Crypto-Ransomware : Your Crippling IT Disaster
Ransomware has become a modern cyberplague that represents an extinction-level danger for organizations unprepared for an attack. Different iterations of ransomware like the CryptoLocker, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been circulating for many years and still cause havoc. More recent versions of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, as well as daily unnamed malware, not only encrypt online critical data but also infect any configured system protection. Files replicated to off-premises disaster recovery sites can also be ransomed. In a vulnerable environment, this can make any restore operations impossible and basically knocks the network back to zero.
Getting back online applications and information after a crypto-ransomware outage becomes a sprint against the clock as the targeted organization fights to contain the damage, remove the ransomware, and resume enterprise-critical operations. Because ransomware needs time to move laterally across a network, assaults are frequently launched at night, when successful penetrations may take longer to recognize. This multiplies the difficulty of quickly assembling and orchestrating a knowledgeable response team.
Progent makes available a variety of help services for securing Broomfield enterprises from ransomware attacks. These include team member training to help identify and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based cyberthreat defense to identify and extinguish day-zero modern malware attacks. Progent also can provide the assistance of experienced crypto-ransomware recovery professionals with the skills and commitment to reconstruct a breached network as urgently as possible.
Progent's Ransomware Recovery Services
Following a crypto-ransomware event, paying the ransom demands in cryptocurrency does not guarantee that cyber hackers will return the codes to decipher any of your files. Kaspersky ascertained that 17% of crypto-ransomware victims never recovered their files after having sent off the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms are commonly a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions of dollars. The other path is to re-install the mission-critical components of your IT environment. Absent access to complete information backups, this calls for a broad complement of skill sets, well-coordinated project management, and the capability to work 24x7 until the recovery project is complete.
For two decades, Progent has provided professional IT services for companies across the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have attained top certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security specialists have earned internationally-renowned industry certifications including CISM, CISSP-ISSAP, ISACA CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience in financial systems and ERP applications. This breadth of expertise gives Progent the capability to efficiently determine important systems and consolidate the surviving parts of your computer network environment following a ransomware event and rebuild them into a functioning network.
Progent's recovery group uses best of breed project management applications to orchestrate the sophisticated restoration process. Progent appreciates the importance of working quickly and in concert with a customer's management and Information Technology staff to assign priority to tasks and to get critical systems back online as soon as possible.
Customer Story: A Successful Ransomware Virus Response
A business contacted Progent after their organization was brought down by the Ryuk ransomware. Ryuk is thought to have been created by North Korean government sponsored hackers, suspected of adopting technology leaked from the U.S. National Security Agency. Ryuk targets specific organizations with limited ability to sustain disruption and is among the most profitable examples of crypto-ransomware. High publicized organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing company located in Chicago and has about 500 staff members. The Ryuk attack had disabled all business operations and manufacturing processes. Most of the client's data backups had been online at the beginning of the intrusion and were encrypted. The client was evaluating paying the ransom (more than $200,000) and praying for the best, but in the end utilized Progent.
Progent worked together with the client to rapidly determine and prioritize the essential systems that needed to be addressed to make it possible to continue company functions:
In less than two days, Progent was able to recover Windows Active Directory to its pre-intrusion state. Progent then accomplished reinstallations and hard drive recovery on critical systems. All Exchange ties and configuration information were intact, which facilitated the restore of Exchange. Progent was also able to collect non-encrypted OST files (Outlook Email Offline Folder Files) on staff workstations in order to recover email information. A not too old off-line backup of the client's accounting software made it possible to restore these essential applications back online. Although significant work needed to be completed to recover completely from the Ryuk attack, the most important services were returned to operations quickly:
During the next couple of weeks important milestones in the recovery project were made through close collaboration between Progent consultants and the client:
Conclusion
A probable business-ending catastrophe was evaded due to hard-working experts, a wide array of technical expertise, and close teamwork. Although upon completion of forensics the ransomware virus incident detailed here should have been stopped with advanced cyber security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator training, and well thought out security procedures for backup and applying software patches, the fact remains that government-sponsored cybercriminals from Russia, China and elsewhere are relentless and represent an ongoing threat. If you do get hit by a ransomware attack, feel confident that Progent's roster of experts has a proven track record in crypto-ransomware virus defense, remediation, and information systems recovery.
Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Expertise in Broomfield
For ransomware cleanup consulting in the Broomfield area, phone Progent at