Ransomware : Your Feared Information Technology Catastrophe
Ransomware has become a too-frequent cyber pandemic that presents an existential danger for businesses unprepared for an assault. Versions of ransomware such as CryptoLocker, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been out in the wild for years and still inflict harm. More recent variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, plus daily as yet unnamed viruses, not only encrypt online information but also infiltrate all accessible system backup. Files synched to cloud environments can also be rendered useless. In a poorly architected data protection solution, this can render automatic restoration hopeless and basically knocks the entire system back to zero.
Getting back online programs and information following a ransomware outage becomes a sprint against time as the victim struggles to contain the damage and remove the crypto-ransomware and to resume enterprise-critical activity. Because ransomware requires time to spread, penetrations are frequently sprung at night, when successful attacks may take more time to uncover. This compounds the difficulty of rapidly assembling and organizing an experienced response team.
Progent offers an assortment of support services for protecting Birmingham enterprises from ransomware attacks. These include user education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based cyberthreat defense to identify and suppress day-zero malware attacks. Progent in addition offers the services of experienced ransomware recovery engineers with the track record and commitment to restore a compromised network as rapidly as possible.
Progent's Crypto-Ransomware Restoration Services
Soon after a ransomware penetration, sending the ransom in Bitcoin cryptocurrency does not ensure that cyber criminals will provide the codes to decipher any of your information. Kaspersky determined that 17% of crypto-ransomware victims never recovered their files after having paid the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the average crypto-ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller organizations. The alternative is to setup from scratch the mission-critical components of your IT environment. Absent access to essential data backups, this requires a wide complement of skills, well-coordinated project management, and the willingness to work non-stop until the job is over.
For decades, Progent has provided professional IT services for businesses across the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have been awarded top certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have garnered internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent in addition has expertise with accounting and ERP software solutions. This breadth of experience gives Progent the ability to knowledgably determine important systems and consolidate the surviving pieces of your computer network system after a ransomware penetration and rebuild them into an operational system.
Progent's recovery team of experts deploys best of breed project management applications to coordinate the complicated restoration process. Progent understands the importance of working swiftly and in concert with a customer's management and IT team members to assign priority to tasks and to get essential systems back on line as soon as possible.
Customer Case Study: A Successful Ransomware Intrusion Recovery
A customer sought out Progent after their company was brought down by the Ryuk ransomware virus. Ryuk is believed to have been launched by Northern Korean state hackers, suspected of using techniques leaked from America's NSA organization. Ryuk seeks specific businesses with little or no ability to sustain disruption and is among the most profitable versions of crypto-ransomware. Headline organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturing business based in Chicago and has about 500 staff members. The Ryuk attack had paralyzed all company operations and manufacturing processes. Most of the client's data backups had been directly accessible at the beginning of the intrusion and were eventually encrypted. The client was pursuing financing for paying the ransom (exceeding $200,000) and wishfully thinking for good luck, but in the end engaged Progent.
Progent worked hand in hand the client to quickly get our arms around and assign priority to the key systems that needed to be addressed to make it possible to restart company functions:
In less than two days, Progent was able to recover Windows Active Directory to its pre-penetration state. Progent then completed reinstallations and storage recovery of needed servers. All Exchange Server ties and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to assemble non-encrypted OST data files (Outlook Offline Folder Files) on team workstations and laptops in order to recover mail information. A not too old off-line backup of the customer's accounting/MRP systems made them able to restore these required services back online for users. Although significant work needed to be completed to recover completely from the Ryuk attack, core services were returned to operations rapidly:
During the following month key milestones in the recovery project were accomplished through tight cooperation between Progent team members and the client:
Conclusion
A probable business-killing catastrophe was averted by results-oriented professionals, a wide array of technical expertise, and tight collaboration. Although upon completion of forensics the crypto-ransomware incident described here should have been identified and disabled with modern cyber security technology solutions and best practices, team training, and well designed security procedures for data protection and proper patching controls, the fact is that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and will continue. If you do get hit by a ransomware penetration, remember that Progent's team of experts has a proven track record in ransomware virus blocking, removal, and information systems disaster recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Birmingham
For ransomware cleanup services in the Birmingham area, call Progent at