Ransomware : Your Crippling IT Catastrophe
Ransomware has become a too-frequent cyber pandemic that represents an extinction-level danger for organizations unprepared for an assault. Multiple generations of crypto-ransomware like the Dharma, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for a long time and continue to cause damage. More recent variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus more unnamed newcomers, not only encrypt on-line data but also infiltrate many configured system protection. Files synchronized to cloud environments can also be encrypted. In a poorly designed data protection solution, it can render automated restore operations hopeless and basically sets the entire system back to zero.
Retrieving programs and information following a ransomware event becomes a sprint against time as the targeted business struggles to contain and eradicate the virus and to resume mission-critical activity. Due to the fact that ransomware needs time to replicate, penetrations are usually launched during nights and weekends, when penetrations typically take more time to detect. This multiplies the difficulty of promptly marshalling and coordinating a knowledgeable mitigation team.
Progent provides a range of support services for protecting Beverly Hills enterprises from ransomware events. Among these are user education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat protection to detect and disable zero-day malware attacks. Progent in addition can provide the assistance of expert ransomware recovery engineers with the talent and commitment to reconstruct a breached environment as rapidly as possible.
Progent's Ransomware Restoration Services
After a crypto-ransomware attack, paying the ransom in cryptocurrency does not provide any assurance that cyber criminals will return the codes to decipher all your files. Kaspersky estimated that seventeen percent of ransomware victims never restored their data even after having sent off the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is well above the typical crypto-ransomware demands, which ZDNET estimated to be in the range of $13,000 for small businesses. The alternative is to piece back together the critical components of your IT environment. Absent access to full information backups, this requires a broad complement of skill sets, well-coordinated team management, and the ability to work 24x7 until the task is completed.
For two decades, Progent has offered professional IT services for businesses across the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned top certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have earned internationally-renowned certifications including CISA, CISSP, ISACA CRISC, and GIAC. (See Progent's certifications). Progent in addition has experience with financial management and ERP software solutions. This breadth of expertise gives Progent the capability to knowledgably understand critical systems and re-organize the surviving pieces of your network system after a ransomware attack and rebuild them into a functioning network.
Progent's security team of experts utilizes state-of-the-art project management tools to coordinate the sophisticated restoration process. Progent understands the importance of working quickly and in unison with a client's management and IT resources to assign priority to tasks and to get essential systems back on line as fast as humanly possible.
Business Case Study: A Successful Ransomware Virus Response
A business engaged Progent after their network system was taken over by the Ryuk ransomware virus. Ryuk is believed to have been deployed by Northern Korean government sponsored criminal gangs, suspected of adopting techniques exposed from the United States National Security Agency. Ryuk seeks specific companies with limited room for operational disruption and is among the most lucrative iterations of ransomware. High publicized targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer based in Chicago with around 500 staff members. The Ryuk event had disabled all company operations and manufacturing processes. Most of the client's information backups had been on-line at the start of the attack and were destroyed. The client was evaluating paying the ransom (more than $200K) and praying for the best, but in the end brought in Progent.
Progent worked with the customer to rapidly understand and prioritize the key areas that needed to be recovered in order to resume departmental operations:
In less than 48 hours, Progent was able to recover Windows Active Directory to its pre-attack state. Progent then accomplished rebuilding and hard drive recovery on the most important systems. All Exchange Server data and attributes were usable, which facilitated the rebuild of Exchange. Progent was able to find intact OST data files (Outlook Off-Line Folder Files) on various desktop computers and laptops in order to recover mail data. A recent off-line backup of the businesses financials/MRP systems made it possible to recover these vital services back available to users. Although a large amount of work needed to be completed to recover fully from the Ryuk event, the most important systems were returned to operations quickly:
During the next month key milestones in the restoration process were achieved through tight collaboration between Progent consultants and the customer:
Conclusion
A possible enterprise-killing catastrophe was dodged by top-tier experts, a wide range of subject matter expertise, and tight teamwork. Although in hindsight the ransomware penetration detailed here could have been blocked with advanced security technology and best practices, user training, and well thought out security procedures for backup and keeping systems up to date with security patches, the fact remains that state-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware virus, remember that Progent's roster of professionals has a proven track record in crypto-ransomware virus defense, remediation, and information systems disaster recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Beverly Hills
For ransomware system recovery expertise in the Beverly Hills area, call Progent at