Crypto-Ransomware : Your Feared IT Nightmare
Ransomware has become a modern cyber pandemic that presents an extinction-level danger for organizations poorly prepared for an attack. Different iterations of crypto-ransomware such as Reveton, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been out in the wild for many years and continue to cause damage. Newer variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, along with additional as yet unnamed newcomers, not only encrypt online data but also infiltrate all available system backup. Data replicated to the cloud can also be corrupted. In a poorly designed system, it can render any recovery impossible and basically knocks the datacenter back to square one.
Getting back services and information following a crypto-ransomware attack becomes a race against time as the victim fights to contain the damage, remove the virus, and resume enterprise-critical operations. Because crypto-ransomware requires time to replicate across a targeted network, assaults are often launched on weekends and holidays, when successful penetrations are likely to take more time to notice. This multiplies the difficulty of quickly assembling and orchestrating a knowledgeable response team.
Progent has a range of services for protecting Chesapeake businesses from crypto-ransomware events. Among these are team education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's behavior-based threat defense to discover and quarantine day-zero malware assaults. Progent in addition offers the assistance of expert crypto-ransomware recovery professionals with the talent and commitment to rebuild a breached network as quickly as possible.
Progent's Crypto-Ransomware Restoration Help
Soon after a ransomware invasion, sending the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will respond with the needed keys to decipher any or all of your files. Kaspersky ascertained that seventeen percent of crypto-ransomware victims never restored their data even after having sent off the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms are often a few hundred thousand dollars. For larger organizations, the ransom can be in the millions. The fallback is to setup from scratch the critical components of your Information Technology environment. Without the availability of full information backups, this calls for a broad complement of IT skills, professional team management, and the capability to work continuously until the task is done.
For two decades, Progent has offered professional IT services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have attained advanced certifications in key technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience in financial systems and ERP software solutions. This breadth of expertise provides Progent the ability to quickly determine critical systems and re-organize the surviving components of your computer network system following a ransomware penetration and rebuild them into an operational network.
Progent's security team uses state-of-the-art project management applications to coordinate the complicated recovery process. Progent appreciates the importance of acting swiftly and in concert with a customer's management and Information Technology resources to assign priority to tasks and to put the most important applications back on-line as fast as humanly possible.
Customer Story: A Successful Crypto-Ransomware Attack Response
A customer engaged Progent after their network was crashed by Ryuk crypto-ransomware. Ryuk is generally considered to have been created by North Korean state sponsored hackers, suspected of adopting strategies leaked from the U.S. National Security Agency. Ryuk goes after specific businesses with little or no tolerance for disruption and is one of the most lucrative iterations of ransomware. High publicized targets include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturer based in Chicago and has around 500 workers. The Ryuk penetration had paralyzed all essential operations and manufacturing processes. Most of the client's information backups had been on-line at the start of the attack and were eventually encrypted. The client was actively seeking loans for paying the ransom demand (more than two hundred thousand dollars) and wishfully thinking for good luck, but ultimately made the decision to use Progent.
Progent worked hand in hand the client to quickly determine and assign priority to the key services that needed to be addressed in order to restart business functions:
Within 48 hours, Progent was able to restore Windows Active Directory to its pre-intrusion state. Progent then assisted with rebuilding and storage recovery of mission critical servers. All Exchange data and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was able to locate local OST data files (Microsoft Outlook Off-Line Folder Files) on team PCs in order to recover email messages. A not too old offline backup of the customer's accounting/MRP systems made them able to return these essential applications back online. Although significant work remained to recover completely from the Ryuk attack, critical services were returned to operations quickly:
Over the following month critical milestones in the recovery process were achieved in tight cooperation between Progent engineers and the client:
Conclusion
A probable business-killing catastrophe was avoided by results-oriented experts, a wide spectrum of knowledge, and close teamwork. Although in analyzing the event afterwards the ransomware penetration described here could have been disabled with advanced security technology solutions and recognized best practices, staff training, and appropriate security procedures for information protection and proper patching controls, the reality is that government-sponsored cybercriminals from Russia, China and elsewhere are relentless and are not going away. If you do get hit by a ransomware incursion, remember that Progent's roster of experts has a proven track record in crypto-ransomware virus defense, mitigation, and data disaster recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Expertise in Chesapeake
For ransomware recovery consulting in the Chesapeake area, call Progent at