Crypto-Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become a too-frequent cyber pandemic that poses an extinction-level threat for businesses unprepared for an assault. Different iterations of ransomware such as Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been out in the wild for many years and still cause havoc. More recent versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, as well as more as yet unnamed viruses, not only encrypt on-line information but also infiltrate all configured system protection. Files synchronized to off-site disaster recovery sites can also be corrupted. In a vulnerable data protection solution, it can make automatic recovery useless and basically sets the datacenter back to square one.
Recovering programs and information following a ransomware attack becomes a sprint against the clock as the victim struggles to stop lateral movement and clear the virus and to resume business-critical operations. Because ransomware takes time to move laterally, penetrations are frequently launched on weekends, when attacks tend to take longer to notice. This multiplies the difficulty of rapidly assembling and orchestrating a knowledgeable mitigation team.
Progent provides a range of services for securing Chatsworth businesses from crypto-ransomware penetrations. Among these are team training to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for remote monitoring and management, along with installation of the latest generation security solutions with AI capabilities to automatically discover and quarantine new threats. Progent in addition can provide the assistance of seasoned ransomware recovery professionals with the track record and perseverance to re-deploy a breached system as rapidly as possible.
Progent's Crypto-Ransomware Recovery Support Services
After a crypto-ransomware event, sending the ransom in Bitcoin cryptocurrency does not provide any assurance that merciless criminals will respond with the codes to decrypt all your files. Kaspersky ascertained that 17% of ransomware victims never restored their data after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the usual ransomware demands, which ZDNET estimated to be around $13,000 for small organizations. The other path is to piece back together the essential elements of your IT environment. Without the availability of complete information backups, this calls for a broad range of IT skills, professional team management, and the willingness to work 24x7 until the task is finished.
For decades, Progent has made available certified expert IT services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned high-level industry certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have earned internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent also has experience in financial management and ERP application software. This breadth of experience provides Progent the skills to rapidly understand critical systems and integrate the surviving components of your computer network environment after a crypto-ransomware event and configure them into a functioning system.
Progent's recovery group utilizes best of breed project management applications to orchestrate the complicated recovery process. Progent appreciates the importance of acting rapidly and in unison with a client's management and Information Technology resources to prioritize tasks and to get key services back on line as soon as possible.
Case Study: A Successful Ransomware Attack Restoration
A business engaged Progent after their organization was attacked by the Ryuk crypto-ransomware. Ryuk is believed to have been deployed by Northern Korean state criminal gangs, possibly using approaches leaked from America’s National Security Agency. Ryuk targets specific businesses with little or no ability to sustain disruption and is one of the most lucrative versions of ransomware. High publicized organizations include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing business headquartered in Chicago and has about 500 staff members. The Ryuk event had shut down all business operations and manufacturing capabilities. The majority of the client's backups had been directly accessible at the beginning of the attack and were eventually encrypted. The client was taking steps for paying the ransom demand (more than $200K) and praying for good luck, but ultimately brought in Progent.
Progent worked together with the client to rapidly assess and prioritize the critical elements that had to be addressed to make it possible to continue company functions:
Within 48 hours, Progent was able to restore Windows Active Directory to its pre-attack state. Progent then performed rebuilding and storage recovery of critical servers. All Exchange data and attributes were intact, which greatly helped the rebuild of Exchange. Progent was also able to locate intact OST data files (Outlook Email Offline Folder Files) on user workstations and laptops to recover email data. A recent offline backup of the client's accounting/ERP systems made it possible to recover these required programs back available to users. Although major work remained to recover completely from the Ryuk attack, core services were recovered quickly:
During the following few weeks critical milestones in the restoration project were made through tight collaboration between Progent engineers and the client:
Conclusion
A likely business-ending catastrophe was avoided by results-oriented professionals, a broad spectrum of IT skills, and tight collaboration. Although in post mortem the ransomware virus penetration described here should have been shut down with modern cyber security solutions and recognized best practices, staff education, and properly executed incident response procedures for information protection and proper patching controls, the reality is that state-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a ransomware attack, feel confident that Progent's roster of experts has a proven track record in ransomware virus defense, mitigation, and data restoration.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting Services in Chatsworth
For ransomware recovery consulting in the Chatsworth metro area, call Progent at