Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become a modern cyberplague that poses an existential danger for businesses of all sizes poorly prepared for an assault. Different iterations of ransomware such as Dharma, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for years and still inflict damage. Newer versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, plus additional as yet unnamed newcomers, not only encrypt on-line data files but also infect most available system protection mechanisms. Files synched to off-premises disaster recovery sites can also be ransomed. In a vulnerable data protection solution, this can make automatic restore operations hopeless and basically knocks the datacenter back to zero.
Restoring programs and information following a ransomware intrusion becomes a sprint against the clock as the targeted organization struggles to stop lateral movement, cleanup the virus, and restore business-critical activity. Because crypto-ransomware needs time to replicate throughout a network, penetrations are often sprung on weekends, when successful penetrations may take more time to detect. This compounds the difficulty of promptly marshalling and coordinating a qualified mitigation team.
Progent provides a range of help services for protecting Bristol organizations from ransomware events. These include team member training to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based threat protection to discover and disable day-zero malware attacks. Progent also provides the services of seasoned ransomware recovery consultants with the track record and perseverance to reconstruct a breached environment as soon as possible.
Progent's Ransomware Recovery Support Services
After a crypto-ransomware event, sending the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will return the needed keys to decrypt any or all of your data. Kaspersky Labs determined that seventeen percent of ransomware victims never restored their files after having sent off the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms are commonly a few hundred thousand dollars. For larger enterprises, the ransom demand can reach millions. The fallback is to re-install the essential components of your IT environment. Without access to complete system backups, this calls for a wide complement of skill sets, professional project management, and the capability to work 24x7 until the recovery project is over.
For decades, Progent has provided certified expert Information Technology services for businesses throughout the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have been awarded advanced certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security consultants have earned internationally-renowned certifications including CISM, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience with financial management and ERP application software. This breadth of experience affords Progent the ability to quickly ascertain important systems and organize the remaining parts of your computer network environment after a crypto-ransomware event and configure them into a functioning network.
Progent's security team of experts has state-of-the-art project management applications to orchestrate the sophisticated recovery process. Progent appreciates the urgency of acting swiftly and in unison with a customer's management and IT resources to prioritize tasks and to put the most important systems back on line as fast as humanly possible.
Customer Story: A Successful Crypto-Ransomware Incident Recovery
A small business hired Progent after their organization was taken over by the Ryuk ransomware virus. Ryuk is generally considered to have been deployed by North Korean government sponsored hackers, possibly adopting strategies leaked from America's National Security Agency. Ryuk goes after specific companies with little room for operational disruption and is among the most profitable examples of crypto-ransomware. Headline targets include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturing company located in the Chicago metro area with around 500 staff members. The Ryuk penetration had frozen all business operations and manufacturing processes. Most of the client's system backups had been directly accessible at the start of the intrusion and were damaged. The client was taking steps for paying the ransom demand (in excess of $200,000) and praying for good luck, but ultimately called Progent.
Progent worked hand in hand the client to rapidly assess and prioritize the critical areas that had to be restored in order to continue business functions:
In less than 2 days, Progent was able to restore Active Directory services to its pre-intrusion state. Progent then accomplished reinstallations and storage recovery on the most important servers. All Exchange schema and configuration information were intact, which accelerated the rebuild of Exchange. Progent was able to assemble local OST data files (Microsoft Outlook Offline Data Files) on team PCs to recover mail data. A recent offline backup of the businesses accounting systems made it possible to restore these required programs back available to users. Although a large amount of work still had to be done to recover completely from the Ryuk event, the most important systems were returned to operations quickly:
Over the next month important milestones in the recovery project were completed in close cooperation between Progent team members and the client:
Conclusion
A potential company-ending disaster was dodged with top-tier professionals, a broad range of subject matter expertise, and tight collaboration. Although in post mortem the crypto-ransomware virus attack detailed here would have been prevented with advanced security technology and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator education, and properly executed security procedures for data backup and applying software patches, the fact is that state-sponsored cyber criminals from China, North Korea and elsewhere are relentless and represent an ongoing threat. If you do get hit by a ransomware incursion, feel confident that Progent's roster of professionals has a proven track record in crypto-ransomware virus blocking, mitigation, and information systems restoration.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Bristol
For ransomware system recovery expertise in the Bristol metro area, call Progent at