Ransomware : Your Worst IT Disaster
Ransomware has become an escalating cyberplague that represents an existential threat for businesses of all sizes vulnerable to an assault. Different iterations of ransomware such as Dharma, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for years and continue to inflict havoc. More recent versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, along with daily unnamed viruses, not only encrypt on-line data but also infiltrate any accessible system backup. Files synchronized to the cloud can also be corrupted. In a poorly architected environment, it can make automated restoration useless and basically sets the entire system back to square one.
Getting back on-line services and information after a ransomware event becomes a sprint against the clock as the victim fights to contain the damage and eradicate the ransomware and to restore mission-critical operations. Due to the fact that ransomware takes time to spread, assaults are usually sprung during nights and weekends, when penetrations in many cases take longer to discover. This compounds the difficulty of promptly assembling and organizing a qualified mitigation team.
Progent has a range of help services for protecting Beverly Hills enterprises from crypto-ransomware events. Among these are user training to help identify and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based cyberthreat defense to discover and extinguish day-zero malware attacks. Progent also provides the services of veteran ransomware recovery professionals with the track record and commitment to reconstruct a compromised system as soon as possible.
Progent's Crypto-Ransomware Recovery Support Services
Soon after a crypto-ransomware event, even paying the ransom in cryptocurrency does not provide any assurance that merciless criminals will respond with the needed keys to decipher all your files. Kaspersky Labs determined that seventeen percent of ransomware victims never recovered their files after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is well above the typical crypto-ransomware demands, which ZDNET determined to be around $13,000 for small businesses. The fallback is to piece back together the mission-critical components of your Information Technology environment. Without access to essential system backups, this requires a broad range of IT skills, professional team management, and the willingness to work non-stop until the job is complete.
For decades, Progent has provided expert IT services for companies across the United States and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have been awarded top industry certifications in leading technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-renowned certifications including CISM, CISSP, ISACA CRISC, and GIAC. (Refer to Progent's certifications). Progent in addition has expertise with financial management and ERP applications. This breadth of expertise provides Progent the skills to efficiently understand important systems and re-organize the surviving components of your network environment following a crypto-ransomware penetration and assemble them into an operational system.
Progent's security team deploys best of breed project management applications to coordinate the complicated restoration process. Progent understands the urgency of acting swiftly and together with a client's management and IT resources to assign priority to tasks and to get critical services back on-line as fast as possible.
Customer Case Study: A Successful Crypto-Ransomware Intrusion Restoration
A client escalated to Progent after their network system was brought down by Ryuk ransomware virus. Ryuk is generally considered to have been created by North Korean government sponsored cybercriminals, possibly adopting algorithms exposed from the United States National Security Agency. Ryuk goes after specific companies with little or no tolerance for operational disruption and is one of the most profitable instances of ransomware malware. Headline organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturing business based in the Chicago metro area with around 500 employees. The Ryuk penetration had disabled all business operations and manufacturing processes. Most of the client's information backups had been on-line at the beginning of the intrusion and were eventually encrypted. The client was actively seeking loans for paying the ransom demand (in excess of $200,000) and hoping for good luck, but ultimately called Progent.
Progent worked with the customer to rapidly get our arms around and prioritize the essential applications that had to be restored to make it possible to continue company functions:
In less than two days, Progent was able to re-build Active Directory to its pre-intrusion state. Progent then assisted with setup and hard drive recovery on needed systems. All Exchange ties and configuration information were intact, which accelerated the rebuild of Exchange. Progent was able to locate non-encrypted OST data files (Outlook Off-Line Folder Files) on various PCs to recover mail data. A recent offline backup of the client's accounting/ERP systems made them able to restore these required applications back online. Although a lot of work needed to be completed to recover totally from the Ryuk damage, essential systems were returned to operations quickly:
During the following couple of weeks critical milestones in the recovery process were made through close cooperation between Progent engineers and the client:
Conclusion
A probable business-ending disaster was dodged due to top-tier professionals, a broad spectrum of technical expertise, and close collaboration. Although in hindsight the ransomware attack detailed here should have been stopped with modern cyber security technology solutions and best practices, staff education, and appropriate incident response procedures for data protection and keeping systems up to date with security patches, the fact is that government-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do get hit by a crypto-ransomware virus, remember that Progent's team of experts has extensive experience in ransomware virus blocking, mitigation, and data recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Expertise in Beverly Hills
For ransomware recovery expertise in the Beverly Hills area, phone Progent at