Crypto-Ransomware : Your Crippling IT Disaster
Ransomware has become an escalating cyberplague that presents an enterprise-level danger for businesses unprepared for an attack. Different versions of ransomware such as Reveton, Fusob, Locky, NotPetya and MongoLock cryptoworms have been circulating for many years and continue to cause damage. Modern versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, plus daily unnamed viruses, not only do encryption of on-line data but also infect most available system backup. Data synchronized to cloud environments can also be corrupted. In a poorly designed system, it can make automated restore operations impossible and effectively knocks the network back to zero.
Getting back services and data following a ransomware intrusion becomes a sprint against the clock as the targeted organization tries its best to contain and remove the virus and to restore enterprise-critical activity. Because ransomware takes time to spread, assaults are frequently sprung at night, when successful penetrations in many cases take longer to uncover. This compounds the difficulty of quickly marshalling and organizing a capable mitigation team.
Progent has a range of help services for protecting Cabo Frio organizations from ransomware events. These include staff education to help recognize and avoid phishing scams, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of next-generation security gateways with AI capabilities to rapidly discover and quarantine new threats. Progent also offers the services of expert ransomware recovery professionals with the talent and perseverance to reconstruct a compromised network as quickly as possible.
Progent's Ransomware Recovery Support Services
Soon after a crypto-ransomware event, even paying the ransom demands in cryptocurrency does not ensure that cyber hackers will provide the needed codes to decipher any of your files. Kaspersky Labs ascertained that 17% of crypto-ransomware victims never restored their information even after having sent off the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is well higher than the typical crypto-ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller organizations. The other path is to re-install the essential elements of your Information Technology environment. Absent access to essential information backups, this requires a wide complement of skills, professional team management, and the ability to work non-stop until the recovery project is finished.
For two decades, Progent has provided certified expert Information Technology services for businesses throughout the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded top industry certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have garnered internationally-recognized industry certifications including CISA, CISSP-ISSAP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has experience with financial systems and ERP applications. This breadth of experience gives Progent the capability to rapidly identify critical systems and organize the surviving components of your computer network system following a crypto-ransomware event and configure them into a functioning system.
Progent's ransomware team uses best of breed project management tools to orchestrate the complicated restoration process. Progent understands the importance of acting swiftly and in concert with a client's management and Information Technology resources to assign priority to tasks and to put essential services back online as soon as possible.
Customer Case Study: A Successful Crypto-Ransomware Attack Response
A business sought out Progent after their company was taken over by Ryuk ransomware virus. Ryuk is believed to have been deployed by North Korean government sponsored criminal gangs, suspected of using technology exposed from America’s NSA organization. Ryuk attacks specific organizations with limited tolerance for disruption and is one of the most lucrative incarnations of ransomware. Headline targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturing company located in Chicago and has around 500 staff members. The Ryuk penetration had disabled all essential operations and manufacturing capabilities. Most of the client's data protection had been directly accessible at the time of the intrusion and were damaged. The client considered paying the ransom (in excess of $200,000) and hoping for the best, but in the end utilized Progent.
Progent worked together with the customer to quickly assess and prioritize the critical areas that had to be addressed in order to resume company functions:
Within 2 days, Progent was able to restore Windows Active Directory to its pre-attack state. Progent then completed setup and hard drive recovery on mission critical servers. All Exchange ties and attributes were intact, which accelerated the restore of Exchange. Progent was able to assemble non-encrypted OST files (Outlook Off-Line Folder Files) on various workstations and laptops in order to recover mail data. A recent offline backup of the customer’s accounting software made them able to recover these essential programs back servicing users. Although significant work needed to be completed to recover fully from the Ryuk attack, the most important systems were recovered rapidly:
Throughout the following couple of weeks critical milestones in the recovery project were completed in close collaboration between Progent engineers and the client:
Conclusion
A possible enterprise-killing catastrophe was avoided due to hard-working professionals, a wide array of knowledge, and close teamwork. Although in retrospect the ransomware penetration described here could have been prevented with current cyber security solutions and security best practices, user training, and well thought out incident response procedures for data backup and keeping systems up to date with security patches, the reality remains that state-sponsored hackers from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do get hit by a ransomware incursion, feel confident that Progent's team of professionals has substantial experience in crypto-ransomware virus blocking, remediation, and data disaster recovery.
Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting in Cabo Frio
For ransomware cleanup services in the Cabo Frio area, call Progent at