Ransomware : Your Feared Information Technology Disaster
Crypto-Ransomware has become a too-frequent cyberplague that poses an existential threat for businesses of all sizes poorly prepared for an assault. Different versions of ransomware like the Reveton, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for years and still cause havoc. More recent variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, along with additional unnamed malware, not only do encryption of online critical data but also infiltrate all configured system backups. Files synchronized to off-site disaster recovery sites can also be encrypted. In a vulnerable data protection solution, it can render automated recovery impossible and effectively knocks the entire system back to zero.
Getting back programs and data after a ransomware attack becomes a race against the clock as the targeted organization fights to contain and eradicate the virus and to restore mission-critical operations. Because ransomware takes time to spread, assaults are often sprung during weekends and nights, when successful penetrations are likely to take more time to detect. This multiplies the difficulty of quickly assembling and organizing a capable mitigation team.
Progent makes available a variety of help services for protecting Clearwater enterprises from ransomware events. Among these are team member training to help recognize and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based cyberthreat defense to discover and quarantine day-zero modern malware assaults. Progent in addition can provide the assistance of veteran ransomware recovery engineers with the skills and perseverance to restore a compromised environment as rapidly as possible.
Progent's Crypto-Ransomware Restoration Services
Following a ransomware event, even paying the ransom in Bitcoin cryptocurrency does not ensure that merciless criminals will return the keys to unencrypt any or all of your data. Kaspersky determined that seventeen percent of crypto-ransomware victims never restored their data after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is significantly above the average ransomware demands, which ZDNET estimated to be around $13,000 for small businesses. The alternative is to setup from scratch the essential parts of your IT environment. Without the availability of complete data backups, this requires a broad complement of IT skills, well-coordinated project management, and the willingness to work non-stop until the task is finished.
For two decades, Progent has offered professional IT services for companies across the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have earned high-level certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have earned internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has expertise with financial management and ERP software solutions. This breadth of expertise affords Progent the skills to knowledgably determine critical systems and re-organize the remaining pieces of your Information Technology environment after a ransomware attack and assemble them into a functioning network.
Progent's security group has state-of-the-art project management applications to orchestrate the complex restoration process. Progent appreciates the importance of working rapidly and in unison with a customer's management and IT resources to assign priority to tasks and to get the most important systems back on-line as soon as humanly possible.
Client Case Study: A Successful Ransomware Incident Recovery
A client engaged Progent after their company was brought down by Ryuk ransomware. Ryuk is generally considered to have been launched by Northern Korean state sponsored cybercriminals, suspected of adopting algorithms exposed from the U.S. National Security Agency. Ryuk goes after specific companies with little ability to sustain operational disruption and is one of the most lucrative versions of crypto-ransomware. Well Known victims include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturing company located in Chicago and has around 500 staff members. The Ryuk attack had paralyzed all business operations and manufacturing capabilities. Most of the client's information backups had been online at the start of the intrusion and were destroyed. The client was taking steps for paying the ransom demand (exceeding two hundred thousand dollars) and praying for good luck, but in the end brought in Progent.
Progent worked together with the customer to rapidly determine and assign priority to the key systems that needed to be recovered in order to continue company operations:
In less than 2 days, Progent was able to recover Active Directory to its pre-penetration state. Progent then charged ahead with setup and hard drive recovery on the most important servers. All Exchange Server schema and configuration information were intact, which greatly helped the rebuild of Exchange. Progent was able to assemble intact OST data files (Outlook Email Off-Line Folder Files) on user desktop computers in order to recover mail data. A not too old offline backup of the businesses financials/ERP software made it possible to restore these vital programs back online for users. Although a large amount of work was left to recover totally from the Ryuk damage, essential services were recovered quickly:
Over the following month key milestones in the restoration project were completed through tight collaboration between Progent team members and the client:
Conclusion
A potential business-killing catastrophe was evaded through the efforts of top-tier experts, a broad range of technical expertise, and close collaboration. Although in post mortem the crypto-ransomware virus incident described here should have been stopped with advanced security technology and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user training, and properly executed security procedures for data backup and keeping systems up to date with security patches, the reality remains that government-sponsored cybercriminals from Russia, China and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware incident, feel confident that Progent's roster of professionals has extensive experience in ransomware virus defense, remediation, and information systems recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Clearwater
For ransomware cleanup consulting in the Clearwater metro area, call Progent at