Ransomware : Your Worst IT Disaster
Ransomware has become a too-frequent cyber pandemic that represents an extinction-level threat for businesses of all sizes poorly prepared for an attack. Versions of ransomware such as CrySIS, CryptoWall, Bad Rabbit, NotPetya and MongoLock cryptoworms have been circulating for many years and continue to inflict damage. Modern versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, as well as more unnamed viruses, not only perform encryption of online information but also infect all available system protection. Files replicated to the cloud can also be corrupted. In a vulnerable environment, this can render any restoration impossible and basically sets the datacenter back to square one.
Recovering services and information following a crypto-ransomware event becomes a race against time as the victim struggles to contain, cleanup the virus, and resume mission-critical operations. Because crypto-ransomware takes time to spread throughout a network, attacks are frequently sprung at night, when penetrations are likely to take more time to notice. This compounds the difficulty of quickly assembling and coordinating a capable response team.
Progent provides a range of support services for securing Birmingham organizations from ransomware events. Among these are team member training to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based cyberthreat defense to discover and quarantine zero-day malware assaults. Progent also offers the services of expert crypto-ransomware recovery consultants with the talent and perseverance to restore a compromised environment as rapidly as possible.
Progent's Crypto-Ransomware Restoration Help
Soon after a crypto-ransomware invasion, paying the ransom in cryptocurrency does not guarantee that cyber criminals will return the keys to decipher all your files. Kaspersky ascertained that 17% of crypto-ransomware victims never recovered their files even after having paid the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom can reach millions of dollars. The other path is to setup from scratch the mission-critical components of your Information Technology environment. Without the availability of full information backups, this calls for a wide complement of IT skills, well-coordinated team management, and the willingness to work non-stop until the task is finished.
For two decades, Progent has offered professional IT services for businesses across the United States and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have attained top certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have earned internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has experience with financial management and ERP applications. This breadth of expertise affords Progent the capability to knowledgably ascertain critical systems and organize the surviving pieces of your network environment after a ransomware penetration and rebuild them into an operational system.
Progent's security group deploys powerful project management applications to coordinate the complex restoration process. Progent knows the importance of acting swiftly and in concert with a client's management and IT resources to prioritize tasks and to get key services back online as fast as humanly possible.
Case Study: A Successful Ransomware Attack Restoration
A customer contacted Progent after their network system was attacked by Ryuk ransomware virus. Ryuk is generally considered to have been launched by North Korean state hackers, possibly adopting technology exposed from America's National Security Agency. Ryuk attacks specific organizations with limited room for disruption and is one of the most lucrative instances of ransomware. Headline organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturing company based in Chicago with about 500 workers. The Ryuk intrusion had paralyzed all business operations and manufacturing processes. Most of the client's system backups had been online at the time of the intrusion and were encrypted. The client was evaluating paying the ransom demand (exceeding $200,000) and hoping for good luck, but ultimately reached out to Progent.
Progent worked together with the customer to rapidly understand and prioritize the essential services that needed to be addressed to make it possible to restart business operations:
Within two days, Progent was able to rebuild Windows Active Directory to its pre-attack state. Progent then performed reinstallations and hard drive recovery on mission critical servers. All Exchange schema and configuration information were intact, which greatly helped the restore of Exchange. Progent was also able to find intact OST data files (Outlook Email Off-Line Data Files) on team PCs and laptops in order to recover email data. A not too old offline backup of the client's manufacturing systems made it possible to return these essential applications back available to users. Although a large amount of work remained to recover totally from the Ryuk attack, core services were returned to operations rapidly:
Over the next month critical milestones in the recovery project were accomplished in tight cooperation between Progent consultants and the client:
Conclusion
A likely company-ending catastrophe was dodged through the efforts of dedicated professionals, a wide range of knowledge, and close teamwork. Although in post mortem the ransomware penetration detailed here should have been identified and prevented with up-to-date cyber security technology solutions and ISO/IEC 27001 best practices, team education, and appropriate security procedures for backup and proper patching controls, the reality is that state-sponsored hackers from Russia, China and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware penetration, remember that Progent's team of experts has extensive experience in ransomware virus defense, mitigation, and data disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this customer story, please click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Birmingham
For ransomware system recovery services in the Birmingham metro area, phone Progent at