Crypto-Ransomware : Your Crippling IT Disaster
Crypto-Ransomware has become an escalating cyberplague that poses an extinction-level danger for organizations poorly prepared for an assault. Different iterations of crypto-ransomware like the Dharma, Fusob, Locky, Syskey and MongoLock cryptoworms have been out in the wild for years and continue to inflict damage. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus frequent as yet unnamed malware, not only encrypt online information but also infiltrate all available system backup. Information synchronized to cloud environments can also be corrupted. In a poorly designed environment, it can make any restore operations impossible and effectively sets the entire system back to square one.
Recovering services and data following a ransomware intrusion becomes a race against time as the targeted organization tries its best to stop lateral movement and eradicate the ransomware and to resume enterprise-critical activity. Because ransomware takes time to replicate, penetrations are often sprung during weekends and nights, when successful penetrations are likely to take more time to identify. This multiplies the difficulty of rapidly marshalling and orchestrating a qualified response team.
Progent provides a range of support services for protecting Belo Horizonte enterprises from crypto-ransomware attacks. These include team member education to help identify and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to installation of next-generation security gateways with machine learning technology to rapidly identify and quarantine zero-day threats. Progent also offers the services of expert ransomware recovery professionals with the skills and commitment to rebuild a compromised system as urgently as possible.
Progent's Ransomware Restoration Help
Following a crypto-ransomware penetration, paying the ransom demands in cryptocurrency does not guarantee that cyber hackers will respond with the needed codes to unencrypt any or all of your files. Kaspersky Labs estimated that seventeen percent of crypto-ransomware victims never recovered their files even after having sent off the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the typical ransomware demands, which ZDNET determined to be in the range of $13,000 for smaller organizations. The fallback is to piece back together the key elements of your Information Technology environment. Without the availability of essential system backups, this requires a broad range of IT skills, top notch team management, and the ability to work 24x7 until the task is complete.
For twenty years, Progent has made available expert Information Technology services for businesses throughout the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have earned internationally-renowned certifications including CISA, CISSP, CRISC, and GIAC. (See Progent's certifications). Progent in addition has expertise with financial systems and ERP applications. This breadth of experience provides Progent the ability to knowledgably determine critical systems and integrate the surviving parts of your computer network environment following a crypto-ransomware attack and rebuild them into a functioning system.
Progent's security team of experts has state-of-the-art project management systems to coordinate the complicated recovery process. Progent appreciates the importance of working swiftly and together with a client's management and IT staff to prioritize tasks and to put key applications back online as soon as possible.
Customer Story: A Successful Crypto-Ransomware Intrusion Recovery
A customer sought out Progent after their network system was penetrated by Ryuk ransomware. Ryuk is generally considered to have been deployed by North Korean state cybercriminals, possibly using approaches exposed from the U.S. National Security Agency. Ryuk seeks specific companies with little room for operational disruption and is one of the most profitable versions of ransomware. Major organizations include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer located in the Chicago metro area with around 500 employees. The Ryuk attack had frozen all company operations and manufacturing capabilities. Most of the client's data protection had been online at the time of the attack and were damaged. The client was evaluating paying the ransom demand (more than $200K) and hoping for good luck, but ultimately brought in Progent.
Progent worked with the client to quickly determine and assign priority to the key areas that had to be addressed in order to resume business functions:
In less than 2 days, Progent was able to recover Windows Active Directory to its pre-intrusion state. Progent then performed setup and storage recovery of key applications. All Exchange Server data and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to assemble local OST files (Outlook Email Offline Data Files) on team desktop computers in order to recover email information. A not too old off-line backup of the customer’s manufacturing software made them able to restore these required applications back online. Although a large amount of work still had to be done to recover totally from the Ryuk event, critical systems were recovered quickly:
Over the next couple of weeks key milestones in the recovery process were made in tight cooperation between Progent consultants and the customer:
Conclusion
A possible business-ending catastrophe was averted by results-oriented experts, a wide spectrum of IT skills, and tight teamwork. Although in retrospect the ransomware penetration described here should have been identified and stopped with current cyber security technology solutions and recognized best practices, user training, and well thought out security procedures for information backup and applying software patches, the fact remains that government-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a ransomware virus, feel confident that Progent's roster of experts has a proven track record in crypto-ransomware virus blocking, cleanup, and data restoration.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting Services in Belo Horizonte
For ransomware cleanup services in the Belo Horizonte area, phone Progent at