Crypto-Ransomware : Your Feared Information Technology Catastrophe
Ransomware has become an escalating cyberplague that poses an existential threat for businesses vulnerable to an attack. Versions of ransomware like the CrySIS, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been replicating for a long time and continue to cause damage. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, as well as frequent as yet unnamed viruses, not only encrypt online data but also infect many configured system restores and backups. Files synchronized to cloud environments can also be corrupted. In a poorly designed environment, it can render any restoration useless and effectively knocks the network back to zero.
Getting back online services and data after a ransomware outage becomes a sprint against time as the targeted business fights to stop the spread, remove the virus, and resume mission-critical operations. Because ransomware takes time to spread across a network, assaults are frequently launched at night, when attacks are likely to take more time to uncover. This multiplies the difficulty of rapidly assembling and coordinating a qualified response team.
Progent offers a variety of solutions for securing Birmingham businesses from ransomware events. These include user training to help recognize and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to identify and suppress zero-day malware assaults. Progent in addition can provide the assistance of experienced ransomware recovery engineers with the track record and commitment to re-deploy a breached network as soon as possible.
Progent's Ransomware Restoration Help
Soon after a ransomware penetration, sending the ransom demands in cryptocurrency does not ensure that criminal gangs will respond with the needed codes to decrypt any of your data. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their information even after having sent off the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom can reach millions. The other path is to re-install the vital elements of your IT environment. Absent access to complete data backups, this requires a wide complement of IT skills, professional team management, and the willingness to work 24x7 until the recovery project is completed.
For decades, Progent has offered expert Information Technology services for businesses throughout the U.S. and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have been awarded high-level certifications in important technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have garnered internationally-renowned certifications including CISM, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience with financial systems and ERP application software. This breadth of experience provides Progent the capability to knowledgably determine necessary systems and re-organize the surviving parts of your Information Technology environment following a ransomware penetration and configure them into an operational network.
Progent's ransomware group utilizes state-of-the-art project management systems to coordinate the sophisticated recovery process. Progent appreciates the urgency of acting rapidly and together with a customer's management and IT staff to assign priority to tasks and to get essential services back on-line as fast as humanly possible.
Customer Case Study: A Successful Crypto-Ransomware Penetration Restoration
A business engaged Progent after their network system was attacked by the Ryuk ransomware. Ryuk is generally considered to have been created by North Korean state sponsored criminal gangs, possibly adopting techniques leaked from the U.S. National Security Agency. Ryuk goes after specific organizations with limited ability to sustain disruption and is one of the most profitable examples of ransomware. Well Known organizations include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in the Chicago metro area with about 500 staff members. The Ryuk event had frozen all business operations and manufacturing processes. Most of the client's data protection had been on-line at the beginning of the intrusion and were eventually encrypted. The client was taking steps for paying the ransom demand (in excess of $200K) and hoping for good luck, but in the end called Progent.
Progent worked with the customer to rapidly understand and assign priority to the most important services that had to be recovered in order to continue departmental operations:
Within 48 hours, Progent was able to rebuild Active Directory services to its pre-virus state. Progent then assisted with reinstallations and hard drive recovery of key systems. All Microsoft Exchange Server schema and configuration information were usable, which accelerated the restore of Exchange. Progent was able to collect local OST files (Outlook Offline Data Files) on user desktop computers in order to recover email information. A not too old offline backup of the client's accounting/ERP systems made them able to return these vital services back online. Although significant work still had to be done to recover fully from the Ryuk attack, essential services were returned to operations quickly:
Over the following couple of weeks key milestones in the recovery process were achieved in tight collaboration between Progent engineers and the customer:
Conclusion
A likely business extinction catastrophe was dodged due to dedicated professionals, a broad array of subject matter expertise, and tight teamwork. Although in post mortem the ransomware virus attack detailed here should have been blocked with modern security solutions and NIST Cybersecurity Framework best practices, staff training, and properly executed security procedures for data protection and keeping systems up to date with security patches, the reality remains that government-sponsored cyber criminals from China, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a crypto-ransomware incursion, remember that Progent's roster of experts has extensive experience in ransomware virus blocking, mitigation, and information systems restoration.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Birmingham
For ransomware system restoration consulting in the Birmingham metro area, call Progent at