Ransomware : Your Worst Information Technology Nightmare
Crypto-Ransomware has become an escalating cyberplague that represents an enterprise-level threat for businesses poorly prepared for an assault. Versions of ransomware such as CryptoLocker, WannaCry, Locky, SamSam and MongoLock cryptoworms have been out in the wild for years and still inflict destruction. Newer variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, plus more as yet unnamed viruses, not only perform encryption of online data but also infiltrate any available system restores and backups. Information synchronized to cloud environments can also be corrupted. In a vulnerable system, this can render any restore operations hopeless and basically knocks the network back to square one.
Getting back online applications and data after a ransomware attack becomes a sprint against time as the targeted business struggles to contain the damage, eradicate the ransomware, and resume enterprise-critical operations. Due to the fact that ransomware takes time to replicate throughout a targeted network, assaults are frequently sprung during nights and weekends, when successful penetrations are likely to take longer to detect. This compounds the difficulty of promptly assembling and organizing a capable response team.
Progent offers a range of solutions for securing Cabo Frio organizations from crypto-ransomware penetrations. Among these are staff training to become familiar with and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based cyberthreat protection to identify and suppress zero-day malware attacks. Progent in addition can provide the assistance of seasoned crypto-ransomware recovery engineers with the talent and perseverance to re-deploy a compromised environment as rapidly as possible.
Progent's Crypto-Ransomware Recovery Services
After a ransomware event, paying the ransom in cryptocurrency does not provide any assurance that distant criminals will provide the keys to unencrypt any or all of your data. Kaspersky determined that 17% of crypto-ransomware victims never recovered their data even after having paid the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms are commonly a few hundred thousand dollars. For larger organizations, the ransom can be in the millions. The fallback is to re-install the vital components of your Information Technology environment. Without access to full data backups, this calls for a broad complement of skill sets, professional project management, and the ability to work non-stop until the recovery project is over.
For decades, Progent has made available professional Information Technology services for companies throughout the US and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have been awarded high-level industry certifications in key technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have earned internationally-recognized certifications including CISM, CISSP-ISSAP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience with accounting and ERP software solutions. This breadth of expertise provides Progent the skills to rapidly identify necessary systems and re-organize the surviving components of your computer network environment after a ransomware attack and configure them into an operational network.
Progent's ransomware team of experts deploys best of breed project management systems to orchestrate the complicated recovery process. Progent knows the urgency of acting swiftly and in unison with a customer's management and IT team members to assign priority to tasks and to get essential applications back on-line as soon as possible.
Client Story: A Successful Ransomware Intrusion Response
A small business hired Progent after their company was attacked by Ryuk crypto-ransomware. Ryuk is believed to have been developed by North Korean state cybercriminals, suspected of adopting approaches exposed from the U.S. NSA organization. Ryuk targets specific companies with little or no ability to sustain disruption and is one of the most lucrative iterations of crypto-ransomware. High publicized victims include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturer headquartered in the Chicago metro area with around 500 workers. The Ryuk penetration had brought down all company operations and manufacturing processes. The majority of the client's data protection had been directly accessible at the time of the intrusion and were eventually encrypted. The client considered paying the ransom (exceeding $200K) and wishfully thinking for good luck, but ultimately called Progent.
Progent worked together with the client to rapidly determine and assign priority to the mission critical elements that needed to be addressed in order to resume business operations:
Within 2 days, Progent was able to rebuild Windows Active Directory to its pre-virus state. Progent then performed setup and storage recovery on critical servers. All Microsoft Exchange Server ties and attributes were usable, which greatly helped the restore of Exchange. Progent was also able to collect non-encrypted OST files (Outlook Email Offline Folder Files) on staff desktop computers and laptops in order to recover email information. A not too old offline backup of the client's financials/ERP software made it possible to recover these required programs back servicing users. Although major work needed to be completed to recover totally from the Ryuk damage, critical services were restored quickly:
During the following couple of weeks important milestones in the restoration project were made through close collaboration between Progent engineers and the client:
Conclusion
A potential business-killing disaster was dodged with dedicated professionals, a broad spectrum of IT skills, and tight collaboration. Although in post mortem the crypto-ransomware virus incident detailed here would have been identified and prevented with current cyber security technology and best practices, user education, and appropriate security procedures for information protection and keeping systems up to date with security patches, the reality remains that government-sponsored cybercriminals from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a crypto-ransomware penetration, feel confident that Progent's roster of experts has substantial experience in ransomware virus defense, removal, and information systems restoration.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting in Cabo Frio
For ransomware recovery consulting in the Cabo Frio metro area, call Progent at