Ransomware : Your Feared IT Catastrophe
Crypto-Ransomware has become a too-frequent cyber pandemic that poses an enterprise-level threat for businesses poorly prepared for an attack. Versions of ransomware such as Reveton, WannaCry, Locky, Syskey and MongoLock cryptoworms have been around for a long time and still inflict destruction. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, as well as daily as yet unnamed malware, not only do encryption of on-line files but also infiltrate many available system backup. Data synchronized to the cloud can also be corrupted. In a poorly designed environment, it can render any recovery useless and basically sets the network back to zero.
Getting back on-line programs and information following a ransomware attack becomes a race against the clock as the targeted business struggles to contain the damage and clear the crypto-ransomware and to resume business-critical operations. Because ransomware requires time to spread, penetrations are usually launched at night, when successful penetrations tend to take more time to notice. This compounds the difficulty of promptly assembling and orchestrating a knowledgeable mitigation team.
Progent provides a variety of help services for protecting Buffalo organizations from crypto-ransomware events. These include staff training to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring for remote monitoring and management, plus setup and configuration of modern security solutions with machine learning capabilities to intelligently identify and extinguish new threats. Progent also offers the assistance of veteran ransomware recovery consultants with the skills and perseverance to reconstruct a breached environment as quickly as possible.
Progent's Ransomware Recovery Help
Following a ransomware event, sending the ransom demands in Bitcoin cryptocurrency does not ensure that cyber criminals will respond with the needed codes to decrypt any or all of your files. Kaspersky ascertained that seventeen percent of crypto-ransomware victims never restored their information after having sent off the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is significantly above the typical crypto-ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller businesses. The alternative is to setup from scratch the mission-critical parts of your IT environment. Absent the availability of full information backups, this calls for a broad complement of skill sets, top notch project management, and the willingness to work continuously until the job is over.
For decades, Progent has provided professional Information Technology services for companies throughout the U.S. and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have been awarded top industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have earned internationally-renowned certifications including CISA, CISSP-ISSAP, CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise with accounting and ERP application software. This breadth of experience gives Progent the capability to rapidly ascertain important systems and organize the surviving pieces of your network system after a crypto-ransomware penetration and rebuild them into an operational system.
Progent's ransomware team of experts utilizes state-of-the-art project management systems to orchestrate the sophisticated restoration process. Progent understands the importance of acting rapidly and together with a customer's management and IT resources to assign priority to tasks and to put essential applications back on-line as fast as humanly possible.
Case Study: A Successful Ransomware Intrusion Response
A customer sought out Progent after their organization was brought down by Ryuk crypto-ransomware. Ryuk is generally considered to have been deployed by Northern Korean state sponsored hackers, possibly adopting strategies leaked from the U.S. National Security Agency. Ryuk goes after specific companies with limited room for operational disruption and is among the most profitable incarnations of crypto-ransomware. Major organizations include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a regional manufacturer headquartered in the Chicago metro area with about 500 staff members. The Ryuk event had brought down all essential operations and manufacturing capabilities. The majority of the client's backups had been on-line at the beginning of the intrusion and were damaged. The client was pursuing financing for paying the ransom demand (in excess of two hundred thousand dollars) and wishfully thinking for the best, but in the end called Progent.
Progent worked hand in hand the customer to rapidly understand and prioritize the mission critical elements that had to be recovered to make it possible to resume company functions:
Within two days, Progent was able to recover Windows Active Directory to its pre-attack state. Progent then assisted with reinstallations and storage recovery of key applications. All Microsoft Exchange Server schema and configuration information were usable, which facilitated the restore of Exchange. Progent was also able to collect intact OST data files (Outlook Email Off-Line Folder Files) on user desktop computers in order to recover mail messages. A not too old offline backup of the client's financials/MRP software made them able to restore these required services back online for users. Although major work was left to recover fully from the Ryuk attack, the most important systems were recovered quickly:
Throughout the next month important milestones in the recovery process were completed in close cooperation between Progent consultants and the client:
Conclusion
A potential business-ending disaster was avoided by hard-working professionals, a wide array of subject matter expertise, and tight teamwork. Although in retrospect the crypto-ransomware virus incident described here should have been blocked with up-to-date security technology solutions and NIST Cybersecurity Framework best practices, user and IT administrator training, and properly executed incident response procedures for information protection and proper patching controls, the reality is that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do fall victim to a ransomware incursion, remember that Progent's roster of experts has extensive experience in crypto-ransomware virus defense, remediation, and data restoration.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Buffalo
For ransomware system restoration consulting services in the Buffalo area, phone Progent at