Ransomware Defense and Restoration Consulting Brooklyn

Ransomware : Your Feared IT Disaster
Crypto-Ransomware has become an escalating cyberplague that poses an enterprise-level danger for businesses unprepared for an attack. Different versions of crypto-ransomware like the CrySIS, CryptoWall, Bad Rabbit, NotPetya and MongoLock cryptoworms have been out in the wild for years and still inflict damage. Newer versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as more unnamed viruses, not only encrypt online critical data but also infiltrate all available system restores and backups. Files synched to the cloud can also be ransomed. In a poorly architected environment, this can make automated recovery impossible and effectively knocks the datacenter back to zero.

Retrieving applications and data after a ransomware intrusion becomes a sprint against time as the targeted organization struggles to contain, cleanup the virus, and restore enterprise-critical operations. Since ransomware needs time to move laterally across a targeted network, penetrations are often launched on weekends, when successful attacks are likely to take more time to detect. This multiplies the difficulty of promptly marshalling and coordinating a knowledgeable response team.

Progent offers a range of solutions for protecting Brooklyn enterprises from crypto-ransomware events. These include staff training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's AI-based cyberthreat defense to identify and extinguish day-zero modern malware attacks. Progent in addition can provide the services of seasoned crypto-ransomware recovery consultants with the talent and perseverance to re-deploy a breached environment as quickly as possible.

Progent's Crypto-Ransomware Recovery Help
Following a ransomware invasion, sending the ransom in cryptocurrency does not guarantee that cyber hackers will provide the needed keys to decrypt all your information. Kaspersky determined that 17% of ransomware victims never recovered their files even after having paid the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms are often a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The other path is to re-install the vital elements of your Information Technology environment. Absent the availability of full system backups, this calls for a wide complement of IT skills, well-coordinated team management, and the ability to work 24x7 until the task is finished.

For decades, Progent has offered expert Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have attained high-level industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has experience with financial management and ERP software solutions. This breadth of expertise provides Progent the capability to rapidly ascertain important systems and re-organize the remaining parts of your computer network environment after a ransomware penetration and rebuild them into a functioning system.

Progent's security team uses state-of-the-art project management tools to coordinate the complicated restoration process. Progent knows the urgency of working quickly and in unison with a client's management and Information Technology resources to prioritize tasks and to get the most important applications back on line as soon as humanly possible.

Customer Case Study: A Successful Crypto-Ransomware Intrusion Response
A customer engaged Progent after their network was attacked by the Ryuk ransomware. Ryuk is thought to have been deployed by North Korean state sponsored criminal gangs, suspected of using strategies exposed from America's National Security Agency. Ryuk seeks specific businesses with little ability to sustain operational disruption and is among the most lucrative examples of crypto-ransomware. Major victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturer located in Chicago with around 500 staff members. The Ryuk attack had paralyzed all business operations and manufacturing processes. Most of the client's data backups had been online at the start of the intrusion and were destroyed. The client was actively seeking loans for paying the ransom demand (more than two hundred thousand dollars) and hoping for good luck, but ultimately called Progent.

Progent worked together with the customer to quickly determine and assign priority to the mission critical systems that needed to be restored in order to continue departmental operations:

• Active Directory (AD)
• E-Mail
• MRP System

In less than two days, Progent was able to rebuild Active Directory to its pre-intrusion state. Progent then helped perform reinstallations and storage recovery on key systems. All Microsoft Exchange Server data and configuration information were intact, which greatly helped the rebuild of Exchange. Progent was also able to locate intact OST files (Outlook Offline Data Files) on team workstations and laptops in order to recover mail information. A recent offline backup of the customer's financials/ERP software made them able to recover these vital programs back online for users. Although significant work needed to be completed to recover fully from the Ryuk damage, critical systems were recovered quickly:

Over the next month critical milestones in the restoration project were accomplished in close collaboration between Progent consultants and the customer:

• In-house web sites were returned to operation with no loss of data.
• The MailStore Microsoft Exchange Server containing more than four million historical emails was restored to operations and available for users.
• CRM/Customer Orders/Invoices/Accounts Payable/Accounts Receivables/Inventory Control functions were 100 percent operational.
• A new Palo Alto 850 security appliance was brought online.
• 90% of the user workstations were functioning as before the incident.

Conclusion
A possible business disaster was evaded by top-tier experts, a wide spectrum of knowledge, and tight collaboration. Although upon completion of forensics the ransomware penetration detailed here should have been identified and prevented with up-to-date security solutions and security best practices, staff training, and properly executed incident response procedures for data protection and proper patching controls, the fact remains that government-sponsored hackers from China, Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a crypto-ransomware virus, feel confident that Progent's team of professionals has a proven track record in ransomware virus blocking, remediation, and information systems restoration.

Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Consulting Services in Brooklyn
For ransomware recovery consulting services in the Brooklyn area, call Progent at 800-462-8800 or visit Contact Progent.