Ransomware : Your Worst Information Technology Catastrophe
Ransomware has become a modern cyberplague that represents an enterprise-level danger for businesses unprepared for an attack. Multiple generations of ransomware like the CrySIS, WannaCry, Locky, Syskey and MongoLock cryptoworms have been running rampant for a long time and still inflict damage. Modern variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, plus daily unnamed malware, not only encrypt online data but also infect many configured system restores and backups. Files synchronized to the cloud can also be rendered useless. In a poorly designed data protection solution, this can make automated recovery impossible and effectively knocks the entire system back to zero.
Getting back services and data following a ransomware event becomes a race against time as the victim tries its best to contain, cleanup the ransomware, and resume enterprise-critical activity. Since ransomware requires time to move laterally throughout a targeted network, attacks are frequently sprung on weekends, when penetrations in many cases take more time to notice. This multiplies the difficulty of quickly marshalling and organizing a qualified mitigation team.
Progent has an assortment of help services for securing Barra da Tijuca businesses from crypto-ransomware penetrations. Among these are team training to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat defense to identify and disable zero-day modern malware attacks. Progent also offers the services of seasoned crypto-ransomware recovery consultants with the talent and perseverance to re-deploy a compromised system as rapidly as possible.
Progent's Ransomware Recovery Services
Following a crypto-ransomware event, sending the ransom in cryptocurrency does not ensure that distant criminals will return the keys to decrypt any of your information. Kaspersky estimated that 17% of ransomware victims never restored their information even after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom demand can reach millions. The fallback is to piece back together the critical components of your IT environment. Absent access to complete data backups, this calls for a broad complement of IT skills, well-coordinated team management, and the willingness to work continuously until the job is complete.
For decades, Progent has made available certified expert IT services for companies across the U.S. and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have earned top certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have garnered internationally-renowned industry certifications including CISM, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience with financial management and ERP application software. This breadth of expertise provides Progent the skills to quickly ascertain necessary systems and organize the surviving pieces of your IT system following a ransomware event and assemble them into a functioning system.
Progent's security team of experts has powerful project management tools to coordinate the complex recovery process. Progent understands the urgency of acting quickly and in unison with a client's management and Information Technology resources to assign priority to tasks and to get key systems back online as fast as possible.
Client Case Study: A Successful Ransomware Intrusion Response
A small business contacted Progent after their network was penetrated by Ryuk crypto-ransomware. Ryuk is believed to have been launched by North Korean state sponsored hackers, suspected of using approaches exposed from America's NSA organization. Ryuk attacks specific businesses with little or no tolerance for operational disruption and is among the most lucrative versions of ransomware malware. Major organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing company located in the Chicago metro area with about 500 employees. The Ryuk penetration had paralyzed all business operations and manufacturing processes. Most of the client's data protection had been directly accessible at the time of the attack and were destroyed. The client was actively seeking loans for paying the ransom (more than two hundred thousand dollars) and hoping for the best, but in the end reached out to Progent.
Progent worked with the customer to rapidly determine and prioritize the most important applications that needed to be restored in order to resume business operations:
Within two days, Progent was able to rebuild Windows Active Directory to its pre-penetration state. Progent then performed setup and hard drive recovery of mission critical systems. All Microsoft Exchange Server data and configuration information were usable, which greatly helped the restore of Exchange. Progent was able to find local OST data files (Outlook Offline Folder Files) on various desktop computers and laptops to recover email messages. A recent off-line backup of the businesses financials/MRP software made them able to restore these required services back online for users. Although a lot of work still had to be done to recover totally from the Ryuk attack, core systems were returned to operations rapidly:
During the next couple of weeks critical milestones in the recovery project were completed through tight cooperation between Progent consultants and the client:
Conclusion
A possible business extinction disaster was dodged due to top-tier experts, a broad spectrum of IT skills, and tight teamwork. Although in hindsight the ransomware virus penetration detailed here could have been disabled with modern security systems and security best practices, staff education, and well designed security procedures for information backup and applying software patches, the reality remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incursion, feel confident that Progent's team of experts has substantial experience in ransomware virus defense, cleanup, and file disaster recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting in Barra da Tijuca
For ransomware recovery consulting in the Barra da Tijuca area, call Progent at