Ransomware : Your Crippling IT Catastrophe
Ransomware has become an escalating cyber pandemic that represents an enterprise-level threat for organizations poorly prepared for an assault. Multiple generations of ransomware such as Reveton, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for a long time and still cause harm. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as frequent unnamed newcomers, not only encrypt on-line critical data but also infiltrate many configured system restores and backups. Information synched to the cloud can also be encrypted. In a poorly architected environment, this can make any recovery useless and effectively sets the network back to zero.
Getting back on-line applications and information following a ransomware attack becomes a race against time as the targeted organization tries its best to contain, remove the ransomware, and resume business-critical operations. Since crypto-ransomware takes time to spread across a network, penetrations are frequently launched on weekends and holidays, when successful penetrations in many cases take longer to recognize. This multiplies the difficulty of rapidly marshalling and orchestrating an experienced response team.
Progent provides a variety of solutions for protecting Clearwater businesses from ransomware events. Among these are team education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to discover and suppress day-zero malware assaults. Progent in addition provides the assistance of experienced ransomware recovery engineers with the track record and perseverance to restore a compromised environment as quickly as possible.
Progent's Ransomware Recovery Support Services
Following a ransomware invasion, paying the ransom in cryptocurrency does not guarantee that cyber criminals will respond with the needed keys to decrypt any or all of your data. Kaspersky ascertained that 17% of crypto-ransomware victims never recovered their files even after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The fallback is to setup from scratch the critical parts of your Information Technology environment. Without the availability of full information backups, this requires a broad range of skills, professional project management, and the willingness to work non-stop until the task is completed.
For twenty years, Progent has provided certified expert Information Technology services for businesses throughout the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have been awarded top industry certifications in foundation technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security engineers have garnered internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience with financial systems and ERP applications. This breadth of experience affords Progent the skills to quickly understand necessary systems and integrate the remaining pieces of your IT system after a crypto-ransomware attack and assemble them into an operational system.
Progent's ransomware team of experts utilizes best of breed project management systems to orchestrate the sophisticated restoration process. Progent understands the importance of acting quickly and in concert with a client's management and Information Technology resources to prioritize tasks and to put the most important applications back on-line as fast as possible.
Client Case Study: A Successful Crypto-Ransomware Attack Response
A small business sought out Progent after their company was attacked by Ryuk ransomware virus. Ryuk is thought to have been created by North Korean state cybercriminals, possibly using strategies exposed from America's National Security Agency. Ryuk attacks specific organizations with little tolerance for operational disruption and is among the most profitable incarnations of ransomware. Headline organizations include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturing business located in Chicago and has around 500 workers. The Ryuk intrusion had disabled all business operations and manufacturing processes. The majority of the client's information backups had been on-line at the beginning of the attack and were destroyed. The client was taking steps for paying the ransom demand (exceeding two hundred thousand dollars) and hoping for the best, but ultimately engaged Progent.
Progent worked hand in hand the client to rapidly assess and assign priority to the most important systems that needed to be restored to make it possible to restart company functions:
In less than two days, Progent was able to rebuild Windows Active Directory to its pre-penetration state. Progent then accomplished reinstallations and hard drive recovery of needed applications. All Exchange data and attributes were usable, which greatly helped the restore of Exchange. Progent was able to assemble local OST files (Outlook Email Offline Data Files) on user workstations to recover email messages. A recent off-line backup of the customer's financials/MRP systems made them able to recover these required services back available to users. Although major work still had to be done to recover fully from the Ryuk attack, core systems were returned to operations rapidly:
Throughout the following few weeks key milestones in the recovery project were completed through tight collaboration between Progent engineers and the customer:
Conclusion
A probable business-ending disaster was averted by results-oriented experts, a broad spectrum of subject matter expertise, and tight teamwork. Although in hindsight the ransomware penetration detailed here would have been identified and blocked with up-to-date security systems and security best practices, user and IT administrator training, and well designed incident response procedures for information backup and applying software patches, the reality remains that state-sponsored cybercriminals from China, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a ransomware penetration, remember that Progent's roster of professionals has substantial experience in ransomware virus defense, cleanup, and file disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Clearwater
For ransomware system recovery services in the Clearwater metro area, call Progent at