Ransomware Protection and Removal Services Brooklyn

Ransomware : Your Feared IT Catastrophe
Ransomware has become a too-frequent cyberplague that represents an existential danger for businesses of all sizes poorly prepared for an assault. Different versions of ransomware like the Dharma, Fusob, Locky, Syskey and MongoLock cryptoworms have been around for years and continue to inflict destruction. Newer variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus frequent as yet unnamed newcomers, not only encrypt on-line files but also infiltrate any available system protection mechanisms. Information synchronized to cloud environments can also be encrypted. In a poorly architected system, it can make automated restore operations impossible and effectively sets the network back to zero.

Retrieving applications and information following a ransomware intrusion becomes a race against time as the victim fights to contain the damage and cleanup the crypto-ransomware and to restore enterprise-critical activity. Due to the fact that ransomware takes time to move laterally, penetrations are often launched on weekends and holidays, when attacks are likely to take more time to notice. This multiplies the difficulty of rapidly marshalling and orchestrating a knowledgeable response team.

Progent provides a variety of solutions for securing Brooklyn enterprises from ransomware events. Among these are team member training to help identify and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based cyberthreat defense to identify and disable zero-day malware assaults. Progent also provides the services of expert ransomware recovery professionals with the track record and perseverance to reconstruct a compromised system as urgently as possible.

Progent's Ransomware Recovery Help
Following a ransomware attack, paying the ransom demands in cryptocurrency does not ensure that distant criminals will respond with the codes to decipher any of your information. Kaspersky Labs estimated that seventeen percent of ransomware victims never restored their information even after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is well higher than the typical ransomware demands, which ZDNET estimated to be around $13,000 for small businesses. The fallback is to setup from scratch the key parts of your Information Technology environment. Absent the availability of full data backups, this requires a broad complement of IT skills, professional project management, and the capability to work 24x7 until the recovery project is done.

For two decades, Progent has provided certified expert Information Technology services for businesses across the United States and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have been awarded advanced certifications in key technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security engineers have earned internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, and GIAC. (Refer to Progent's certifications). Progent in addition has expertise in accounting and ERP application software. This breadth of expertise affords Progent the skills to knowledgably determine necessary systems and organize the surviving pieces of your Information Technology system after a ransomware attack and assemble them into a functioning system.

Progent's recovery team utilizes powerful project management systems to coordinate the sophisticated restoration process. Progent appreciates the importance of acting swiftly and in unison with a customer's management and IT staff to prioritize tasks and to get critical services back online as soon as possible.

Case Study: A Successful Ransomware Virus Recovery
A customer sought out Progent after their network was crashed by the Ryuk crypto-ransomware. Ryuk is believed to have been launched by Northern Korean government sponsored hackers, suspected of using techniques exposed from America's National Security Agency. Ryuk seeks specific organizations with limited ability to sustain disruption and is one of the most lucrative iterations of ransomware malware. High publicized organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturer located in the Chicago metro area with around 500 staff members. The Ryuk attack had frozen all business operations and manufacturing processes. The majority of the client's data backups had been online at the start of the intrusion and were damaged. The client was actively seeking loans for paying the ransom demand (exceeding two hundred thousand dollars) and wishfully thinking for the best, but in the end utilized Progent.

Progent worked together with the client to rapidly determine and prioritize the essential systems that had to be recovered in order to continue business functions:

• Active Directory (AD)
• Microsoft Exchange Email
• Accounting and Manufacturing Software

In less than 48 hours, Progent was able to re-build Active Directory to its pre-virus state. Progent then initiated setup and storage recovery on the most important servers. All Exchange data and configuration information were intact, which greatly helped the restore of Exchange. Progent was also able to assemble local OST data files (Outlook Email Off-Line Folder Files) on various workstations in order to recover email data. A not too old offline backup of the businesses manufacturing systems made it possible to return these vital programs back online for users. Although significant work needed to be completed to recover totally from the Ryuk event, the most important services were recovered rapidly:

During the next month important milestones in the restoration process were completed in close cooperation between Progent team members and the customer:

• Internal web sites were brought back up with no loss of information.
• The MailStore Server with over 4 million historical emails was brought on-line and accessible to users.
• CRM/Product Ordering/Invoicing/AP/Accounts Receivables (AR)/Inventory modules were 100% functional.
• A new Palo Alto Networks 850 security appliance was brought on-line.
• Nearly all of the desktop computers were functioning as before the incident.

Conclusion
A probable enterprise-killing disaster was averted due to dedicated professionals, a wide range of IT skills, and close collaboration. Although in post mortem the ransomware virus attack detailed here could have been shut down with modern cyber security technology solutions and ISO/IEC 27001 best practices, user and IT administrator education, and properly executed incident response procedures for information protection and proper patching controls, the reality is that state-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do get hit by a crypto-ransomware incident, remember that Progent's team of professionals has a proven track record in crypto-ransomware virus defense, mitigation, and data recovery.

Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Services in Brooklyn
For ransomware recovery consulting services in the Brooklyn area, phone Progent at 800-462-8800 or see Contact Progent.