Crypto-Ransomware : Your Feared Information Technology Disaster
Ransomware has become an escalating cyber pandemic that represents an enterprise-level threat for businesses vulnerable to an assault. Multiple generations of ransomware like the Dharma, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for many years and continue to cause havoc. Modern strains of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, as well as additional as yet unnamed newcomers, not only perform encryption of online data files but also infiltrate most available system protection. Files synched to cloud environments can also be ransomed. In a vulnerable system, this can render automatic restoration useless and basically knocks the entire system back to zero.
Recovering programs and information after a ransomware outage becomes a sprint against the clock as the victim struggles to contain the damage, cleanup the ransomware, and restore enterprise-critical operations. Since ransomware takes time to replicate throughout a targeted network, penetrations are often launched during weekends and nights, when successful attacks are likely to take longer to identify. This multiplies the difficulty of quickly marshalling and orchestrating a knowledgeable mitigation team.
Progent offers an assortment of services for protecting Aurora enterprises from ransomware penetrations. Among these are staff education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based cyberthreat defense to discover and quarantine day-zero modern malware assaults. Progent in addition provides the services of seasoned ransomware recovery consultants with the talent and commitment to re-deploy a compromised environment as urgently as possible.
Progent's Ransomware Restoration Help
Soon after a crypto-ransomware invasion, sending the ransom in cryptocurrency does not ensure that cyber hackers will provide the needed codes to decrypt any of your files. Kaspersky estimated that 17% of ransomware victims never recovered their information even after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms are commonly several hundred thousand dollars. For larger enterprises, the ransom can be in the millions. The fallback is to piece back together the vital parts of your IT environment. Absent access to essential information backups, this calls for a wide complement of skills, professional team management, and the willingness to work continuously until the job is completed.
For decades, Progent has offered professional Information Technology services for companies throughout the US and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes consultants who have attained high-level certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have garnered internationally-renowned certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has expertise in financial management and ERP applications. This breadth of expertise gives Progent the capability to efficiently ascertain important systems and integrate the remaining pieces of your Information Technology environment following a ransomware penetration and assemble them into an operational network.
Progent's ransomware team deploys state-of-the-art project management systems to orchestrate the complicated recovery process. Progent understands the urgency of acting quickly and together with a client's management and Information Technology resources to assign priority to tasks and to put critical systems back on-line as fast as possible.
Customer Story: A Successful Ransomware Virus Response
A customer sought out Progent after their company was brought down by the Ryuk ransomware. Ryuk is believed to have been created by North Korean state hackers, possibly adopting technology exposed from America's National Security Agency. Ryuk targets specific organizations with little or no tolerance for disruption and is one of the most profitable versions of ransomware. Headline organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing business located in Chicago with around 500 workers. The Ryuk intrusion had brought down all essential operations and manufacturing capabilities. Most of the client's backups had been directly accessible at the start of the intrusion and were damaged. The client was evaluating paying the ransom (in excess of $200,000) and praying for the best, but ultimately called Progent.
Progent worked hand in hand the customer to quickly identify and prioritize the essential areas that had to be recovered in order to continue company functions:
In less than 48 hours, Progent was able to restore Active Directory services to its pre-penetration state. Progent then helped perform reinstallations and storage recovery of needed applications. All Microsoft Exchange Server schema and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was also able to collect non-encrypted OST files (Microsoft Outlook Offline Data Files) on team PCs to recover email data. A not too old offline backup of the businesses accounting/ERP systems made them able to return these vital programs back available to users. Although major work remained to recover fully from the Ryuk damage, essential services were recovered rapidly:
During the next few weeks important milestones in the restoration process were completed in close cooperation between Progent engineers and the client:
Conclusion
A likely enterprise-killing disaster was dodged with top-tier professionals, a broad array of subject matter expertise, and close collaboration. Although in analyzing the event afterwards the crypto-ransomware penetration detailed here should have been disabled with advanced security technology solutions and ISO/IEC 27001 best practices, user and IT administrator training, and properly executed incident response procedures for information backup and keeping systems up to date with security patches, the reality is that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do get hit by a ransomware incursion, feel confident that Progent's team of experts has proven experience in ransomware virus defense, cleanup, and information systems restoration.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Aurora
For ransomware recovery consulting in the Aurora area, phone Progent at