Crypto-Ransomware : Your Crippling Information Technology Catastrophe
Ransomware has become an escalating cyber pandemic that poses an enterprise-level danger for organizations unprepared for an attack. Different iterations of ransomware such as CrySIS, Fusob, Locky, Syskey and MongoLock cryptoworms have been replicating for many years and continue to inflict destruction. More recent versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, as well as more unnamed malware, not only encrypt online critical data but also infect all configured system backups. Information replicated to the cloud can also be encrypted. In a poorly architected system, it can render automated recovery useless and effectively sets the network back to square one.
Getting back online applications and data after a ransomware outage becomes a race against the clock as the targeted business tries its best to stop the spread, clear the ransomware, and restore enterprise-critical activity. Due to the fact that crypto-ransomware requires time to replicate across a network, penetrations are often launched on weekends and holidays, when successful penetrations in many cases take longer to uncover. This multiplies the difficulty of promptly mobilizing and orchestrating a capable response team.
Progent offers a range of support services for securing Bellevue organizations from ransomware attacks. These include staff training to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's AI-based threat protection to detect and suppress day-zero modern malware assaults. Progent in addition offers the assistance of expert ransomware recovery engineers with the track record and perseverance to restore a compromised environment as rapidly as possible.
Progent's Ransomware Restoration Services
Soon after a crypto-ransomware penetration, sending the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will respond with the needed keys to unencrypt any or all of your information. Kaspersky determined that 17% of ransomware victims never recovered their data after having sent off the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms are often a few hundred thousand dollars. For larger organizations, the ransom can reach millions of dollars. The fallback is to setup from scratch the essential elements of your Information Technology environment. Absent the availability of full data backups, this requires a broad complement of skills, top notch team management, and the willingness to work continuously until the task is complete.
For decades, Progent has offered expert IT services for businesses throughout the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have been awarded top industry certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security experts have earned internationally-recognized certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has expertise in accounting and ERP application software. This breadth of experience provides Progent the skills to knowledgably identify necessary systems and integrate the remaining components of your Information Technology system after a ransomware event and rebuild them into an operational network.
Progent's recovery team uses top notch project management tools to coordinate the complex restoration process. Progent understands the importance of working quickly and in unison with a customer's management and Information Technology resources to prioritize tasks and to get critical services back on-line as fast as possible.
Client Story: A Successful Ransomware Incident Restoration
A customer engaged Progent after their company was brought down by the Ryuk ransomware. Ryuk is generally considered to have been developed by North Korean state hackers, suspected of adopting approaches leaked from the United States National Security Agency. Ryuk goes after specific businesses with little tolerance for disruption and is among the most lucrative instances of ransomware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing business based in Chicago with about 500 staff members. The Ryuk event had shut down all essential operations and manufacturing capabilities. The majority of the client's data protection had been online at the time of the intrusion and were eventually encrypted. The client considered paying the ransom (more than $200K) and praying for the best, but in the end engaged Progent.
Progent worked together with the customer to quickly identify and prioritize the mission critical areas that needed to be recovered in order to restart departmental functions:
In less than 2 days, Progent was able to restore Active Directory services to its pre-attack state. Progent then accomplished reinstallations and storage recovery on critical servers. All Microsoft Exchange Server schema and attributes were usable, which accelerated the restore of Exchange. Progent was also able to find non-encrypted OST data files (Outlook Offline Data Files) on various workstations to recover mail data. A not too old offline backup of the client's financials/ERP software made them able to recover these essential applications back available to users. Although a large amount of work still had to be done to recover fully from the Ryuk event, critical systems were returned to operations rapidly:
During the next month key milestones in the restoration process were accomplished in tight cooperation between Progent engineers and the customer:
Conclusion
A probable company-ending catastrophe was dodged due to top-tier professionals, a broad spectrum of technical expertise, and tight teamwork. Although in analyzing the event afterwards the ransomware attack detailed here would have been disabled with modern cyber security technology solutions and NIST Cybersecurity Framework best practices, staff education, and appropriate security procedures for information backup and applying software patches, the fact remains that government-sponsored cybercriminals from China, North Korea and elsewhere are tireless and will continue. If you do get hit by a crypto-ransomware incident, remember that Progent's team of experts has substantial experience in ransomware virus blocking, mitigation, and information systems disaster recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Bellevue
For ransomware system restoration expertise in the Bellevue area, call Progent at