Ransomware Protection and Restoration Services Beverly Hills

Crypto-Ransomware : Your Worst Information Technology Catastrophe
Ransomware has become an escalating cyber pandemic that poses an extinction-level threat for businesses poorly prepared for an assault. Multiple generations of ransomware such as CrySIS, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been replicating for years and still inflict damage. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, plus daily unnamed newcomers, not only perform encryption of online files but also infiltrate any accessible system restores and backups. Files replicated to the cloud can also be rendered useless. In a vulnerable environment, it can render automatic restoration hopeless and basically sets the entire system back to square one.

Getting back applications and information following a ransomware outage becomes a race against time as the targeted business fights to stop lateral movement, remove the ransomware, and restore business-critical activity. Due to the fact that ransomware requires time to spread throughout a network, assaults are often launched during nights and weekends, when attacks tend to take more time to identify. This compounds the difficulty of rapidly assembling and organizing an experienced mitigation team.

Progent offers a range of support services for protecting Beverly Hills businesses from ransomware events. These include staff education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat protection to discover and suppress day-zero modern malware assaults. Progent in addition can provide the assistance of seasoned crypto-ransomware recovery engineers with the skills and commitment to re-deploy a compromised environment as urgently as possible.

Progent's Ransomware Restoration Help
Following a ransomware attack, even paying the ransom demands in cryptocurrency does not ensure that merciless criminals will provide the codes to decipher any of your information. Kaspersky Labs ascertained that 17% of crypto-ransomware victims never recovered their data after having paid the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms are commonly several hundred thousand dollars. For larger organizations, the ransom can be in the millions of dollars. The other path is to piece back together the critical components of your Information Technology environment. Without the availability of full information backups, this requires a broad range of skill sets, professional team management, and the capability to work non-stop until the task is completed.

For two decades, Progent has provided expert Information Technology services for businesses throughout the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded high-level certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have garnered internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has expertise with accounting and ERP application software. This breadth of experience provides Progent the ability to quickly understand important systems and integrate the remaining pieces of your network environment following a ransomware penetration and assemble them into a functioning network.

Progent's security team deploys state-of-the-art project management tools to orchestrate the complicated recovery process. Progent appreciates the urgency of working rapidly and together with a client's management and Information Technology staff to prioritize tasks and to put critical applications back on-line as fast as humanly possible.

Client Case Study: A Successful Ransomware Incident Recovery
A customer contacted Progent after their organization was crashed by the Ryuk ransomware. Ryuk is thought to have been deployed by North Korean state criminal gangs, possibly adopting techniques exposed from America's National Security Agency. Ryuk attacks specific businesses with little or no room for operational disruption and is one of the most profitable versions of crypto-ransomware. Well Known targets include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturer based in Chicago with about 500 staff members. The Ryuk intrusion had brought down all business operations and manufacturing capabilities. Most of the client's information backups had been directly accessible at the start of the intrusion and were eventually encrypted. The client considered paying the ransom (exceeding $200K) and wishfully thinking for good luck, but ultimately brought in Progent.

Progent worked together with the client to quickly understand and prioritize the mission critical services that had to be addressed to make it possible to resume company functions:

• Windows Active Directory
• Email
• MRP System

Within 48 hours, Progent was able to re-build Active Directory to its pre-attack state. Progent then completed setup and storage recovery of key applications. All Microsoft Exchange Server ties and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to locate local OST data files (Microsoft Outlook Offline Folder Files) on various PCs in order to recover mail messages. A recent off-line backup of the client's financials/ERP systems made them able to restore these essential services back available to users. Although a large amount of work still had to be done to recover completely from the Ryuk damage, critical services were restored quickly:

Over the following few weeks key milestones in the restoration process were made through tight cooperation between Progent consultants and the customer:

• Self-hosted web applications were restored without losing any data.
• The MailStore Microsoft Exchange Server exceeding four million historical messages was spun up and accessible to users.
• CRM/Orders/Invoicing/Accounts Payable (AP)/Accounts Receivables/Inventory functions were 100 percent functional.
• A new Palo Alto 850 security appliance was deployed.
• Nearly all of the desktop computers were functioning as before the incident.

Conclusion
A possible enterprise-killing disaster was avoided by hard-working professionals, a broad spectrum of knowledge, and tight collaboration. Although in analyzing the event afterwards the ransomware virus penetration detailed here would have been identified and blocked with modern security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, team training, and well designed security procedures for information protection and proper patching controls, the fact remains that state-sponsored hackers from China, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware incident, remember that Progent's team of professionals has substantial experience in ransomware virus blocking, cleanup, and file disaster recovery.

Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Recovery Consulting Services in Beverly Hills
For ransomware system recovery services in the Beverly Hills metro area, phone Progent at 800-462-8800 or go to Contact Progent.