Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become a too-frequent cyberplague that represents an existential threat for organizations vulnerable to an assault. Multiple generations of ransomware such as CryptoLocker, Fusob, Locky, Syskey and MongoLock cryptoworms have been circulating for a long time and continue to inflict destruction. More recent variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with more unnamed newcomers, not only perform encryption of on-line information but also infect many accessible system restores and backups. Data replicated to cloud environments can also be corrupted. In a poorly architected data protection solution, this can make automated recovery impossible and effectively sets the network back to zero.
Getting back on-line programs and information after a ransomware attack becomes a sprint against the clock as the victim tries its best to contain the damage, remove the crypto-ransomware, and restore enterprise-critical operations. Because ransomware takes time to spread across a network, attacks are usually sprung during weekends and nights, when attacks tend to take longer to discover. This multiplies the difficulty of promptly marshalling and coordinating a capable response team.
Progent makes available an assortment of help services for protecting Bellevue businesses from ransomware penetrations. Among these are staff training to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's AI-based threat defense to identify and suppress day-zero malware assaults. Progent in addition offers the services of experienced ransomware recovery consultants with the talent and perseverance to rebuild a compromised network as rapidly as possible.
Progent's Crypto-Ransomware Recovery Support Services
Soon after a ransomware event, sending the ransom in cryptocurrency does not guarantee that criminal gangs will respond with the needed codes to unencrypt all your data. Kaspersky Labs determined that seventeen percent of crypto-ransomware victims never recovered their data even after having paid the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger enterprises, the ransom demand can reach millions. The fallback is to re-install the critical elements of your Information Technology environment. Absent the availability of full data backups, this calls for a broad complement of skill sets, well-coordinated team management, and the ability to work continuously until the task is completed.
For two decades, Progent has offered professional Information Technology services for companies throughout the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned advanced certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity engineers have garnered internationally-recognized industry certifications including CISA, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has experience in financial systems and ERP application software. This breadth of experience affords Progent the capability to knowledgably identify important systems and re-organize the surviving components of your Information Technology system following a crypto-ransomware penetration and configure them into a functioning system.
Progent's security group has top notch project management tools to orchestrate the complicated restoration process. Progent understands the urgency of acting rapidly and in unison with a customer's management and Information Technology team members to prioritize tasks and to get key applications back on line as fast as possible.
Case Study: A Successful Ransomware Penetration Response
A business contacted Progent after their network system was brought down by Ryuk ransomware. Ryuk is generally considered to have been created by North Korean state criminal gangs, suspected of using algorithms leaked from the United States NSA organization. Ryuk targets specific companies with little or no tolerance for operational disruption and is among the most lucrative examples of ransomware viruses. Headline targets include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing business headquartered in Chicago and has about 500 staff members. The Ryuk attack had frozen all essential operations and manufacturing capabilities. Most of the client's data backups had been on-line at the beginning of the attack and were destroyed. The client considered paying the ransom demand (exceeding two hundred thousand dollars) and praying for the best, but ultimately reached out to Progent.
Progent worked hand in hand the customer to rapidly assess and prioritize the mission critical systems that needed to be addressed to make it possible to continue business functions:
Within 48 hours, Progent was able to restore Active Directory to its pre-penetration state. Progent then helped perform reinstallations and storage recovery of mission critical applications. All Microsoft Exchange Server schema and configuration information were intact, which greatly helped the rebuild of Exchange. Progent was also able to collect non-encrypted OST data files (Outlook Email Off-Line Data Files) on staff desktop computers to recover mail information. A not too old offline backup of the businesses accounting/ERP systems made it possible to restore these required applications back available to users. Although major work was left to recover completely from the Ryuk damage, essential services were returned to operations rapidly:
Throughout the next couple of weeks important milestones in the restoration process were accomplished through tight cooperation between Progent engineers and the customer:
Conclusion
A likely company-ending disaster was dodged by results-oriented professionals, a wide array of IT skills, and close teamwork. Although in analyzing the event afterwards the ransomware virus attack described here should have been shut down with up-to-date security technology and security best practices, user and IT administrator education, and properly executed incident response procedures for data protection and proper patching controls, the reality remains that state-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a ransomware penetration, feel confident that Progent's team of experts has proven experience in ransomware virus blocking, cleanup, and information systems recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Bellevue
For ransomware system restoration consulting in the Bellevue area, call Progent at