Ransomware : Your Worst Information Technology Catastrophe
Ransomware has become an escalating cyber pandemic that poses an existential threat for businesses of all sizes poorly prepared for an assault. Different versions of ransomware such as Reveton, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for years and continue to cause damage. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus additional as yet unnamed viruses, not only do encryption of on-line files but also infiltrate any configured system protection mechanisms. Files synchronized to cloud environments can also be corrupted. In a poorly architected system, this can make any restoration useless and effectively knocks the network back to square one.
Getting back online programs and information following a ransomware event becomes a race against the clock as the targeted organization struggles to contain and remove the ransomware and to restore business-critical activity. Due to the fact that ransomware requires time to move laterally, assaults are usually launched at night, when penetrations are likely to take more time to discover. This compounds the difficulty of rapidly mobilizing and organizing an experienced mitigation team.
Progent has a range of services for protecting Bellevue enterprises from ransomware events. Among these are staff training to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's AI-based cyberthreat protection to identify and suppress zero-day malware attacks. Progent also provides the assistance of seasoned ransomware recovery consultants with the skills and commitment to restore a breached environment as rapidly as possible.
Progent's Ransomware Recovery Help
Soon after a crypto-ransomware penetration, paying the ransom in Bitcoin cryptocurrency does not ensure that criminal gangs will respond with the needed codes to decrypt all your files. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their information even after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is well above the usual ransomware demands, which ZDNET estimated to be around $13,000 for smaller organizations. The fallback is to re-install the vital parts of your Information Technology environment. Absent access to complete data backups, this calls for a wide complement of skill sets, top notch project management, and the capability to work non-stop until the job is finished.
For two decades, Progent has made available expert Information Technology services for companies across the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have been awarded top industry certifications in important technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity engineers have earned internationally-recognized industry certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise with financial systems and ERP applications. This breadth of expertise affords Progent the capability to quickly determine necessary systems and re-organize the surviving pieces of your computer network system after a ransomware attack and configure them into an operational network.
Progent's ransomware team of experts uses best of breed project management applications to coordinate the sophisticated restoration process. Progent appreciates the urgency of working quickly and in concert with a client's management and Information Technology team members to prioritize tasks and to get essential services back on-line as fast as possible.
Case Study: A Successful Ransomware Virus Response
A business escalated to Progent after their network was taken over by Ryuk ransomware. Ryuk is generally considered to have been deployed by North Korean state sponsored criminal gangs, possibly adopting strategies exposed from the United States National Security Agency. Ryuk attacks specific companies with little or no room for disruption and is among the most lucrative instances of ransomware viruses. Major victims include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturer based in the Chicago metro area with around 500 workers. The Ryuk intrusion had brought down all essential operations and manufacturing processes. The majority of the client's information backups had been on-line at the start of the attack and were destroyed. The client was actively seeking loans for paying the ransom demand (in excess of $200,000) and hoping for the best, but ultimately made the decision to use Progent.
Progent worked together with the customer to quickly identify and assign priority to the essential applications that had to be recovered to make it possible to resume company functions:
In less than two days, Progent was able to restore Active Directory services to its pre-penetration state. Progent then charged ahead with setup and storage recovery of needed systems. All Exchange schema and configuration information were intact, which greatly helped the rebuild of Exchange. Progent was also able to collect local OST files (Outlook Email Off-Line Data Files) on user desktop computers and laptops to recover email data. A not too old off-line backup of the client's manufacturing software made them able to restore these vital applications back available to users. Although a large amount of work was left to recover fully from the Ryuk attack, core services were restored quickly:
During the next few weeks key milestones in the restoration project were made through close cooperation between Progent consultants and the client:
Conclusion
A possible business-ending disaster was avoided through the efforts of results-oriented professionals, a wide array of technical expertise, and close collaboration. Although in retrospect the ransomware virus attack detailed here could have been identified and blocked with modern cyber security solutions and security best practices, user training, and properly executed incident response procedures for data backup and keeping systems up to date with security patches, the fact is that government-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a ransomware incursion, feel confident that Progent's roster of experts has extensive experience in ransomware virus defense, mitigation, and file restoration.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Bellevue
For ransomware system restoration services in the Bellevue area, call Progent at