Crypto-Ransomware : Your Feared IT Catastrophe
Ransomware has become an escalating cyberplague that presents an enterprise-level threat for organizations vulnerable to an attack. Multiple generations of crypto-ransomware like the CrySIS, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been out in the wild for a long time and continue to cause destruction. Modern strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, plus daily unnamed viruses, not only perform encryption of on-line data files but also infect most configured system backups. Information synched to cloud environments can also be corrupted. In a poorly designed system, it can render automatic restoration hopeless and basically knocks the entire system back to zero.
Restoring applications and information following a ransomware intrusion becomes a race against the clock as the targeted organization fights to stop lateral movement, cleanup the ransomware, and resume enterprise-critical activity. Because crypto-ransomware requires time to spread across a targeted network, attacks are frequently sprung during nights and weekends, when attacks in many cases take longer to identify. This multiplies the difficulty of quickly assembling and organizing a qualified response team.
Progent has an assortment of solutions for securing Beverly Hills businesses from ransomware penetrations. These include user training to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to identify and suppress day-zero modern malware assaults. Progent in addition provides the assistance of veteran ransomware recovery consultants with the track record and perseverance to re-deploy a compromised network as soon as possible.
Progent's Crypto-Ransomware Recovery Services
Soon after a crypto-ransomware attack, sending the ransom demands in cryptocurrency does not ensure that cyber criminals will return the needed codes to decipher any or all of your information. Kaspersky determined that 17% of ransomware victims never restored their files after having paid the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms are commonly a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions of dollars. The other path is to setup from scratch the essential components of your Information Technology environment. Without the availability of essential system backups, this calls for a wide complement of skill sets, well-coordinated project management, and the capability to work 24x7 until the job is over.
For decades, Progent has made available expert IT services for companies throughout the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have been awarded high-level industry certifications in key technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security experts have garnered internationally-recognized industry certifications including CISM, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has experience in financial management and ERP software solutions. This breadth of expertise provides Progent the skills to rapidly determine important systems and integrate the remaining parts of your Information Technology system after a crypto-ransomware event and configure them into a functioning system.
Progent's recovery team deploys powerful project management systems to orchestrate the complicated restoration process. Progent knows the urgency of working rapidly and in concert with a customer's management and IT team members to prioritize tasks and to get essential services back on line as soon as possible.
Client Story: A Successful Crypto-Ransomware Attack Restoration
A small business escalated to Progent after their company was brought down by Ryuk ransomware virus. Ryuk is believed to have been launched by North Korean government sponsored criminal gangs, possibly using strategies exposed from the U.S. NSA organization. Ryuk targets specific companies with limited ability to sustain operational disruption and is one of the most profitable examples of ransomware. Major targets include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturer located in the Chicago metro area and has about 500 workers. The Ryuk attack had frozen all essential operations and manufacturing processes. The majority of the client's system backups had been online at the start of the attack and were destroyed. The client considered paying the ransom demand (more than $200K) and praying for the best, but in the end made the decision to use Progent.
Progent worked together with the client to rapidly get our arms around and prioritize the critical applications that had to be restored in order to resume business operations:
Within 48 hours, Progent was able to re-build Windows Active Directory to its pre-penetration state. Progent then accomplished reinstallations and storage recovery of critical servers. All Exchange Server ties and configuration information were intact, which accelerated the rebuild of Exchange. Progent was also able to assemble local OST files (Microsoft Outlook Off-Line Folder Files) on team desktop computers in order to recover mail data. A recent off-line backup of the businesses manufacturing software made them able to restore these essential services back servicing users. Although major work remained to recover fully from the Ryuk damage, critical systems were recovered quickly:
During the next few weeks key milestones in the recovery process were achieved through tight collaboration between Progent consultants and the customer:
Conclusion
A probable business-ending disaster was evaded due to dedicated professionals, a broad range of subject matter expertise, and tight teamwork. Although upon completion of forensics the ransomware virus penetration described here would have been shut down with modern security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, staff education, and well thought out incident response procedures for information backup and proper patching controls, the fact remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware penetration, feel confident that Progent's team of professionals has extensive experience in ransomware virus blocking, removal, and data restoration.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Beverly Hills
For ransomware recovery consulting services in the Beverly Hills area, phone Progent at