Crypto-Ransomware : Your Crippling Information Technology Catastrophe
Ransomware has become a too-frequent cyberplague that represents an enterprise-level threat for businesses vulnerable to an assault. Different iterations of ransomware such as Reveton, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been circulating for a long time and still inflict harm. Newer versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, as well as more unnamed newcomers, not only encrypt on-line data files but also infect all accessible system backups. Information replicated to cloud environments can also be ransomed. In a poorly designed data protection solution, it can render automatic restore operations useless and basically knocks the entire system back to zero.
Restoring services and information following a crypto-ransomware event becomes a race against the clock as the victim tries its best to stop the spread and clear the virus and to restore business-critical activity. Since crypto-ransomware needs time to replicate, penetrations are often sprung on weekends and holidays, when successful attacks typically take more time to identify. This compounds the difficulty of rapidly mobilizing and coordinating a qualified mitigation team.
Progent makes available a variety of services for securing Belo Horizonte enterprises from ransomware penetrations. These include user training to help recognize and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's AI-based cyberthreat defense to identify and suppress day-zero modern malware assaults. Progent also provides the services of expert crypto-ransomware recovery consultants with the track record and perseverance to reconstruct a compromised environment as soon as possible.
Progent's Crypto-Ransomware Recovery Services
Subsequent to a ransomware penetration, even paying the ransom demands in cryptocurrency does not guarantee that criminal gangs will respond with the codes to decipher any of your information. Kaspersky Labs estimated that 17% of crypto-ransomware victims never restored their files even after having sent off the ransom, resulting in more losses. The risk is also very costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is greatly above the average ransomware demands, which ZDNET estimated to be around $13,000 for small businesses. The other path is to piece back together the critical elements of your IT environment. Absent access to essential system backups, this calls for a wide complement of IT skills, professional team management, and the willingness to work 24x7 until the task is over.
For decades, Progent has offered expert Information Technology services for businesses throughout the US and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have been awarded high-level industry certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security consultants have earned internationally-recognized industry certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (Refer to Progent's certifications). Progent also has experience with accounting and ERP software solutions. This breadth of experience provides Progent the capability to rapidly ascertain important systems and organize the remaining components of your Information Technology environment after a ransomware event and assemble them into a functioning network.
Progent's ransomware group utilizes powerful project management applications to coordinate the sophisticated recovery process. Progent appreciates the urgency of working swiftly and in unison with a client's management and Information Technology resources to assign priority to tasks and to get critical systems back on line as fast as humanly possible.
Case Study: A Successful Ransomware Virus Response
A business hired Progent after their organization was taken over by Ryuk crypto-ransomware. Ryuk is generally considered to have been launched by North Korean government sponsored cybercriminals, suspected of using techniques exposed from the U.S. National Security Agency. Ryuk goes after specific businesses with little room for operational disruption and is among the most profitable incarnations of ransomware. Headline victims include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturer based in Chicago and has about 500 staff members. The Ryuk event had frozen all business operations and manufacturing processes. Most of the client's backups had been directly accessible at the time of the intrusion and were eventually encrypted. The client was actively seeking loans for paying the ransom demand (more than two hundred thousand dollars) and wishfully thinking for good luck, but in the end utilized Progent.
Progent worked with the customer to rapidly get our arms around and prioritize the critical services that needed to be restored in order to resume company operations:
In less than 48 hours, Progent was able to rebuild Active Directory to its pre-intrusion state. Progent then performed reinstallations and storage recovery of key systems. All Microsoft Exchange Server data and attributes were intact, which facilitated the restore of Exchange. Progent was also able to find local OST files (Microsoft Outlook Offline Folder Files) on user PCs and laptops to recover email messages. A recent offline backup of the customer's accounting/ERP systems made it possible to restore these vital applications back online. Although a large amount of work was left to recover fully from the Ryuk virus, essential systems were returned to operations quickly:
Throughout the next few weeks critical milestones in the recovery project were accomplished through close cooperation between Progent consultants and the client:
Conclusion
A probable enterprise-killing disaster was dodged through the efforts of results-oriented professionals, a wide array of knowledge, and tight teamwork. Although in post mortem the crypto-ransomware virus attack described here could have been prevented with modern security technology and best practices, user education, and properly executed incident response procedures for data backup and keeping systems up to date with security patches, the fact is that state-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incident, remember that Progent's team of experts has extensive experience in crypto-ransomware virus blocking, remediation, and data recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Belo Horizonte
For ransomware system restoration services in the Belo Horizonte metro area, phone Progent at