Ransomware : Your Worst IT Disaster
Ransomware has become a modern cyber pandemic that represents an enterprise-level danger for businesses unprepared for an assault. Versions of crypto-ransomware like the Dharma, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been circulating for years and still inflict havoc. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, along with additional unnamed viruses, not only encrypt on-line critical data but also infect any available system backup. Files synchronized to off-site disaster recovery sites can also be rendered useless. In a poorly designed environment, this can render automatic restore operations useless and effectively knocks the network back to zero.
Getting back online programs and data after a ransomware attack becomes a sprint against the clock as the targeted business tries its best to contain and clear the ransomware and to resume enterprise-critical activity. Due to the fact that crypto-ransomware requires time to move laterally, attacks are frequently sprung during nights and weekends, when successful penetrations are likely to take longer to recognize. This compounds the difficulty of rapidly assembling and orchestrating an experienced response team.
Progent has a range of solutions for protecting Brooklyn businesses from ransomware events. Among these are user training to help identify and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based cyberthreat defense to identify and suppress zero-day modern malware assaults. Progent also can provide the assistance of experienced crypto-ransomware recovery engineers with the skills and perseverance to rebuild a breached environment as soon as possible.
Progent's Ransomware Restoration Support Services
Following a ransomware penetration, sending the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will return the needed codes to decrypt all your information. Kaspersky determined that seventeen percent of ransomware victims never restored their information after having sent off the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is significantly above the average crypto-ransomware demands, which ZDNET determined to be around $13,000 for small businesses. The alternative is to setup from scratch the vital parts of your IT environment. Absent access to essential system backups, this requires a wide range of skills, professional project management, and the capability to work 24x7 until the task is completed.
For decades, Progent has made available expert Information Technology services for businesses across the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned high-level industry certifications in important technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security engineers have earned internationally-recognized industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise with financial systems and ERP applications. This breadth of expertise provides Progent the ability to rapidly ascertain necessary systems and integrate the surviving parts of your IT environment after a ransomware attack and rebuild them into a functioning network.
Progent's ransomware group utilizes best of breed project management systems to orchestrate the sophisticated restoration process. Progent appreciates the importance of acting rapidly and in unison with a client's management and IT team members to prioritize tasks and to get critical systems back on line as fast as possible.
Client Story: A Successful Ransomware Virus Recovery
A client hired Progent after their organization was brought down by the Ryuk ransomware virus. Ryuk is thought to have been launched by North Korean state cybercriminals, possibly using techniques leaked from America's National Security Agency. Ryuk attacks specific companies with little room for operational disruption and is among the most lucrative incarnations of ransomware malware. Major targets include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing business based in the Chicago metro area and has around 500 workers. The Ryuk intrusion had shut down all company operations and manufacturing processes. The majority of the client's system backups had been directly accessible at the time of the intrusion and were damaged. The client was evaluating paying the ransom (in excess of $200,000) and praying for the best, but ultimately made the decision to use Progent.
Progent worked hand in hand the customer to quickly identify and assign priority to the essential areas that had to be recovered to make it possible to continue departmental functions:
Within two days, Progent was able to recover Active Directory to its pre-intrusion state. Progent then assisted with rebuilding and storage recovery of the most important systems. All Microsoft Exchange Server data and configuration information were usable, which accelerated the restore of Exchange. Progent was able to locate local OST data files (Outlook Off-Line Data Files) on team PCs and laptops to recover email information. A not too old off-line backup of the businesses accounting software made it possible to restore these essential programs back on-line. Although significant work still had to be done to recover completely from the Ryuk virus, core systems were restored rapidly:
Over the following few weeks key milestones in the recovery project were completed in close collaboration between Progent team members and the customer:
Conclusion
A possible business catastrophe was avoided with results-oriented experts, a broad range of subject matter expertise, and tight teamwork. Although in hindsight the ransomware virus incident detailed here could have been identified and stopped with up-to-date security solutions and recognized best practices, staff training, and properly executed incident response procedures for backup and keeping systems up to date with security patches, the reality remains that state-sponsored cyber criminals from Russia, China and elsewhere are relentless and are not going away. If you do get hit by a crypto-ransomware penetration, feel confident that Progent's roster of professionals has proven experience in crypto-ransomware virus defense, mitigation, and data disaster recovery.
Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Expertise in Brooklyn
For ransomware system recovery expertise in the Brooklyn area, phone Progent at