Ransomware : Your Feared Information Technology Disaster
Ransomware has become a too-frequent cyber pandemic that presents an enterprise-level danger for organizations vulnerable to an attack. Versions of ransomware such as CryptoLocker, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been running rampant for a long time and still cause destruction. More recent strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, plus frequent as yet unnamed malware, not only encrypt online files but also infiltrate many available system protection. Files synchronized to the cloud can also be corrupted. In a vulnerable data protection solution, this can render automated restoration useless and basically knocks the datacenter back to square one.
Recovering applications and information following a ransomware intrusion becomes a sprint against the clock as the targeted business fights to contain the damage and eradicate the crypto-ransomware and to restore enterprise-critical activity. Due to the fact that crypto-ransomware takes time to move laterally, assaults are often launched during weekends and nights, when penetrations in many cases take more time to uncover. This multiplies the difficulty of quickly mobilizing and organizing a qualified response team.
Progent makes available a range of solutions for protecting Broomfield enterprises from ransomware events. These include team member training to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring for remote monitoring and management, along with setup and configuration of next-generation security gateways with artificial intelligence technology to rapidly identify and suppress zero-day cyber threats. Progent also provides the services of experienced ransomware recovery professionals with the talent and perseverance to restore a compromised network as quickly as possible.
Progent's Ransomware Recovery Help
Soon after a crypto-ransomware attack, sending the ransom demands in Bitcoin cryptocurrency does not provide any assurance that cyber hackers will provide the codes to decipher all your information. Kaspersky determined that 17% of ransomware victims never restored their data after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is well higher than the average crypto-ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller businesses. The alternative is to setup from scratch the essential components of your Information Technology environment. Without the availability of essential data backups, this requires a broad range of IT skills, professional project management, and the willingness to work non-stop until the job is completed.
For two decades, Progent has offered professional IT services for businesses throughout the US and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have been awarded high-level certifications in key technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have earned internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has expertise with accounting and ERP application software. This breadth of expertise provides Progent the skills to rapidly identify important systems and re-organize the remaining components of your network environment following a ransomware penetration and rebuild them into a functioning system.
Progent's security team of experts uses state-of-the-art project management tools to coordinate the complicated recovery process. Progent knows the urgency of acting swiftly and in unison with a client's management and IT team members to assign priority to tasks and to get key applications back on line as soon as humanly possible.
Business Case Study: A Successful Ransomware Virus Response
A business contacted Progent after their organization was taken over by the Ryuk ransomware virus. Ryuk is believed to have been launched by North Korean state hackers, possibly adopting algorithms leaked from America’s NSA organization. Ryuk attacks specific businesses with little room for disruption and is among the most profitable versions of ransomware viruses. Headline targets include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturing company headquartered in Chicago and has about 500 staff members. The Ryuk intrusion had paralyzed all essential operations and manufacturing processes. Most of the client's backups had been on-line at the beginning of the attack and were destroyed. The client considered paying the ransom demand (exceeding $200,000) and wishfully thinking for good luck, but in the end utilized Progent.
Progent worked together with the client to quickly assess and assign priority to the essential services that had to be restored in order to continue company operations:
Within 48 hours, Progent was able to recover Active Directory to its pre-virus state. Progent then charged ahead with setup and storage recovery on the most important applications. All Microsoft Exchange Server data and attributes were usable, which greatly helped the rebuild of Exchange. Progent was able to find intact OST files (Outlook Offline Folder Files) on user workstations and laptops in order to recover mail messages. A recent off-line backup of the customer’s manufacturing systems made them able to return these vital programs back available to users. Although significant work still had to be done to recover fully from the Ryuk event, the most important systems were recovered rapidly:
During the following couple of weeks important milestones in the recovery process were made in tight collaboration between Progent team members and the client:
Conclusion
A likely enterprise-killing catastrophe was avoided through the efforts of top-tier experts, a wide array of knowledge, and tight teamwork. Although in post mortem the ransomware virus penetration detailed here should have been shut down with advanced cyber security technology solutions and recognized best practices, user education, and appropriate security procedures for backup and keeping systems up to date with security patches, the reality remains that state-sponsored cyber criminals from China, North Korea and elsewhere are tireless and will continue. If you do fall victim to a ransomware attack, feel confident that Progent's team of experts has a proven track record in ransomware virus blocking, mitigation, and data restoration.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Broomfield
For ransomware cleanup services in the Broomfield area, call Progent at