Crypto-Ransomware : Your Crippling IT Catastrophe
Ransomware has become an escalating cyber pandemic that presents an existential danger for businesses unprepared for an attack. Different iterations of ransomware like the Dharma, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been running rampant for a long time and still cause harm. Modern strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, plus additional unnamed viruses, not only do encryption of online critical data but also infiltrate all accessible system backup. Data synchronized to the cloud can also be rendered useless. In a vulnerable system, this can make any restoration hopeless and basically sets the network back to square one.
Recovering services and data following a crypto-ransomware attack becomes a race against the clock as the targeted organization fights to contain and cleanup the ransomware and to restore business-critical operations. Due to the fact that ransomware takes time to replicate, penetrations are frequently launched during weekends and nights, when attacks in many cases take longer to recognize. This compounds the difficulty of promptly assembling and coordinating a qualified response team.
Progent has an assortment of support services for securing Buffalo organizations from crypto-ransomware events. These include team member training to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat protection to discover and disable day-zero modern malware assaults. Progent in addition offers the services of seasoned ransomware recovery professionals with the skills and perseverance to reconstruct a compromised network as quickly as possible.
Progent's Crypto-Ransomware Restoration Support Services
After a ransomware attack, sending the ransom in Bitcoin cryptocurrency does not guarantee that cyber hackers will respond with the needed codes to decipher all your files. Kaspersky determined that 17% of ransomware victims never recovered their files after having paid the ransom, resulting in increased losses. The gamble is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is greatly above the typical ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller businesses. The other path is to re-install the vital parts of your IT environment. Without the availability of essential data backups, this calls for a broad complement of skills, top notch project management, and the capability to work non-stop until the job is finished.
For decades, Progent has offered certified expert Information Technology services for companies across the US and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have earned advanced certifications in key technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security consultants have garnered internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent also has experience with accounting and ERP software solutions. This breadth of expertise affords Progent the ability to rapidly ascertain necessary systems and integrate the surviving parts of your network system after a crypto-ransomware event and assemble them into a functioning network.
Progent's security group has best of breed project management applications to coordinate the complex recovery process. Progent knows the importance of working quickly and in concert with a client's management and IT resources to prioritize tasks and to get the most important services back online as fast as humanly possible.
Client Case Study: A Successful Ransomware Penetration Response
A business escalated to Progent after their network system was attacked by Ryuk ransomware virus. Ryuk is thought to have been developed by North Korean state hackers, possibly using technology leaked from the U.S. National Security Agency. Ryuk targets specific organizations with limited room for disruption and is one of the most profitable iterations of ransomware malware. Well Known targets include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturing business based in Chicago and has around 500 workers. The Ryuk penetration had frozen all essential operations and manufacturing capabilities. Most of the client's backups had been directly accessible at the beginning of the intrusion and were encrypted. The client was pursuing financing for paying the ransom demand (more than two hundred thousand dollars) and praying for the best, but ultimately reached out to Progent.
Progent worked hand in hand the customer to rapidly determine and prioritize the mission critical services that needed to be restored in order to continue business functions:
Within two days, Progent was able to recover Active Directory services to its pre-intrusion state. Progent then helped perform rebuilding and storage recovery on key applications. All Exchange ties and attributes were usable, which accelerated the rebuild of Exchange. Progent was also able to assemble non-encrypted OST files (Microsoft Outlook Offline Folder Files) on user workstations and laptops to recover email information. A recent off-line backup of the customer's accounting/MRP systems made it possible to recover these essential programs back online for users. Although significant work was left to recover completely from the Ryuk attack, core systems were returned to operations quickly:
Throughout the next month critical milestones in the restoration process were made through close cooperation between Progent consultants and the customer:
Conclusion
A likely business-ending disaster was averted due to results-oriented experts, a broad array of IT skills, and tight teamwork. Although in retrospect the ransomware virus attack described here would have been prevented with modern security solutions and security best practices, staff training, and well designed security procedures for information protection and keeping systems up to date with security patches, the reality remains that state-sponsored cybercriminals from Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a crypto-ransomware incident, remember that Progent's team of experts has extensive experience in ransomware virus blocking, removal, and data disaster recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Expertise in Buffalo
For ransomware system restoration services in the Buffalo metro area, call Progent at