Ransomware : Your Worst Information Technology Nightmare
Ransomware has become an escalating cyber pandemic that presents an enterprise-level danger for businesses vulnerable to an attack. Versions of ransomware like the Dharma, Fusob, Locky, NotPetya and MongoLock cryptoworms have been around for years and continue to inflict destruction. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus frequent as yet unnamed newcomers, not only encrypt on-line critical data but also infect all available system restores and backups. Files synchronized to cloud environments can also be rendered useless. In a poorly designed system, it can render automatic recovery hopeless and basically sets the network back to square one.
Getting back on-line applications and information after a crypto-ransomware event becomes a race against time as the targeted organization tries its best to stop the spread and cleanup the virus and to resume business-critical operations. Due to the fact that ransomware requires time to spread, penetrations are usually launched on weekends and holidays, when successful penetrations are likely to take more time to recognize. This multiplies the difficulty of promptly assembling and orchestrating a knowledgeable response team.
Progent makes available an assortment of services for protecting Birmingham businesses from crypto-ransomware attacks. These include team education to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to installation of modern security solutions with artificial intelligence technology to automatically detect and extinguish zero-day threats. Progent also offers the services of veteran crypto-ransomware recovery engineers with the skills and commitment to rebuild a breached network as urgently as possible.
Progent's Ransomware Recovery Services
Subsequent to a ransomware event, paying the ransom in Bitcoin cryptocurrency does not provide any assurance that cyber criminals will respond with the codes to decrypt any or all of your data. Kaspersky Labs estimated that 17% of crypto-ransomware victims never recovered their data after having paid the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is significantly above the typical ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The alternative is to piece back together the vital elements of your Information Technology environment. Without access to complete system backups, this requires a wide range of skill sets, well-coordinated project management, and the ability to work non-stop until the recovery project is complete.
For decades, Progent has provided professional IT services for businesses throughout the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes professionals who have been awarded high-level industry certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have earned internationally-renowned industry certifications including CISM, CISSP, CRISC, and GIAC. (Refer to Progent's certifications). Progent in addition has expertise in financial systems and ERP applications. This breadth of experience affords Progent the skills to quickly identify critical systems and organize the surviving pieces of your Information Technology system after a crypto-ransomware penetration and assemble them into a functioning network.
Progent's ransomware team of experts deploys powerful project management applications to orchestrate the sophisticated recovery process. Progent appreciates the urgency of working rapidly and in unison with a client's management and IT staff to assign priority to tasks and to put the most important services back online as fast as possible.
Customer Story: A Successful Ransomware Intrusion Restoration
A small business engaged Progent after their network was taken over by the Ryuk ransomware virus. Ryuk is thought to have been deployed by North Korean state cybercriminals, suspected of adopting approaches leaked from America’s National Security Agency. Ryuk attacks specific companies with little room for disruption and is among the most profitable iterations of ransomware. High publicized victims include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturer headquartered in the Chicago metro area and has about 500 workers. The Ryuk intrusion had paralyzed all business operations and manufacturing capabilities. Most of the client's information backups had been directly accessible at the beginning of the intrusion and were damaged. The client was actively seeking loans for paying the ransom (more than $200,000) and praying for good luck, but ultimately brought in Progent.
Progent worked with the client to quickly determine and assign priority to the mission critical services that needed to be restored in order to resume company operations:
Within 48 hours, Progent was able to re-build Active Directory services to its pre-attack state. Progent then assisted with reinstallations and storage recovery on needed systems. All Exchange Server ties and configuration information were intact, which accelerated the rebuild of Exchange. Progent was also able to locate intact OST files (Outlook Offline Data Files) on various workstations to recover mail information. A recent offline backup of the customer’s accounting/ERP systems made it possible to restore these essential applications back available to users. Although a lot of work was left to recover completely from the Ryuk attack, critical systems were restored rapidly:
During the following month important milestones in the restoration project were made in close collaboration between Progent engineers and the client:
Conclusion
A possible business extinction catastrophe was dodged through the efforts of results-oriented professionals, a wide range of technical expertise, and tight teamwork. Although in analyzing the event afterwards the ransomware attack detailed here could have been blocked with modern cyber security systems and ISO/IEC 27001 best practices, user education, and well designed incident response procedures for data backup and proper patching controls, the fact is that state-sponsored cybercriminals from China, Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a ransomware incursion, feel confident that Progent's team of professionals has extensive experience in ransomware virus defense, cleanup, and data restoration.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer story, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Birmingham
For ransomware recovery consulting in the Birmingham area, phone Progent at