Ransomware Protection and Restoration Consulting Brooklyn

Ransomware : Your Crippling IT Catastrophe
Ransomware has become a too-frequent cyberplague that poses an extinction-level threat for businesses of all sizes unprepared for an attack. Different iterations of ransomware like the CrySIS, WannaCry, Locky, Syskey and MongoLock cryptoworms have been circulating for a long time and continue to cause damage. Newer variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus frequent as yet unnamed malware, not only do encryption of online files but also infiltrate most accessible system protection mechanisms. Information replicated to the cloud can also be rendered useless. In a vulnerable data protection solution, this can render any restore operations impossible and basically knocks the network back to square one.

Restoring services and information after a ransomware intrusion becomes a sprint against the clock as the targeted organization struggles to contain the damage and eradicate the crypto-ransomware and to restore mission-critical operations. Because crypto-ransomware requires time to spread, assaults are usually sprung during weekends and nights, when successful attacks may take longer to recognize. This multiplies the difficulty of quickly assembling and organizing a capable mitigation team.

Progent makes available a range of services for protecting Brooklyn organizations from ransomware penetrations. Among these are user training to help recognize and avoid phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, along with deployment of the latest generation security appliances with artificial intelligence technology to intelligently discover and suppress zero-day cyber threats. Progent in addition can provide the services of expert ransomware recovery professionals with the talent and perseverance to restore a breached network as rapidly as possible.

Progent's Ransomware Recovery Help
Following a crypto-ransomware penetration, sending the ransom demands in Bitcoin cryptocurrency does not ensure that criminal gangs will provide the needed keys to decipher any or all of your information. Kaspersky Labs estimated that 17% of crypto-ransomware victims never restored their information after having paid the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the typical ransomware demands, which ZDNET estimated to be in the range of $13,000 for small organizations. The fallback is to piece back together the vital elements of your Information Technology environment. Absent the availability of essential information backups, this calls for a wide range of IT skills, top notch project management, and the capability to work non-stop until the recovery project is done.

For decades, Progent has provided certified expert IT services for companies throughout the US and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have attained high-level industry certifications in foundation technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security consultants have garnered internationally-renowned certifications including CISA, CISSP-ISSAP, CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has experience with financial systems and ERP software solutions. This breadth of experience gives Progent the ability to efficiently determine important systems and consolidate the remaining pieces of your IT system following a crypto-ransomware penetration and assemble them into a functioning system.

Progent's security team has top notch project management tools to coordinate the complex restoration process. Progent knows the importance of acting quickly and in unison with a client's management and IT team members to prioritize tasks and to put the most important applications back online as soon as humanly possible.

Case Study: A Successful Ransomware Virus Response
A small business engaged Progent after their company was brought down by the Ryuk ransomware. Ryuk is thought to have been created by North Korean state criminal gangs, suspected of using technology exposed from America’s NSA organization. Ryuk targets specific businesses with little or no tolerance for disruption and is one of the most lucrative versions of crypto-ransomware. High publicized targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing business based in the Chicago metro area and has around 500 workers. The Ryuk event had frozen all business operations and manufacturing processes. Most of the client's information backups had been on-line at the start of the intrusion and were encrypted. The client was taking steps for paying the ransom (in excess of $200K) and wishfully thinking for the best, but ultimately brought in Progent.

Progent worked hand in hand the customer to rapidly identify and prioritize the critical applications that had to be recovered in order to continue business operations:

• Microsoft Active Directory
• Exchange Server
• Financials/MRP

Within two days, Progent was able to recover Active Directory services to its pre-attack state. Progent then initiated reinstallations and hard drive recovery of critical applications. All Exchange Server ties and configuration information were intact, which greatly helped the restore of Exchange. Progent was able to assemble non-encrypted OST files (Outlook Email Off-Line Data Files) on staff desktop computers and laptops to recover email messages. A not too old off-line backup of the client's financials/MRP systems made them able to restore these vital applications back servicing users. Although major work remained to recover totally from the Ryuk event, critical systems were restored quickly:

Over the following couple of weeks critical milestones in the recovery project were accomplished in close collaboration between Progent team members and the client:

• Internal web sites were restored with no loss of data.
• The MailStore Microsoft Exchange Server containing more than four million archived messages was restored to operations and available for users.
• CRM/Customer Orders/Invoices/Accounts Payable (AP)/AR/Inventory Control capabilities were 100% functional.
• A new Palo Alto Networks 850 firewall was brought online.
• Ninety percent of the user PCs were fully operational.

Conclusion
A potential enterprise-killing disaster was dodged with dedicated professionals, a broad spectrum of technical expertise, and tight collaboration. Although in hindsight the ransomware penetration detailed here would have been identified and prevented with modern security solutions and security best practices, user and IT administrator training, and well thought out security procedures for backup and proper patching controls, the fact is that government-sponsored cyber criminals from Russia, China and elsewhere are relentless and represent an ongoing threat. If you do get hit by a crypto-ransomware incident, remember that Progent's team of experts has proven experience in ransomware virus blocking, removal, and file recovery.

Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Expertise in Brooklyn
For ransomware cleanup consulting in the Brooklyn metro area, phone Progent at 800-462-8800 or see Contact Progent.