Ransomware : Your Worst IT Catastrophe
Ransomware has become a modern cyber pandemic that represents an enterprise-level threat for businesses vulnerable to an assault. Different iterations of ransomware such as CryptoLocker, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been running rampant for years and still cause damage. Newer versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, along with frequent unnamed malware, not only encrypt online data but also infect many configured system protection. Information replicated to off-premises disaster recovery sites can also be encrypted. In a poorly architected system, this can make any restoration hopeless and effectively sets the datacenter back to zero.
Getting back on-line programs and data following a crypto-ransomware intrusion becomes a sprint against the clock as the targeted business fights to stop lateral movement, cleanup the crypto-ransomware, and restore business-critical activity. Due to the fact that crypto-ransomware requires time to move laterally throughout a targeted network, assaults are often launched on weekends and holidays, when successful attacks tend to take longer to identify. This compounds the difficulty of rapidly assembling and organizing a capable response team.
Progent provides an assortment of help services for securing Buffalo enterprises from ransomware attacks. Among these are staff training to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based threat protection to discover and suppress zero-day malware assaults. Progent also can provide the assistance of expert ransomware recovery consultants with the track record and commitment to reconstruct a breached network as urgently as possible.
Progent's Ransomware Restoration Help
After a crypto-ransomware invasion, sending the ransom demands in cryptocurrency does not ensure that merciless criminals will provide the codes to decrypt any or all of your information. Kaspersky Labs estimated that 17% of crypto-ransomware victims never restored their information even after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms are often several hundred thousand dollars. For larger organizations, the ransom can reach millions of dollars. The alternative is to piece back together the vital elements of your Information Technology environment. Without the availability of complete data backups, this requires a broad range of skill sets, professional team management, and the capability to work 24x7 until the task is done.
For two decades, Progent has made available expert Information Technology services for companies throughout the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have attained advanced industry certifications in leading technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have earned internationally-renowned certifications including CISA, CISSP-ISSAP, ISACA CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has expertise in financial systems and ERP application software. This breadth of experience affords Progent the ability to quickly ascertain necessary systems and organize the remaining parts of your computer network system after a crypto-ransomware attack and assemble them into an operational system.
Progent's recovery team utilizes state-of-the-art project management applications to orchestrate the complex restoration process. Progent appreciates the importance of acting rapidly and in unison with a customer's management and IT resources to prioritize tasks and to put key systems back on-line as soon as humanly possible.
Client Case Study: A Successful Ransomware Attack Restoration
A business escalated to Progent after their organization was brought down by Ryuk ransomware. Ryuk is thought to have been launched by North Korean state cybercriminals, suspected of using strategies exposed from the U.S. National Security Agency. Ryuk attacks specific businesses with little room for operational disruption and is among the most lucrative incarnations of ransomware viruses. Major organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in the Chicago metro area and has about 500 employees. The Ryuk attack had shut down all company operations and manufacturing capabilities. The majority of the client's information backups had been directly accessible at the time of the attack and were eventually encrypted. The client was evaluating paying the ransom demand (in excess of $200K) and wishfully thinking for the best, but ultimately utilized Progent.
Progent worked with the customer to quickly understand and assign priority to the critical areas that needed to be addressed to make it possible to restart business functions:
In less than two days, Progent was able to re-build Active Directory to its pre-virus state. Progent then initiated setup and hard drive recovery of key systems. All Exchange schema and configuration information were usable, which accelerated the restore of Exchange. Progent was also able to collect intact OST files (Outlook Email Off-Line Data Files) on various workstations and laptops in order to recover email data. A recent off-line backup of the customer's financials/MRP software made it possible to restore these required services back available to users. Although a lot of work was left to recover fully from the Ryuk event, essential systems were restored rapidly:
Over the following couple of weeks critical milestones in the recovery project were achieved through tight cooperation between Progent team members and the customer:
Conclusion
A possible enterprise-killing catastrophe was avoided with dedicated experts, a broad spectrum of knowledge, and tight collaboration. Although in hindsight the ransomware penetration described here should have been identified and prevented with current security solutions and ISO/IEC 27001 best practices, team education, and well designed security procedures for information backup and applying software patches, the reality remains that state-sponsored hackers from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do get hit by a crypto-ransomware penetration, feel confident that Progent's roster of experts has substantial experience in ransomware virus blocking, removal, and data recovery.
Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer story, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Buffalo
For ransomware system recovery consulting services in the Buffalo area, phone Progent at