Ransomware : Your Worst Information Technology Disaster
Crypto-Ransomware has become a too-frequent cyber pandemic that represents an existential threat for organizations unprepared for an assault. Different versions of ransomware like the CrySIS, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been replicating for many years and still inflict harm. Modern variants of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with additional as yet unnamed viruses, not only perform encryption of on-line critical data but also infiltrate all configured system protection mechanisms. Information synched to off-premises disaster recovery sites can also be ransomed. In a poorly designed data protection solution, this can render automated restoration hopeless and basically sets the entire system back to square one.
Getting back applications and data after a ransomware outage becomes a race against the clock as the targeted business fights to stop lateral movement, cleanup the ransomware, and resume enterprise-critical activity. Because crypto-ransomware requires time to move laterally throughout a network, attacks are often launched during nights and weekends, when successful attacks tend to take more time to recognize. This compounds the difficulty of rapidly assembling and organizing a knowledgeable mitigation team.
Progent has an assortment of help services for securing Aurora businesses from crypto-ransomware attacks. Among these are team member training to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based threat defense to detect and extinguish day-zero malware attacks. Progent also provides the assistance of experienced crypto-ransomware recovery professionals with the skills and perseverance to re-deploy a compromised environment as urgently as possible.
Progent's Ransomware Restoration Services
Soon after a crypto-ransomware invasion, paying the ransom demands in cryptocurrency does not provide any assurance that cyber criminals will respond with the keys to decipher any or all of your data. Kaspersky ascertained that 17% of crypto-ransomware victims never recovered their information even after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom can be in the millions of dollars. The other path is to piece back together the critical parts of your Information Technology environment. Without access to essential data backups, this calls for a wide complement of skill sets, professional project management, and the willingness to work non-stop until the recovery project is finished.
For decades, Progent has offered expert Information Technology services for companies across the United States and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes professionals who have earned advanced certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have earned internationally-recognized industry certifications including CISM, CISSP, CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience with financial systems and ERP software solutions. This breadth of experience affords Progent the ability to knowledgably identify necessary systems and organize the surviving pieces of your network environment after a ransomware event and rebuild them into a functioning system.
Progent's security team uses powerful project management tools to orchestrate the complex recovery process. Progent knows the importance of acting swiftly and in unison with a customer's management and IT resources to assign priority to tasks and to get the most important applications back on line as soon as possible.
Client Case Study: A Successful Crypto-Ransomware Attack Response
A business contacted Progent after their company was brought down by the Ryuk ransomware. Ryuk is thought to have been launched by North Korean state hackers, suspected of using approaches exposed from the United States NSA organization. Ryuk targets specific companies with little ability to sustain disruption and is among the most profitable incarnations of ransomware. Headline targets include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturing business headquartered in Chicago and has about 500 staff members. The Ryuk attack had paralyzed all essential operations and manufacturing capabilities. Most of the client's data protection had been online at the beginning of the attack and were damaged. The client was evaluating paying the ransom demand (more than $200K) and wishfully thinking for the best, but ultimately brought in Progent.
Progent worked together with the client to rapidly assess and prioritize the essential systems that had to be addressed to make it possible to restart departmental operations:
Within 48 hours, Progent was able to recover Active Directory services to its pre-intrusion state. Progent then accomplished setup and storage recovery of needed systems. All Exchange ties and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to assemble intact OST files (Outlook Offline Folder Files) on user desktop computers to recover email information. A recent offline backup of the customer's financials/MRP systems made them able to recover these essential services back online for users. Although major work still had to be done to recover totally from the Ryuk virus, core services were recovered rapidly:
Throughout the next month key milestones in the restoration project were accomplished through close cooperation between Progent engineers and the customer:
Conclusion
A likely business-killing disaster was averted through the efforts of top-tier professionals, a wide range of IT skills, and tight teamwork. Although in analyzing the event afterwards the ransomware penetration described here could have been identified and blocked with up-to-date cyber security technology solutions and ISO/IEC 27001 best practices, user and IT administrator training, and appropriate incident response procedures for information protection and applying software patches, the reality is that government-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a crypto-ransomware attack, remember that Progent's team of experts has substantial experience in crypto-ransomware virus blocking, mitigation, and data disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting Services in Aurora
For ransomware system recovery expertise in the Aurora area, phone Progent at