Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become a too-frequent cyber pandemic that presents an extinction-level threat for organizations poorly prepared for an assault. Multiple generations of ransomware like the CrySIS, WannaCry, Locky, SamSam and MongoLock cryptoworms have been running rampant for a long time and continue to cause destruction. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, plus additional unnamed newcomers, not only perform encryption of online data but also infiltrate any available system restores and backups. Data synched to cloud environments can also be rendered useless. In a vulnerable system, it can make any restoration useless and effectively sets the network back to zero.
Getting back programs and information after a crypto-ransomware attack becomes a sprint against time as the targeted organization tries its best to stop the spread, remove the ransomware, and restore mission-critical activity. Because crypto-ransomware takes time to spread across a network, assaults are often sprung at night, when successful attacks may take more time to recognize. This compounds the difficulty of promptly assembling and orchestrating a knowledgeable response team.
Progent provides a variety of support services for protecting Broomfield enterprises from crypto-ransomware penetrations. These include team training to help recognize and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat protection to identify and extinguish day-zero malware attacks. Progent also offers the services of expert crypto-ransomware recovery consultants with the track record and commitment to restore a breached environment as urgently as possible.
Progent's Crypto-Ransomware Recovery Help
After a crypto-ransomware invasion, even paying the ransom demands in cryptocurrency does not provide any assurance that cyber criminals will return the codes to decipher any of your files. Kaspersky Labs determined that 17% of ransomware victims never restored their files after having paid the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom can be in the millions. The fallback is to piece back together the essential parts of your Information Technology environment. Without access to full information backups, this requires a broad range of skill sets, top notch team management, and the ability to work non-stop until the task is completed.
For twenty years, Progent has made available certified expert IT services for businesses across the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have attained advanced certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have garnered internationally-recognized industry certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has experience in financial systems and ERP applications. This breadth of expertise gives Progent the ability to efficiently identify important systems and integrate the remaining pieces of your Information Technology environment following a crypto-ransomware attack and assemble them into a functioning network.
Progent's security group uses powerful project management applications to orchestrate the complicated recovery process. Progent understands the urgency of acting rapidly and together with a client's management and Information Technology team members to assign priority to tasks and to put essential systems back on-line as fast as possible.
Customer Story: A Successful Ransomware Penetration Restoration
A client sought out Progent after their network system was brought down by Ryuk crypto-ransomware. Ryuk is thought to have been launched by North Korean government sponsored hackers, suspected of adopting strategies exposed from the United States National Security Agency. Ryuk seeks specific businesses with little ability to sustain operational disruption and is one of the most lucrative incarnations of ransomware. Major targets include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing company located in the Chicago metro area with around 500 workers. The Ryuk penetration had disabled all essential operations and manufacturing processes. The majority of the client's backups had been directly accessible at the start of the intrusion and were encrypted. The client considered paying the ransom demand (in excess of two hundred thousand dollars) and praying for good luck, but ultimately made the decision to use Progent.
Progent worked with the client to quickly determine and assign priority to the critical services that had to be addressed in order to restart company functions:
Within 48 hours, Progent was able to restore Active Directory to its pre-penetration state. Progent then initiated reinstallations and hard drive recovery of mission critical applications. All Exchange Server schema and attributes were usable, which greatly helped the restore of Exchange. Progent was also able to assemble non-encrypted OST data files (Outlook Email Off-Line Folder Files) on staff desktop computers and laptops in order to recover email information. A not too old offline backup of the client's financials/MRP software made it possible to return these required programs back on-line. Although a large amount of work remained to recover fully from the Ryuk event, core systems were restored rapidly:
Over the next couple of weeks critical milestones in the restoration process were completed through close cooperation between Progent engineers and the customer:
Conclusion
A potential business-killing catastrophe was avoided with top-tier professionals, a broad spectrum of IT skills, and close collaboration. Although upon completion of forensics the ransomware virus incident described here should have been identified and blocked with advanced security technology solutions and best practices, team training, and well thought out incident response procedures for information backup and applying software patches, the reality remains that government-sponsored hackers from China, North Korea and elsewhere are tireless and will continue. If you do fall victim to a ransomware incident, remember that Progent's roster of professionals has proven experience in ransomware virus blocking, removal, and information systems disaster recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer story, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting in Broomfield
For ransomware system recovery services in the Broomfield metro area, call Progent at