Crypto-Ransomware : Your Feared IT Catastrophe
Ransomware has become an escalating cyber pandemic that presents an extinction-level threat for organizations unprepared for an attack. Versions of crypto-ransomware like the CryptoLocker, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been running rampant for a long time and continue to cause destruction. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, plus more unnamed newcomers, not only encrypt online information but also infect any configured system protection mechanisms. Data synched to off-site disaster recovery sites can also be ransomed. In a vulnerable data protection solution, it can render any restoration useless and effectively sets the datacenter back to square one.
Getting back on-line applications and data following a crypto-ransomware event becomes a sprint against time as the victim struggles to stop the spread and clear the virus and to resume business-critical operations. Due to the fact that ransomware needs time to spread, attacks are often launched during weekends and nights, when successful penetrations are likely to take more time to recognize. This multiplies the difficulty of rapidly marshalling and orchestrating a qualified mitigation team.
Progent makes available a variety of services for securing Cabo Frio organizations from ransomware attacks. These include team education to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat protection to identify and extinguish zero-day malware assaults. Progent also can provide the services of veteran crypto-ransomware recovery consultants with the skills and commitment to restore a compromised network as urgently as possible.
Progent's Ransomware Recovery Services
Following a ransomware attack, sending the ransom demands in cryptocurrency does not ensure that distant criminals will respond with the needed keys to decrypt all your data. Kaspersky Labs determined that 17% of ransomware victims never restored their data even after having sent off the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is greatly above the usual ransomware demands, which ZDNET estimated to be in the range of $13,000 for small organizations. The fallback is to re-install the key components of your IT environment. Without access to essential data backups, this requires a wide complement of skill sets, well-coordinated team management, and the willingness to work continuously until the task is complete.
For decades, Progent has offered professional Information Technology services for companies throughout the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes consultants who have been awarded top certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have garnered internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (Refer to Progent's certifications). Progent also has experience with financial management and ERP application software. This breadth of experience gives Progent the skills to rapidly understand important systems and consolidate the remaining parts of your computer network system after a ransomware attack and rebuild them into a functioning system.
Progent's recovery team of experts deploys state-of-the-art project management systems to orchestrate the complicated recovery process. Progent knows the urgency of working quickly and together with a client's management and IT resources to assign priority to tasks and to put essential systems back online as soon as humanly possible.
Client Case Study: A Successful Ransomware Penetration Recovery
A small business escalated to Progent after their organization was penetrated by the Ryuk ransomware. Ryuk is generally considered to have been deployed by North Korean state sponsored hackers, suspected of using approaches leaked from the United States National Security Agency. Ryuk seeks specific companies with little ability to sustain operational disruption and is among the most lucrative versions of ransomware. High publicized organizations include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing business located in the Chicago metro area and has about 500 staff members. The Ryuk intrusion had frozen all company operations and manufacturing capabilities. The majority of the client's system backups had been online at the time of the intrusion and were destroyed. The client was taking steps for paying the ransom (in excess of $200,000) and praying for good luck, but ultimately brought in Progent.
Progent worked with the customer to quickly get our arms around and prioritize the key applications that had to be restored in order to continue company operations:
In less than 48 hours, Progent was able to recover Active Directory services to its pre-attack state. Progent then performed reinstallations and storage recovery on mission critical applications. All Microsoft Exchange Server ties and attributes were intact, which accelerated the restore of Exchange. Progent was able to collect intact OST data files (Microsoft Outlook Off-Line Folder Files) on staff desktop computers to recover email data. A not too old offline backup of the client's accounting systems made it possible to restore these essential services back servicing users. Although significant work remained to recover totally from the Ryuk attack, the most important services were recovered quickly:
Over the next month key milestones in the recovery process were made through close collaboration between Progent consultants and the client:
Conclusion
A probable business disaster was avoided due to hard-working experts, a broad range of IT skills, and close collaboration. Although in post mortem the crypto-ransomware virus attack detailed here would have been identified and prevented with advanced cyber security solutions and NIST Cybersecurity Framework best practices, staff education, and properly executed incident response procedures for information backup and proper patching controls, the fact is that state-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a crypto-ransomware incident, remember that Progent's team of professionals has extensive experience in crypto-ransomware virus blocking, removal, and file restoration.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Cabo Frio
For ransomware system restoration consulting services in the Cabo Frio area, phone Progent at