Crypto-Ransomware : Your Feared Information Technology Catastrophe
Ransomware has become a too-frequent cyberplague that presents an enterprise-level danger for businesses vulnerable to an assault. Different iterations of ransomware like the CrySIS, CryptoWall, Locky, SamSam and MongoLock cryptoworms have been running rampant for years and still cause destruction. More recent strains of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with additional as yet unnamed newcomers, not only encrypt on-line data but also infect most accessible system backups. Files synched to the cloud can also be corrupted. In a poorly designed data protection solution, this can render automated restore operations impossible and basically sets the entire system back to square one.
Getting back applications and information after a ransomware event becomes a sprint against time as the targeted organization struggles to contain the damage, clear the virus, and resume enterprise-critical activity. Due to the fact that crypto-ransomware requires time to spread across a network, penetrations are usually sprung on weekends, when successful attacks are likely to take more time to recognize. This multiplies the difficulty of rapidly marshalling and coordinating a capable mitigation team.
Progent has an assortment of solutions for securing Bellevue businesses from ransomware events. These include user education to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat defense to identify and disable zero-day modern malware attacks. Progent in addition can provide the assistance of expert ransomware recovery consultants with the talent and perseverance to restore a compromised network as rapidly as possible.
Progent's Ransomware Recovery Help
Subsequent to a ransomware invasion, even paying the ransom in cryptocurrency does not provide any assurance that merciless criminals will return the needed keys to unencrypt any of your information. Kaspersky Labs estimated that 17% of crypto-ransomware victims never recovered their information even after having sent off the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom can be in the millions. The fallback is to re-install the mission-critical parts of your Information Technology environment. Without access to full information backups, this requires a broad range of skills, well-coordinated team management, and the ability to work non-stop until the task is finished.
For two decades, Progent has made available expert Information Technology services for businesses across the United States and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have attained top industry certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity engineers have earned internationally-recognized certifications including CISM, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience with financial systems and ERP software solutions. This breadth of expertise provides Progent the skills to efficiently determine important systems and consolidate the remaining components of your IT system after a ransomware event and assemble them into an operational system.
Progent's ransomware team deploys best of breed project management applications to coordinate the sophisticated recovery process. Progent appreciates the importance of working quickly and together with a customer's management and Information Technology resources to prioritize tasks and to get essential services back on line as fast as humanly possible.
Client Story: A Successful Crypto-Ransomware Penetration Restoration
A client sought out Progent after their network was brought down by the Ryuk ransomware. Ryuk is believed to have been developed by North Korean state cybercriminals, suspected of using strategies leaked from the U.S. NSA organization. Ryuk seeks specific companies with little ability to sustain operational disruption and is one of the most lucrative iterations of ransomware viruses. Headline organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturer based in Chicago with about 500 employees. The Ryuk intrusion had frozen all company operations and manufacturing capabilities. The majority of the client's system backups had been on-line at the time of the intrusion and were encrypted. The client considered paying the ransom demand (in excess of $200K) and praying for the best, but in the end utilized Progent.
Progent worked with the client to quickly assess and assign priority to the mission critical systems that needed to be recovered in order to continue departmental functions:
Within two days, Progent was able to restore Active Directory to its pre-penetration state. Progent then helped perform setup and storage recovery of critical applications. All Microsoft Exchange Server schema and attributes were intact, which accelerated the rebuild of Exchange. Progent was also able to locate local OST data files (Outlook Email Off-Line Folder Files) on staff PCs and laptops in order to recover mail messages. A recent off-line backup of the businesses financials/MRP systems made it possible to recover these vital services back online. Although a lot of work was left to recover totally from the Ryuk damage, critical services were recovered rapidly:
During the following couple of weeks important milestones in the recovery process were achieved in tight cooperation between Progent engineers and the client:
Conclusion
A probable business-ending catastrophe was dodged by results-oriented experts, a wide spectrum of subject matter expertise, and close teamwork. Although in hindsight the crypto-ransomware virus attack described here should have been identified and prevented with up-to-date security technology solutions and recognized best practices, user and IT administrator education, and properly executed incident response procedures for backup and proper patching controls, the fact is that government-sponsored hackers from Russia, North Korea and elsewhere are relentless and are not going away. If you do get hit by a crypto-ransomware attack, feel confident that Progent's team of experts has proven experience in ransomware virus defense, removal, and information systems recovery.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Bellevue
For ransomware cleanup consulting services in the Bellevue metro area, phone Progent at