Ransomware : Your Worst IT Disaster
Ransomware has become a too-frequent cyberplague that poses an extinction-level danger for businesses of all sizes vulnerable to an assault. Different versions of ransomware such as Dharma, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been out in the wild for years and continue to cause harm. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with additional as yet unnamed viruses, not only perform encryption of online data files but also infiltrate any configured system backups. Data synched to the cloud can also be encrypted. In a poorly designed system, it can render automated restore operations useless and effectively sets the datacenter back to square one.
Restoring applications and information after a ransomware intrusion becomes a sprint against time as the targeted organization tries its best to contain, eradicate the ransomware, and restore business-critical activity. Due to the fact that ransomware takes time to replicate throughout a network, assaults are often sprung on weekends and holidays, when penetrations are likely to take longer to discover. This multiplies the difficulty of promptly marshalling and orchestrating a knowledgeable response team.
Progent offers a variety of support services for protecting Charleston businesses from crypto-ransomware events. Among these are team member training to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based threat defense to identify and suppress day-zero modern malware assaults. Progent in addition offers the assistance of seasoned ransomware recovery consultants with the track record and commitment to rebuild a breached environment as urgently as possible.
Progent's Ransomware Restoration Services
Subsequent to a ransomware attack, even paying the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will provide the keys to decrypt any or all of your data. Kaspersky estimated that 17% of ransomware victims never restored their files after having sent off the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The fallback is to piece back together the essential components of your Information Technology environment. Absent the availability of complete information backups, this requires a broad range of skills, top notch team management, and the capability to work continuously until the recovery project is finished.
For decades, Progent has offered professional IT services for companies across the US and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned high-level industry certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security consultants have garnered internationally-recognized industry certifications including CISM, CISSP-ISSAP, ISACA CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience in financial management and ERP applications. This breadth of expertise affords Progent the skills to knowledgably determine important systems and consolidate the remaining components of your computer network system after a ransomware event and rebuild them into a functioning system.
Progent's ransomware group utilizes powerful project management applications to coordinate the sophisticated recovery process. Progent appreciates the urgency of acting swiftly and in unison with a client's management and Information Technology resources to assign priority to tasks and to get the most important systems back online as fast as possible.
Client Story: A Successful Ransomware Incident Recovery
A business escalated to Progent after their organization was brought down by the Ryuk ransomware virus. Ryuk is believed to have been developed by North Korean state cybercriminals, possibly using algorithms exposed from America's NSA organization. Ryuk goes after specific businesses with limited room for disruption and is among the most profitable versions of ransomware malware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a single-location manufacturer based in the Chicago metro area with around 500 workers. The Ryuk intrusion had shut down all essential operations and manufacturing capabilities. The majority of the client's backups had been online at the time of the intrusion and were damaged. The client was evaluating paying the ransom demand (more than $200,000) and hoping for the best, but in the end engaged Progent.
Progent worked with the client to rapidly get our arms around and prioritize the most important areas that needed to be addressed to make it possible to continue departmental functions:
Within 48 hours, Progent was able to rebuild Active Directory services to its pre-intrusion state. Progent then accomplished rebuilding and hard drive recovery on key applications. All Exchange schema and attributes were usable, which facilitated the rebuild of Exchange. Progent was also able to collect local OST files (Microsoft Outlook Offline Folder Files) on staff workstations to recover mail information. A recent off-line backup of the businesses manufacturing software made them able to restore these required applications back online. Although a lot of work was left to recover completely from the Ryuk virus, core services were returned to operations quickly:
Throughout the next couple of weeks critical milestones in the restoration process were achieved in tight collaboration between Progent engineers and the client:
Conclusion
A probable business extinction disaster was dodged through the efforts of hard-working professionals, a wide range of IT skills, and close collaboration. Although in retrospect the crypto-ransomware virus incident detailed here should have been identified and prevented with current security systems and recognized best practices, staff training, and properly executed security procedures for information backup and keeping systems up to date with security patches, the reality remains that government-sponsored cybercriminals from China, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware incident, remember that Progent's team of experts has a proven track record in ransomware virus defense, removal, and information systems disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting in Charleston
For ransomware system recovery services in the Charleston metro area, phone Progent at