Crypto-Ransomware : Your Crippling Information Technology Nightmare
Crypto-Ransomware has become a modern cyber pandemic that presents an enterprise-level danger for businesses of all sizes unprepared for an assault. Different versions of ransomware such as Dharma, CryptoWall, Bad Rabbit, NotPetya and MongoLock cryptoworms have been around for a long time and still inflict havoc. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, as well as additional unnamed viruses, not only perform encryption of online critical data but also infect any available system restores and backups. Data synchronized to cloud environments can also be encrypted. In a vulnerable environment, this can make any restore operations hopeless and basically knocks the datacenter back to zero.
Retrieving services and information after a crypto-ransomware event becomes a race against time as the targeted organization fights to contain, eradicate the ransomware, and resume mission-critical operations. Since crypto-ransomware takes time to spread across a network, attacks are often launched at night, when attacks in many cases take longer to recognize. This compounds the difficulty of rapidly mobilizing and coordinating a capable response team.
Progent provides a variety of services for protecting Beverly Hills enterprises from ransomware penetrations. Among these are team training to help recognize and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's AI-based threat defense to discover and extinguish day-zero modern malware assaults. Progent in addition provides the services of expert ransomware recovery consultants with the skills and commitment to re-deploy a breached network as rapidly as possible.
Progent's Ransomware Restoration Services
Following a crypto-ransomware invasion, paying the ransom in cryptocurrency does not ensure that criminal gangs will provide the needed keys to decrypt any or all of your files. Kaspersky ascertained that 17% of crypto-ransomware victims never restored their data even after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms are often several hundred thousand dollars. For larger enterprises, the ransom can reach millions. The alternative is to re-install the key elements of your Information Technology environment. Without access to complete information backups, this requires a broad complement of IT skills, well-coordinated project management, and the capability to work non-stop until the job is over.
For decades, Progent has made available certified expert Information Technology services for businesses across the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have earned top certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have earned internationally-recognized industry certifications including CISA, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience with financial systems and ERP application software. This breadth of expertise affords Progent the capability to rapidly identify critical systems and re-organize the surviving parts of your Information Technology environment following a ransomware attack and rebuild them into an operational network.
Progent's security team of experts deploys powerful project management tools to orchestrate the complex restoration process. Progent knows the importance of working swiftly and in concert with a client's management and IT staff to assign priority to tasks and to get critical services back on line as fast as humanly possible.
Case Study: A Successful Ransomware Intrusion Restoration
A client contacted Progent after their network was penetrated by the Ryuk ransomware. Ryuk is generally considered to have been launched by North Korean state sponsored hackers, suspected of adopting techniques exposed from the U.S. National Security Agency. Ryuk attacks specific companies with limited tolerance for operational disruption and is among the most lucrative versions of ransomware. Well Known organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in Chicago with about 500 employees. The Ryuk penetration had shut down all company operations and manufacturing capabilities. The majority of the client's information backups had been directly accessible at the start of the attack and were damaged. The client was taking steps for paying the ransom (more than $200K) and hoping for good luck, but ultimately reached out to Progent.
Progent worked together with the customer to rapidly identify and assign priority to the key elements that had to be restored to make it possible to restart business operations:
Within 2 days, Progent was able to re-build Active Directory to its pre-intrusion state. Progent then charged ahead with reinstallations and hard drive recovery of the most important servers. All Exchange Server ties and configuration information were usable, which accelerated the rebuild of Exchange. Progent was able to collect local OST data files (Microsoft Outlook Off-Line Data Files) on staff workstations and laptops in order to recover email information. A recent offline backup of the customer's manufacturing software made it possible to return these required applications back available to users. Although significant work needed to be completed to recover totally from the Ryuk virus, core systems were recovered rapidly:
Over the next few weeks key milestones in the restoration project were made through close cooperation between Progent team members and the customer:
Conclusion
A likely enterprise-killing catastrophe was dodged due to hard-working professionals, a broad range of technical expertise, and close teamwork. Although in post mortem the crypto-ransomware penetration detailed here could have been identified and blocked with up-to-date cyber security technology and recognized best practices, user education, and well designed incident response procedures for information backup and proper patching controls, the fact is that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a crypto-ransomware penetration, remember that Progent's team of experts has extensive experience in crypto-ransomware virus blocking, remediation, and data recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Beverly Hills
For ransomware recovery services in the Beverly Hills metro area, call Progent at