Ransomware : Your Worst IT Nightmare
Ransomware has become a too-frequent cyberplague that presents an existential danger for businesses of all sizes unprepared for an attack. Different iterations of ransomware like the Reveton, WannaCry, Locky, Syskey and MongoLock cryptoworms have been out in the wild for years and continue to inflict destruction. More recent versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, plus additional as yet unnamed newcomers, not only perform encryption of online critical data but also infect any accessible system backups. Information synchronized to cloud environments can also be ransomed. In a poorly designed environment, it can make automated restoration useless and basically knocks the datacenter back to square one.
Recovering services and information following a ransomware outage becomes a race against the clock as the targeted business struggles to stop lateral movement, eradicate the crypto-ransomware, and restore mission-critical operations. Because ransomware needs time to spread across a network, attacks are frequently sprung on weekends and holidays, when attacks tend to take longer to uncover. This compounds the difficulty of rapidly mobilizing and organizing a knowledgeable response team.
Progent offers a range of help services for securing Cabo Frio organizations from ransomware attacks. Among these are user training to help recognize and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat defense to discover and suppress zero-day malware attacks. Progent also can provide the services of expert ransomware recovery engineers with the track record and commitment to reconstruct a breached network as soon as possible.
Progent's Crypto-Ransomware Restoration Support Services
Soon after a crypto-ransomware penetration, paying the ransom demands in cryptocurrency does not guarantee that cyber criminals will return the keys to unencrypt any or all of your data. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their data after having sent off the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms are often several hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions of dollars. The other path is to re-install the vital elements of your IT environment. Without access to full system backups, this calls for a wide complement of IT skills, professional team management, and the ability to work 24x7 until the task is over.
For twenty years, Progent has provided expert Information Technology services for businesses across the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned top certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have garnered internationally-renowned industry certifications including CISA, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has expertise in financial management and ERP application software. This breadth of expertise affords Progent the capability to rapidly understand important systems and integrate the remaining parts of your network system following a ransomware event and configure them into a functioning system.
Progent's ransomware team of experts uses powerful project management systems to coordinate the complex restoration process. Progent appreciates the urgency of working quickly and together with a client's management and IT team members to assign priority to tasks and to put critical systems back online as fast as possible.
Customer Case Study: A Successful Ransomware Attack Recovery
A customer contacted Progent after their organization was brought down by Ryuk ransomware. Ryuk is generally considered to have been developed by North Korean state sponsored hackers, possibly using techniques leaked from the United States NSA organization. Ryuk targets specific organizations with limited room for operational disruption and is among the most profitable incarnations of ransomware viruses. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturing company based in the Chicago metro area with about 500 employees. The Ryuk penetration had paralyzed all essential operations and manufacturing capabilities. The majority of the client's information backups had been on-line at the time of the attack and were eventually encrypted. The client was taking steps for paying the ransom (in excess of two hundred thousand dollars) and praying for the best, but in the end utilized Progent.
Progent worked together with the client to rapidly identify and prioritize the critical services that had to be restored to make it possible to resume business operations:
In less than 48 hours, Progent was able to restore Active Directory to its pre-penetration state. Progent then helped perform reinstallations and storage recovery of the most important systems. All Exchange Server data and attributes were usable, which facilitated the rebuild of Exchange. Progent was able to assemble non-encrypted OST data files (Outlook Offline Folder Files) on staff desktop computers in order to recover email messages. A not too old off-line backup of the customer's manufacturing systems made it possible to return these required services back servicing users. Although significant work still had to be done to recover fully from the Ryuk event, critical systems were returned to operations rapidly:
Over the following couple of weeks key milestones in the recovery project were accomplished through close collaboration between Progent team members and the client:
Conclusion
A possible company-ending disaster was avoided due to hard-working experts, a broad spectrum of subject matter expertise, and close collaboration. Although in hindsight the crypto-ransomware virus incident detailed here would have been prevented with current cyber security systems and best practices, user and IT administrator education, and properly executed incident response procedures for data protection and keeping systems up to date with security patches, the reality remains that state-sponsored hackers from Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a ransomware attack, remember that Progent's roster of professionals has proven experience in crypto-ransomware virus defense, remediation, and file disaster recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Cabo Frio
For ransomware cleanup consulting services in the Cabo Frio area, phone Progent at