Ransomware : Your Crippling IT Nightmare
Crypto-Ransomware has become a modern cyber pandemic that presents an existential danger for organizations poorly prepared for an assault. Multiple generations of crypto-ransomware like the Reveton, WannaCry, Locky, Syskey and MongoLock cryptoworms have been around for many years and still inflict havoc. More recent variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, along with daily as yet unnamed malware, not only do encryption of online critical data but also infiltrate any configured system protection mechanisms. Files replicated to cloud environments can also be rendered useless. In a poorly designed environment, it can render automated restoration impossible and basically knocks the entire system back to zero.
Getting back online applications and data following a ransomware event becomes a race against the clock as the targeted business tries its best to stop lateral movement and remove the ransomware and to resume business-critical operations. Due to the fact that ransomware takes time to move laterally, penetrations are often launched on weekends, when attacks in many cases take longer to uncover. This multiplies the difficulty of rapidly mobilizing and organizing a knowledgeable response team.
Progent offers an assortment of services for securing Chatsworth organizations from crypto-ransomware attacks. Among these are staff training to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based threat protection to identify and suppress zero-day malware attacks. Progent also can provide the services of veteran ransomware recovery professionals with the track record and commitment to reconstruct a compromised environment as urgently as possible.
Progent's Ransomware Restoration Services
Subsequent to a crypto-ransomware attack, sending the ransom in Bitcoin cryptocurrency does not ensure that cyber criminals will return the needed keys to decrypt all your files. Kaspersky Labs estimated that seventeen percent of ransomware victims never recovered their information after having paid the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the usual crypto-ransomware demands, which ZDNET determined to be approximately $13,000 for smaller businesses. The alternative is to setup from scratch the critical parts of your Information Technology environment. Without access to complete data backups, this requires a broad range of IT skills, well-coordinated team management, and the capability to work non-stop until the job is finished.
For decades, Progent has provided certified expert IT services for companies across the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have been awarded advanced certifications in leading technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally-renowned certifications including CISA, CISSP, CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has expertise with financial systems and ERP applications. This breadth of experience gives Progent the skills to knowledgably understand necessary systems and integrate the remaining parts of your network system after a ransomware penetration and configure them into a functioning system.
Progent's security group utilizes state-of-the-art project management tools to orchestrate the complex recovery process. Progent knows the urgency of acting swiftly and in concert with a customer's management and IT staff to prioritize tasks and to get the most important systems back online as soon as humanly possible.
Customer Case Study: A Successful Crypto-Ransomware Virus Recovery
A customer escalated to Progent after their organization was attacked by the Ryuk ransomware. Ryuk is generally considered to have been created by Northern Korean state criminal gangs, suspected of adopting strategies leaked from the U.S. National Security Agency. Ryuk seeks specific businesses with limited room for operational disruption and is one of the most profitable incarnations of crypto-ransomware. Major victims include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a small manufacturing business headquartered in the Chicago metro area with about 500 employees. The Ryuk event had paralyzed all company operations and manufacturing processes. The majority of the client's data backups had been on-line at the start of the attack and were eventually encrypted. The client was evaluating paying the ransom demand (more than two hundred thousand dollars) and hoping for good luck, but ultimately engaged Progent.
Progent worked hand in hand the client to quickly identify and prioritize the key applications that had to be recovered to make it possible to restart departmental operations:
In less than 48 hours, Progent was able to re-build Active Directory to its pre-virus state. Progent then assisted with setup and storage recovery on needed applications. All Exchange data and configuration information were usable, which accelerated the restore of Exchange. Progent was also able to locate local OST files (Microsoft Outlook Offline Folder Files) on various PCs to recover mail messages. A recent offline backup of the businesses accounting/ERP systems made them able to restore these vital services back on-line. Although major work still had to be done to recover totally from the Ryuk event, critical services were restored quickly:
Over the next few weeks important milestones in the restoration project were made through close collaboration between Progent engineers and the client:
Conclusion
A possible business disaster was dodged through the efforts of top-tier experts, a broad range of technical expertise, and close teamwork. Although in hindsight the crypto-ransomware attack detailed here could have been stopped with modern security solutions and NIST Cybersecurity Framework best practices, staff training, and appropriate security procedures for data protection and keeping systems up to date with security patches, the reality is that government-sponsored hackers from China, North Korea and elsewhere are relentless and will continue. If you do fall victim to a ransomware incursion, feel confident that Progent's team of professionals has proven experience in ransomware virus blocking, cleanup, and file recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting in Chatsworth
For ransomware system recovery consulting services in the Chatsworth area, phone Progent at