staff members. The Ryuk intrusion had paralyzed all company operations and manufacturing capabilities. Most of the client's data protection had been on-line at the time of the intrusion and were encrypted. The client was evaluating paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for the best, but in the end reached out to Progent.
Progent worked with the customer to quickly understand and prioritize the mission critical areas that needed to be restored to make it possible to resume business functions:
Within 48 hours, Progent was able to restore Active Directory services to its pre-penetration state. Progent then performed rebuilding and storage recovery on key applications. All Microsoft Exchange Server ties and attributes were intact, which accelerated the rebuild of Exchange. Progent was also able to locate intact OST data files (Outlook Offline Folder Files) on various workstations and laptops in order to recover mail information. A recent off-line backup of the businesses financials/ERP systems made them able to restore these essential services back servicing users. Although a lot of work was left to recover fully from the Ryuk damage, the most important systems were returned to operations quickly:
Throughout the following month critical milestones in the restoration project were completed through tight collaboration between Progent team members and the client:
Conclusion
A probable business extinction catastrophe was dodged through the efforts of top-tier professionals, a wide array of technical expertise, and close collaboration. Although in post mortem the ransomware virus penetration described here could have been identified and prevented with up-to-date security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator education, and well designed incident response procedures for data protection and applying software patches, the reality is that government-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a ransomware incursion, remember that Progent's team of experts has substantial experience in ransomware virus blocking, remediation, and file disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Atlanta
For ransomware system restoration services in the Atlanta area, phone Progent at