Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become a modern cyberplague that presents an existential danger for businesses poorly prepared for an attack. Different iterations of ransomware such as Reveton, WannaCry, Locky, SamSam and MongoLock cryptoworms have been replicating for many years and still cause destruction. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with additional unnamed newcomers, not only encrypt on-line data but also infect many accessible system backup. Files synched to off-premises disaster recovery sites can also be encrypted. In a poorly architected environment, this can make automated restore operations useless and effectively sets the entire system back to zero.
Getting back applications and information after a ransomware outage becomes a sprint against the clock as the targeted organization struggles to contain the damage, remove the ransomware, and restore business-critical activity. Due to the fact that ransomware requires time to spread across a network, assaults are frequently launched on weekends, when attacks tend to take more time to notice. This multiplies the difficulty of rapidly mobilizing and coordinating a qualified mitigation team.
Progent provides a variety of solutions for securing Belo Horizonte organizations from ransomware attacks. Among these are staff education to help recognize and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat protection to detect and disable zero-day modern malware attacks. Progent also can provide the services of expert ransomware recovery consultants with the talent and perseverance to reconstruct a breached environment as quickly as possible.
Progent's Ransomware Recovery Support Services
Soon after a crypto-ransomware event, even paying the ransom in cryptocurrency does not guarantee that cyber criminals will return the keys to decipher all your information. Kaspersky determined that seventeen percent of crypto-ransomware victims never recovered their data even after having sent off the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom can be in the millions of dollars. The other path is to setup from scratch the mission-critical components of your IT environment. Absent access to full system backups, this calls for a broad range of skills, top notch team management, and the capability to work continuously until the job is done.
For two decades, Progent has offered expert IT services for companies across the United States and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have been awarded advanced certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have garnered internationally-renowned certifications including CISM, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has expertise with financial management and ERP application software. This breadth of experience provides Progent the ability to knowledgably determine important systems and integrate the surviving parts of your network environment after a ransomware penetration and assemble them into an operational system.
Progent's recovery team of experts utilizes powerful project management systems to orchestrate the complex restoration process. Progent appreciates the importance of working rapidly and together with a customer's management and Information Technology resources to prioritize tasks and to put critical services back on line as fast as humanly possible.
Business Case Study: A Successful Ransomware Incident Restoration
A small business escalated to Progent after their network was brought down by the Ryuk crypto-ransomware. Ryuk is thought to have been deployed by North Korean state sponsored hackers, possibly using algorithms leaked from the United States NSA organization. Ryuk targets specific organizations with little ability to sustain operational disruption and is one of the most profitable incarnations of ransomware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturing company located in the Chicago metro area with around 500 workers. The Ryuk penetration had brought down all essential operations and manufacturing capabilities. Most of the client's backups had been online at the time of the attack and were damaged. The client considered paying the ransom (more than two hundred thousand dollars) and praying for the best, but ultimately brought in Progent.
Progent worked hand in hand the client to rapidly understand and assign priority to the mission critical systems that had to be recovered in order to resume company functions:
In less than two days, Progent was able to rebuild Windows Active Directory to its pre-penetration state. Progent then accomplished setup and storage recovery of needed servers. All Exchange Server schema and attributes were usable, which greatly helped the restore of Exchange. Progent was able to collect non-encrypted OST files (Outlook Off-Line Folder Files) on staff desktop computers to recover email information. A not too old off-line backup of the customer's accounting systems made it possible to recover these vital services back servicing users. Although significant work still had to be done to recover fully from the Ryuk attack, critical systems were returned to operations rapidly:
Over the next few weeks important milestones in the restoration project were achieved through close cooperation between Progent team members and the client:
Conclusion
A probable business-killing disaster was dodged due to dedicated experts, a wide array of subject matter expertise, and tight teamwork. Although in analyzing the event afterwards the ransomware virus attack detailed here should have been identified and prevented with advanced security systems and recognized best practices, team training, and well designed incident response procedures for information backup and proper patching controls, the fact remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incursion, remember that Progent's roster of experts has proven experience in ransomware virus blocking, cleanup, and file restoration.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Expertise in Belo Horizonte
For ransomware system restoration services in the Belo Horizonte area, call Progent at