Ransomware : Your Crippling Information Technology Disaster
Ransomware has become a modern cyber pandemic that represents an enterprise-level threat for businesses of all sizes unprepared for an attack. Different versions of ransomware such as CrySIS, Fusob, Locky, Syskey and MongoLock cryptoworms have been replicating for a long time and still cause damage. More recent strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with more unnamed newcomers, not only perform encryption of on-line files but also infiltrate all accessible system protection. Data synched to cloud environments can also be encrypted. In a poorly architected data protection solution, it can render automatic restore operations useless and basically knocks the network back to zero.
Getting back on-line applications and information after a ransomware event becomes a race against time as the targeted organization fights to contain the damage, cleanup the ransomware, and resume enterprise-critical activity. Due to the fact that crypto-ransomware requires time to move laterally throughout a network, assaults are often sprung during nights and weekends, when successful penetrations are likely to take more time to discover. This compounds the difficulty of rapidly assembling and organizing a capable response team.
Progent offers a range of help services for protecting Buffalo organizations from ransomware attacks. Among these are team member training to help recognize and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based threat protection to detect and disable day-zero malware attacks. Progent also can provide the services of seasoned crypto-ransomware recovery engineers with the skills and commitment to rebuild a compromised system as soon as possible.
Progent's Ransomware Restoration Support Services
After a ransomware event, sending the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will return the codes to decrypt any or all of your information. Kaspersky Labs ascertained that 17% of ransomware victims never restored their information even after having sent off the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms are commonly several hundred thousand dollars. For larger organizations, the ransom can reach millions. The alternative is to piece back together the vital parts of your Information Technology environment. Absent access to full information backups, this calls for a broad complement of IT skills, top notch project management, and the ability to work non-stop until the recovery project is complete.
For decades, Progent has made available expert Information Technology services for companies across the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have been awarded advanced certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security specialists have earned internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has expertise in financial management and ERP application software. This breadth of expertise gives Progent the skills to rapidly identify critical systems and consolidate the remaining pieces of your Information Technology environment after a ransomware penetration and configure them into a functioning network.
Progent's ransomware team of experts has state-of-the-art project management tools to orchestrate the sophisticated restoration process. Progent understands the importance of acting quickly and in unison with a customer's management and Information Technology team members to prioritize tasks and to put the most important systems back online as fast as humanly possible.
Customer Story: A Successful Crypto-Ransomware Penetration Recovery
A small business escalated to Progent after their company was crashed by the Ryuk ransomware. Ryuk is thought to have been deployed by North Korean state sponsored hackers, suspected of adopting strategies exposed from the United States National Security Agency. Ryuk attacks specific organizations with little ability to sustain disruption and is one of the most lucrative examples of crypto-ransomware. Headline victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturer located in the Chicago metro area and has about 500 employees. The Ryuk intrusion had frozen all company operations and manufacturing processes. Most of the client's system backups had been on-line at the time of the attack and were encrypted. The client was evaluating paying the ransom (in excess of $200,000) and wishfully thinking for the best, but in the end brought in Progent.
Progent worked hand in hand the client to rapidly assess and prioritize the key areas that had to be addressed to make it possible to restart business operations:
Within two days, Progent was able to restore Windows Active Directory to its pre-virus state. Progent then performed setup and hard drive recovery on essential servers. All Exchange Server schema and attributes were usable, which greatly helped the rebuild of Exchange. Progent was able to assemble local OST data files (Outlook Offline Data Files) on team workstations and laptops to recover email information. A recent off-line backup of the customer's manufacturing systems made them able to restore these essential applications back online for users. Although major work remained to recover totally from the Ryuk damage, essential services were recovered quickly:
Over the following few weeks critical milestones in the restoration process were completed through close collaboration between Progent team members and the client:
Conclusion
A possible business extinction catastrophe was avoided by hard-working professionals, a broad range of subject matter expertise, and close collaboration. Although in post mortem the ransomware virus attack detailed here should have been stopped with modern security systems and security best practices, user and IT administrator education, and appropriate incident response procedures for data protection and applying software patches, the reality remains that state-sponsored hackers from China, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a crypto-ransomware incident, remember that Progent's team of professionals has extensive experience in ransomware virus blocking, removal, and data disaster recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Buffalo
For ransomware recovery consulting services in the Buffalo metro area, phone Progent at