Ransomware : Your Worst IT Disaster
Ransomware has become an escalating cyberplague that represents an enterprise-level threat for organizations unprepared for an assault. Multiple generations of ransomware such as CrySIS, WannaCry, Locky, Syskey and MongoLock cryptoworms have been circulating for years and continue to inflict destruction. Modern variants of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, along with additional as yet unnamed viruses, not only encrypt online data files but also infect many available system protection. Information synchronized to the cloud can also be encrypted. In a poorly architected system, it can make automated restore operations useless and effectively knocks the datacenter back to square one.
Restoring programs and data following a ransomware attack becomes a race against the clock as the victim fights to contain and eradicate the ransomware and to resume enterprise-critical activity. Because ransomware needs time to spread, attacks are usually sprung on weekends, when successful attacks in many cases take longer to notice. This compounds the difficulty of promptly assembling and orchestrating a qualified response team.
Progent makes available a range of support services for protecting Barra da Tijuca enterprises from ransomware events. Among these are team member training to help recognize and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat defense to identify and disable day-zero modern malware assaults. Progent also provides the services of experienced ransomware recovery professionals with the talent and perseverance to re-deploy a compromised network as soon as possible.
Progent's Crypto-Ransomware Recovery Help
Following a ransomware penetration, paying the ransom demands in Bitcoin cryptocurrency does not ensure that distant criminals will return the needed keys to unencrypt all your information. Kaspersky Labs determined that 17% of crypto-ransomware victims never restored their data even after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is well above the typical ransomware demands, which ZDNET determined to be around $13,000 for small businesses. The fallback is to piece back together the key components of your IT environment. Without the availability of complete data backups, this calls for a broad range of skills, well-coordinated team management, and the capability to work continuously until the job is complete.
For twenty years, Progent has made available professional IT services for companies across the US and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have garnered internationally-recognized industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent also has experience with accounting and ERP applications. This breadth of experience affords Progent the skills to rapidly determine critical systems and integrate the remaining parts of your network environment after a ransomware penetration and rebuild them into a functioning network.
Progent's ransomware team of experts has powerful project management applications to coordinate the complicated restoration process. Progent understands the importance of acting swiftly and in concert with a client's management and IT team members to assign priority to tasks and to put critical systems back online as fast as possible.
Customer Story: A Successful Ransomware Virus Response
A client hired Progent after their organization was attacked by the Ryuk ransomware. Ryuk is believed to have been developed by Northern Korean government sponsored criminal gangs, possibly using techniques exposed from the United States National Security Agency. Ryuk seeks specific companies with little or no room for operational disruption and is among the most lucrative versions of ransomware. Well Known targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a single-location manufacturing company located in Chicago with around 500 staff members. The Ryuk event had paralyzed all essential operations and manufacturing processes. The majority of the client's backups had been directly accessible at the time of the attack and were damaged. The client was actively seeking loans for paying the ransom (exceeding two hundred thousand dollars) and wishfully thinking for the best, but ultimately brought in Progent.
Progent worked with the customer to quickly get our arms around and assign priority to the essential services that needed to be addressed to make it possible to resume departmental operations:
In less than two days, Progent was able to rebuild Active Directory services to its pre-virus state. Progent then charged ahead with reinstallations and storage recovery of mission critical servers. All Exchange schema and attributes were intact, which accelerated the restore of Exchange. Progent was able to find non-encrypted OST data files (Outlook Off-Line Folder Files) on team workstations and laptops in order to recover email information. A recent offline backup of the client's manufacturing software made it possible to return these required programs back on-line. Although a lot of work needed to be completed to recover completely from the Ryuk attack, essential systems were restored rapidly:
Throughout the following few weeks key milestones in the restoration process were completed in tight cooperation between Progent engineers and the client:
Conclusion
A possible business disaster was averted with results-oriented professionals, a wide array of knowledge, and close teamwork. Although in post mortem the crypto-ransomware virus penetration described here would have been blocked with current security technology solutions and security best practices, user and IT administrator training, and well designed security procedures for data backup and proper patching controls, the reality is that state-sponsored criminal cyber gangs from Russia, China and elsewhere are relentless and are not going away. If you do fall victim to a ransomware penetration, remember that Progent's team of professionals has proven experience in ransomware virus blocking, mitigation, and information systems recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Expertise in Barra da Tijuca
For ransomware system recovery consulting in the Barra da Tijuca metro area, call Progent at