Ransomware : Your Worst IT Nightmare
Ransomware has become an escalating cyberplague that represents an extinction-level threat for organizations poorly prepared for an attack. Multiple generations of ransomware like the Reveton, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been running rampant for a long time and continue to cause destruction. Modern strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus frequent unnamed viruses, not only perform encryption of on-line files but also infiltrate many configured system protection. Data replicated to the cloud can also be corrupted. In a poorly architected system, it can make any restore operations impossible and effectively knocks the network back to zero.
Getting back online applications and data following a ransomware outage becomes a sprint against the clock as the targeted business fights to stop the spread, cleanup the virus, and resume mission-critical operations. Since crypto-ransomware needs time to move laterally across a network, attacks are often sprung at night, when attacks may take longer to notice. This compounds the difficulty of rapidly assembling and coordinating an experienced mitigation team.
Progent provides a variety of solutions for protecting Broomfield enterprises from ransomware attacks. These include team training to help recognize and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat protection to discover and quarantine zero-day malware attacks. Progent also can provide the assistance of seasoned ransomware recovery professionals with the talent and perseverance to reconstruct a breached system as urgently as possible.
Progent's Ransomware Restoration Services
After a crypto-ransomware attack, sending the ransom demands in cryptocurrency does not guarantee that merciless criminals will respond with the keys to decipher any of your files. Kaspersky Labs estimated that 17% of ransomware victims never recovered their files after having sent off the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms are commonly several hundred thousand dollars. For larger enterprises, the ransom can reach millions of dollars. The fallback is to re-install the mission-critical parts of your IT environment. Absent the availability of complete system backups, this calls for a broad complement of skills, top notch team management, and the willingness to work continuously until the recovery project is finished.
For two decades, Progent has provided professional Information Technology services for businesses throughout the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded advanced certifications in leading technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have earned internationally-recognized industry certifications including CISA, CISSP, CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has expertise in financial management and ERP applications. This breadth of expertise gives Progent the skills to quickly determine critical systems and organize the surviving components of your network system following a crypto-ransomware event and rebuild them into a functioning network.
Progent's ransomware team of experts uses powerful project management tools to orchestrate the sophisticated recovery process. Progent knows the urgency of acting quickly and in concert with a client's management and Information Technology staff to assign priority to tasks and to get critical applications back on-line as soon as humanly possible.
Business Case Study: A Successful Ransomware Incident Recovery
A customer escalated to Progent after their network was penetrated by Ryuk ransomware virus. Ryuk is generally considered to have been deployed by North Korean state sponsored hackers, suspected of using algorithms leaked from America's NSA organization. Ryuk targets specific companies with limited tolerance for disruption and is one of the most lucrative examples of ransomware viruses. High publicized victims include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing company headquartered in the Chicago metro area and has around 500 staff members. The Ryuk event had disabled all business operations and manufacturing processes. The majority of the client's data backups had been on-line at the beginning of the attack and were damaged. The client was actively seeking loans for paying the ransom (more than $200,000) and praying for good luck, but in the end made the decision to use Progent.
Progent worked together with the customer to quickly determine and assign priority to the critical systems that had to be recovered in order to restart company functions:
In less than 48 hours, Progent was able to re-build Windows Active Directory to its pre-virus state. Progent then performed reinstallations and storage recovery on key servers. All Microsoft Exchange Server data and attributes were intact, which facilitated the restore of Exchange. Progent was able to locate local OST data files (Microsoft Outlook Offline Folder Files) on user desktop computers in order to recover mail data. A recent off-line backup of the client's financials/ERP systems made them able to return these essential programs back available to users. Although a lot of work needed to be completed to recover completely from the Ryuk attack, the most important services were restored rapidly:
During the next couple of weeks critical milestones in the recovery project were completed through close cooperation between Progent engineers and the client:
Conclusion
A probable business catastrophe was dodged by hard-working experts, a broad range of IT skills, and tight teamwork. Although in retrospect the crypto-ransomware incident detailed here could have been disabled with modern security technology and security best practices, user training, and well designed incident response procedures for information protection and keeping systems up to date with security patches, the fact is that state-sponsored hackers from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do get hit by a crypto-ransomware incursion, remember that Progent's team of experts has substantial experience in ransomware virus defense, mitigation, and information systems recovery.
Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Broomfield
For ransomware system recovery consulting in the Broomfield area, call Progent at