Crypto-Ransomware : Your Crippling IT Disaster
Ransomware has become an escalating cyber pandemic that poses an enterprise-level threat for businesses poorly prepared for an assault. Versions of ransomware such as Dharma, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been replicating for a long time and continue to inflict damage. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, as well as daily unnamed viruses, not only do encryption of on-line data but also infiltrate many available system restores and backups. Information synched to cloud environments can also be rendered useless. In a poorly architected environment, it can make any restore operations useless and effectively sets the network back to square one.
Getting back on-line programs and data following a ransomware outage becomes a race against time as the victim struggles to stop the spread and cleanup the crypto-ransomware and to resume mission-critical activity. Due to the fact that crypto-ransomware requires time to move laterally, attacks are frequently sprung on weekends and holidays, when penetrations tend to take more time to identify. This multiplies the difficulty of promptly assembling and coordinating a knowledgeable mitigation team.
Progent makes available a variety of services for protecting Barra da Tijuca enterprises from crypto-ransomware penetrations. Among these are team education to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based cyberthreat protection to detect and extinguish zero-day modern malware assaults. Progent in addition offers the services of experienced ransomware recovery professionals with the talent and perseverance to reconstruct a compromised environment as urgently as possible.
Progent's Crypto-Ransomware Recovery Services
After a ransomware event, sending the ransom demands in Bitcoin cryptocurrency does not ensure that cyber hackers will return the needed codes to decrypt all your files. Kaspersky ascertained that 17% of ransomware victims never restored their data even after having sent off the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly above the typical ransomware demands, which ZDNET estimated to be in the range of $13,000 for small businesses. The other path is to re-install the mission-critical elements of your IT environment. Absent access to full data backups, this requires a broad range of skill sets, top notch project management, and the ability to work non-stop until the recovery project is finished.
For two decades, Progent has made available professional IT services for businesses throughout the US and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have attained top certifications in key technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have earned internationally-recognized certifications including CISA, CISSP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent also has experience with accounting and ERP application software. This breadth of experience provides Progent the ability to rapidly understand important systems and consolidate the surviving pieces of your computer network environment following a crypto-ransomware event and rebuild them into an operational system.
Progent's ransomware team of experts deploys state-of-the-art project management tools to coordinate the complicated restoration process. Progent appreciates the urgency of acting rapidly and in concert with a client's management and Information Technology staff to assign priority to tasks and to put critical systems back on-line as soon as possible.
Business Case Study: A Successful Ransomware Incident Restoration
A customer engaged Progent after their company was penetrated by Ryuk crypto-ransomware. Ryuk is thought to have been created by Northern Korean state criminal gangs, suspected of adopting techniques leaked from the United States NSA organization. Ryuk attacks specific businesses with little tolerance for disruption and is among the most lucrative examples of ransomware. Well Known targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer located in Chicago with about 500 workers. The Ryuk intrusion had shut down all essential operations and manufacturing capabilities. The majority of the client's information backups had been directly accessible at the start of the intrusion and were damaged. The client was taking steps for paying the ransom (in excess of $200,000) and wishfully thinking for good luck, but ultimately made the decision to use Progent.
Progent worked with the customer to quickly get our arms around and prioritize the key services that had to be addressed to make it possible to restart business functions:
In less than two days, Progent was able to restore Active Directory services to its pre-penetration state. Progent then assisted with setup and storage recovery on key systems. All Exchange Server ties and attributes were intact, which accelerated the rebuild of Exchange. Progent was able to locate local OST data files (Outlook Email Offline Data Files) on team PCs in order to recover email data. A not too old off-line backup of the customer's financials/MRP software made them able to return these required programs back servicing users. Although significant work was left to recover totally from the Ryuk virus, essential services were restored quickly:
Over the next month critical milestones in the recovery process were completed through close cooperation between Progent team members and the customer:
Conclusion
A possible business disaster was evaded through the efforts of top-tier professionals, a wide spectrum of technical expertise, and tight teamwork. Although upon completion of forensics the ransomware penetration described here could have been identified and prevented with current cyber security systems and best practices, staff education, and well designed incident response procedures for information protection and keeping systems up to date with security patches, the reality remains that state-sponsored cyber criminals from Russia, China and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incident, feel confident that Progent's team of experts has a proven track record in ransomware virus blocking, remediation, and file recovery.
Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Barra da Tijuca
For ransomware system recovery consulting services in the Barra da Tijuca metro area, phone Progent at