Ransomware : Your Feared IT Catastrophe
Ransomware has become a too-frequent cyberplague that presents an extinction-level threat for businesses poorly prepared for an attack. Different iterations of ransomware like the CrySIS, Fusob, Locky, Syskey and MongoLock cryptoworms have been circulating for a long time and still inflict havoc. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, plus additional as yet unnamed newcomers, not only encrypt online data files but also infiltrate all accessible system protection. Data replicated to off-premises disaster recovery sites can also be rendered useless. In a vulnerable data protection solution, this can make automated restore operations useless and effectively sets the network back to zero.
Getting back on-line programs and data after a ransomware outage becomes a sprint against the clock as the targeted organization fights to contain, clear the virus, and resume business-critical operations. Due to the fact that ransomware needs time to spread across a targeted network, attacks are usually sprung at night, when attacks typically take longer to detect. This multiplies the difficulty of promptly marshalling and orchestrating a qualified mitigation team.
Progent makes available a range of services for protecting Aurora businesses from crypto-ransomware attacks. Among these are team member education to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's AI-based threat defense to detect and suppress zero-day malware attacks. Progent in addition offers the services of veteran ransomware recovery consultants with the track record and perseverance to restore a breached network as urgently as possible.
Progent's Ransomware Recovery Support Services
After a ransomware penetration, paying the ransom in cryptocurrency does not provide any assurance that criminal gangs will provide the keys to decrypt all your files. Kaspersky Labs determined that seventeen percent of crypto-ransomware victims never restored their files after having paid the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms are often several hundred thousand dollars. For larger enterprises, the ransom can reach millions. The other path is to re-install the vital parts of your IT environment. Absent the availability of full data backups, this calls for a broad range of IT skills, top notch project management, and the ability to work continuously until the task is finished.
For two decades, Progent has made available professional Information Technology services for companies across the United States and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded advanced industry certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have garnered internationally-recognized certifications including CISA, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has expertise with financial systems and ERP applications. This breadth of expertise provides Progent the ability to knowledgably identify critical systems and organize the remaining pieces of your Information Technology environment after a ransomware penetration and assemble them into an operational system.
Progent's recovery team of experts has best of breed project management applications to orchestrate the complex recovery process. Progent appreciates the importance of working swiftly and in concert with a customer's management and IT team members to prioritize tasks and to get critical services back online as fast as possible.
Business Case Study: A Successful Ransomware Intrusion Recovery
A small business hired Progent after their organization was taken over by Ryuk ransomware virus. Ryuk is thought to have been launched by North Korean state sponsored hackers, possibly using technology leaked from the United States NSA organization. Ryuk seeks specific businesses with little or no room for operational disruption and is one of the most profitable examples of ransomware malware. High publicized organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a small manufacturing business headquartered in the Chicago metro area with about 500 workers. The Ryuk event had frozen all essential operations and manufacturing capabilities. The majority of the client's data protection had been online at the start of the intrusion and were destroyed. The client was pursuing financing for paying the ransom (exceeding $200K) and praying for the best, but ultimately reached out to Progent.
Progent worked together with the customer to quickly understand and prioritize the most important services that needed to be restored to make it possible to restart business operations:
Within 2 days, Progent was able to recover Active Directory services to its pre-intrusion state. Progent then charged ahead with rebuilding and hard drive recovery on the most important applications. All Exchange data and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was able to collect non-encrypted OST files (Outlook Email Offline Folder Files) on staff PCs and laptops to recover mail data. A not too old offline backup of the client's accounting/ERP software made them able to recover these vital programs back on-line. Although a lot of work remained to recover fully from the Ryuk virus, critical systems were restored rapidly:
Throughout the following month key milestones in the recovery project were achieved in tight cooperation between Progent engineers and the customer:
Conclusion
A likely business extinction disaster was dodged through the efforts of top-tier experts, a broad range of IT skills, and tight collaboration. Although in retrospect the crypto-ransomware incident detailed here should have been stopped with advanced cyber security solutions and NIST Cybersecurity Framework best practices, staff education, and well designed security procedures for backup and proper patching controls, the reality remains that state-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a crypto-ransomware penetration, feel confident that Progent's roster of experts has a proven track record in ransomware virus defense, removal, and file recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Aurora
For ransomware system restoration consulting in the Aurora area, call Progent at