Ransomware Defense and Remediation Expertise Beverly Hills

Crypto-Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become an escalating cyber pandemic that poses an enterprise-level threat for businesses poorly prepared for an attack. Different versions of ransomware like the CrySIS, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been out in the wild for years and still inflict destruction. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as daily as yet unnamed viruses, not only do encryption of on-line critical data but also infiltrate all accessible system restores and backups. Information synched to cloud environments can also be corrupted. In a poorly designed system, this can render automatic restoration useless and effectively sets the entire system back to zero.

Getting back services and information following a crypto-ransomware event becomes a race against the clock as the targeted organization fights to contain and remove the crypto-ransomware and to resume business-critical activity. Since crypto-ransomware takes time to spread, attacks are often sprung on weekends and holidays, when successful attacks tend to take longer to identify. This compounds the difficulty of promptly mobilizing and coordinating an experienced mitigation team.

Progent offers an assortment of services for protecting Beverly Hills businesses from ransomware attacks. These include team member training to help identify and avoid phishing scams, ProSight Active Security Monitoring for remote monitoring and management, in addition to installation of the latest generation security appliances with machine learning capabilities to intelligently discover and extinguish new threats. Progent also offers the assistance of seasoned crypto-ransomware recovery engineers with the track record and commitment to rebuild a breached network as quickly as possible.

Progent's Ransomware Restoration Support Services
Subsequent to a ransomware attack, even paying the ransom in Bitcoin cryptocurrency does not ensure that cyber hackers will respond with the keys to decrypt any of your data. Kaspersky estimated that 17% of ransomware victims never recovered their files after having sent off the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is greatly above the typical ransomware demands, which ZDNET determined to be around $13,000 for small organizations. The other path is to setup from scratch the vital elements of your IT environment. Absent the availability of full data backups, this calls for a broad complement of IT skills, well-coordinated team management, and the willingness to work 24x7 until the recovery project is over.

For decades, Progent has offered expert Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have earned high-level certifications in key technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security experts have earned internationally-renowned certifications including CISM, CISSP, CRISC, and GIAC. (Visit Progent's certifications). Progent also has experience with financial management and ERP application software. This breadth of expertise affords Progent the ability to quickly understand critical systems and organize the surviving pieces of your computer network environment following a ransomware penetration and assemble them into a functioning network.

Progent's security team of experts utilizes powerful project management systems to coordinate the sophisticated recovery process. Progent understands the importance of acting quickly and in unison with a client's management and Information Technology team members to prioritize tasks and to put key applications back online as soon as humanly possible.

Business Case Study: A Successful Ransomware Intrusion Recovery
A business sought out Progent after their company was crashed by Ryuk crypto-ransomware. Ryuk is thought to have been created by North Korean state cybercriminals, possibly using strategies leaked from the United States National Security Agency. Ryuk targets specific organizations with limited ability to sustain operational disruption and is among the most lucrative incarnations of ransomware. Headline targets include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturing business based in the Chicago metro area with around 500 staff members. The Ryuk event had paralyzed all essential operations and manufacturing capabilities. Most of the client's information backups had been online at the beginning of the intrusion and were damaged. The client was pursuing financing for paying the ransom (more than two hundred thousand dollars) and wishfully thinking for good luck, but in the end made the decision to use Progent.

Progent worked with the customer to quickly identify and prioritize the most important systems that needed to be addressed in order to restart business operations:

• Windows Active Directory
• Exchange Server
• Financials/MRP

In less than 2 days, Progent was able to recover Active Directory services to its pre-intrusion state. Progent then completed rebuilding and hard drive recovery of key systems. All Microsoft Exchange Server schema and configuration information were usable, which facilitated the rebuild of Exchange. Progent was also able to find non-encrypted OST files (Outlook Offline Data Files) on user PCs in order to recover email data. A not too old offline backup of the client's financials/MRP software made it possible to return these required programs back servicing users. Although a large amount of work needed to be completed to recover fully from the Ryuk attack, critical systems were restored quickly:

During the following month key milestones in the restoration process were completed in close collaboration between Progent consultants and the client:

• In-house web sites were brought back up without losing any information.
• The MailStore Microsoft Exchange Server containing more than four million historical messages was restored to operations and accessible to users.
• CRM/Product Ordering/Invoicing/Accounts Payable (AP)/AR/Inventory functions were completely operational.
• A new Palo Alto Networks 850 security appliance was brought online.
• 90% of the user desktops and notebooks were being used by staff.

Conclusion
A potential enterprise-killing catastrophe was dodged due to hard-working experts, a wide array of IT skills, and tight collaboration. Although in retrospect the ransomware virus attack detailed here would have been blocked with current cyber security solutions and ISO/IEC 27001 best practices, team education, and properly executed security procedures for data backup and keeping systems up to date with security patches, the fact remains that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware incursion, feel confident that Progent's roster of professionals has substantial experience in ransomware virus defense, mitigation, and file disaster recovery.

Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Services in Beverly Hills
For ransomware recovery consulting services in the Beverly Hills area, call Progent at 800-462-8800 or see Contact Progent.