Ransomware : Your Feared Information Technology Disaster
Crypto-Ransomware has become an escalating cyberplague that presents an existential threat for businesses poorly prepared for an assault. Versions of crypto-ransomware such as Dharma, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been running rampant for many years and continue to cause harm. Newer strains of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, plus more unnamed newcomers, not only perform encryption of online data but also infect any configured system protection mechanisms. Data replicated to cloud environments can also be rendered useless. In a poorly designed environment, this can render automatic restore operations impossible and effectively knocks the datacenter back to zero.
Retrieving applications and information after a crypto-ransomware outage becomes a race against time as the targeted business fights to stop lateral movement, remove the crypto-ransomware, and resume business-critical activity. Since ransomware takes time to spread across a targeted network, assaults are often launched during nights and weekends, when penetrations are likely to take more time to detect. This compounds the difficulty of promptly assembling and coordinating a capable response team.
Progent offers a range of help services for protecting Cabo Frio enterprises from ransomware penetrations. These include staff education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to identify and suppress day-zero modern malware attacks. Progent in addition offers the assistance of seasoned crypto-ransomware recovery consultants with the skills and commitment to reconstruct a compromised environment as urgently as possible.
Progent's Ransomware Recovery Services
After a ransomware penetration, paying the ransom in cryptocurrency does not ensure that cyber hackers will respond with the needed codes to unencrypt any or all of your information. Kaspersky Labs estimated that 17% of ransomware victims never restored their files after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms are often a few hundred thousand dollars. For larger enterprises, the ransom demand can reach millions. The alternative is to setup from scratch the key components of your Information Technology environment. Without access to complete system backups, this requires a wide range of IT skills, top notch team management, and the ability to work 24x7 until the task is over.
For two decades, Progent has made available professional Information Technology services for companies throughout the U.S. and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned high-level certifications in foundation technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have garnered internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has expertise in financial management and ERP applications. This breadth of experience affords Progent the skills to quickly ascertain important systems and re-organize the surviving components of your IT system after a crypto-ransomware penetration and configure them into a functioning system.
Progent's ransomware group uses top notch project management systems to coordinate the sophisticated recovery process. Progent understands the importance of working quickly and together with a customer's management and IT team members to assign priority to tasks and to get essential services back online as fast as humanly possible.
Business Case Study: A Successful Ransomware Attack Response
A small business contacted Progent after their company was taken over by Ryuk ransomware. Ryuk is believed to have been created by North Korean government sponsored cybercriminals, suspected of adopting technology leaked from the United States NSA organization. Ryuk attacks specific companies with limited room for operational disruption and is one of the most lucrative versions of ransomware viruses. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturer headquartered in Chicago and has about 500 employees. The Ryuk penetration had brought down all essential operations and manufacturing processes. The majority of the client's data backups had been on-line at the start of the intrusion and were eventually encrypted. The client considered paying the ransom (exceeding $200K) and hoping for the best, but in the end utilized Progent.
Progent worked with the customer to quickly determine and assign priority to the critical services that needed to be recovered in order to restart company functions:
In less than 2 days, Progent was able to rebuild Active Directory services to its pre-attack state. Progent then charged ahead with reinstallations and hard drive recovery of essential servers. All Exchange ties and configuration information were intact, which accelerated the rebuild of Exchange. Progent was also able to assemble local OST files (Outlook Off-Line Folder Files) on team PCs in order to recover email information. A recent off-line backup of the businesses manufacturing systems made them able to recover these essential applications back on-line. Although a large amount of work was left to recover completely from the Ryuk event, critical services were restored quickly:
Over the next month critical milestones in the recovery project were made through tight cooperation between Progent engineers and the customer:
Conclusion
A probable enterprise-killing disaster was evaded due to dedicated experts, a broad spectrum of knowledge, and close teamwork. Although upon completion of forensics the ransomware incident detailed here would have been disabled with up-to-date cyber security technology solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, team education, and well thought out security procedures for data protection and proper patching controls, the reality remains that government-sponsored hackers from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do get hit by a ransomware attack, remember that Progent's roster of professionals has proven experience in ransomware virus blocking, remediation, and data restoration.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Cabo Frio
For ransomware system restoration consulting services in the Cabo Frio metro area, call Progent at