Ransomware Protection and Remediation Solutions Beverly Hills

Ransomware : Your Feared Information Technology Catastrophe
Ransomware has become a too-frequent cyberplague that presents an enterprise-level threat for organizations unprepared for an assault. Versions of ransomware such as Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been running rampant for many years and still inflict damage. Modern strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, plus more unnamed viruses, not only encrypt online data but also infect all accessible system backups. Information replicated to off-site disaster recovery sites can also be corrupted. In a poorly designed data protection solution, it can render automatic restore operations useless and effectively sets the network back to square one.

Restoring services and data following a ransomware outage becomes a sprint against the clock as the victim fights to contain and eradicate the ransomware and to resume business-critical operations. Because ransomware takes time to move laterally, attacks are usually sprung during nights and weekends, when successful penetrations may take more time to notice. This multiplies the difficulty of rapidly assembling and orchestrating a knowledgeable response team.

Progent offers a variety of solutions for securing Beverly Hills businesses from ransomware events. Among these are staff education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for remote monitoring and management, along with deployment of modern security appliances with machine learning technology to rapidly detect and suppress day-zero threats. Progent also offers the services of expert ransomware recovery professionals with the talent and commitment to reconstruct a breached environment as rapidly as possible.

Progent's Ransomware Recovery Help
After a ransomware event, sending the ransom in cryptocurrency does not guarantee that criminal gangs will provide the needed keys to decrypt any of your data. Kaspersky Labs determined that 17% of crypto-ransomware victims never restored their files after having sent off the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is well higher than the typical ransomware demands, which ZDNET determined to be in the range of $13,000 for smaller businesses. The other path is to setup from scratch the essential parts of your Information Technology environment. Without access to full data backups, this requires a broad range of skills, top notch project management, and the capability to work 24x7 until the task is completed.

For two decades, Progent has made available professional IT services for businesses across the United States and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have attained top certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have garnered internationally-renowned industry certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (Refer to Progent's certifications). Progent also has experience in accounting and ERP applications. This breadth of experience provides Progent the capability to knowledgably determine critical systems and organize the remaining pieces of your computer network environment after a crypto-ransomware event and configure them into an operational network.

Progent's recovery team deploys top notch project management tools to coordinate the complicated recovery process. Progent understands the importance of acting rapidly and in concert with a client's management and IT resources to assign priority to tasks and to put the most important applications back online as fast as humanly possible.

Customer Story: A Successful Ransomware Attack Response
A business sought out Progent after their network system was brought down by Ryuk ransomware. Ryuk is believed to have been created by Northern Korean state sponsored cybercriminals, suspected of adopting algorithms leaked from the United States NSA organization. Ryuk seeks specific businesses with limited ability to sustain operational disruption and is one of the most lucrative examples of ransomware malware. Well Known victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in Chicago with around 500 staff members. The Ryuk event had disabled all company operations and manufacturing processes. The majority of the client's information backups had been directly accessible at the time of the attack and were eventually encrypted. The client was actively seeking loans for paying the ransom (exceeding $200K) and praying for good luck, but in the end engaged Progent.

Progent worked hand in hand the customer to quickly get our arms around and assign priority to the critical elements that needed to be restored to make it possible to resume company operations:

• Active Directory
• Microsoft Exchange Server
• MRP System

In less than 48 hours, Progent was able to recover Active Directory services to its pre-attack state. Progent then charged ahead with setup and hard drive recovery on critical servers. All Microsoft Exchange Server ties and configuration information were intact, which greatly helped the restore of Exchange. Progent was able to collect local OST data files (Outlook Email Off-Line Folder Files) on various desktop computers to recover mail messages. A not too old off-line backup of the customer’s accounting/ERP systems made it possible to return these vital applications back online for users. Although a lot of work needed to be completed to recover fully from the Ryuk damage, critical systems were recovered quickly:

During the following couple of weeks important milestones in the recovery project were accomplished in close cooperation between Progent consultants and the client:

• Internal web sites were returned to operation with no loss of information.
• The MailStore Microsoft Exchange Server containing more than 4 million historical messages was spun up and available for users.
• CRM/Customer Orders/Invoicing/Accounts Payable/AR/Inventory Control capabilities were fully operational.
• A new Palo Alto 850 firewall was set up.
• Most of the desktop computers were being used by staff.

Conclusion
A probable business-killing catastrophe was averted with top-tier experts, a wide spectrum of subject matter expertise, and close teamwork. Although in post mortem the crypto-ransomware virus penetration detailed here would have been identified and prevented with modern security systems and best practices, staff education, and properly executed security procedures for backup and keeping systems up to date with security patches, the fact remains that state-sponsored cybercriminals from Russia, China and elsewhere are relentless and are an ongoing threat. If you do get hit by a ransomware incursion, remember that Progent's roster of experts has proven experience in ransomware virus defense, removal, and information systems recovery.

Download the Crypto-Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist