Crypto-Ransomware : Your Feared IT Catastrophe
Crypto-Ransomware has become a too-frequent cyberplague that represents an extinction-level threat for organizations unprepared for an attack. Different versions of ransomware such as CryptoLocker, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been around for a long time and continue to cause havoc. Modern strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, along with more unnamed newcomers, not only do encryption of on-line files but also infect all available system protection mechanisms. Information synched to cloud environments can also be corrupted. In a poorly designed data protection solution, this can make automated restore operations impossible and basically knocks the network back to square one.
Getting back applications and data following a crypto-ransomware event becomes a sprint against the clock as the targeted organization tries its best to contain the damage and cleanup the crypto-ransomware and to restore enterprise-critical operations. Due to the fact that ransomware takes time to spread, penetrations are usually launched at night, when penetrations in many cases take more time to notice. This multiplies the difficulty of promptly assembling and organizing a qualified response team.
Progent offers an assortment of services for protecting Clearwater organizations from ransomware penetrations. These include staff education to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based threat defense to identify and extinguish zero-day malware assaults. Progent also can provide the assistance of seasoned ransomware recovery professionals with the talent and commitment to rebuild a breached system as rapidly as possible.
Progent's Crypto-Ransomware Restoration Support Services
Soon after a ransomware penetration, sending the ransom demands in Bitcoin cryptocurrency does not provide any assurance that criminal gangs will return the codes to decipher any or all of your information. Kaspersky Labs estimated that seventeen percent of crypto-ransomware victims never restored their files even after having paid the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the average crypto-ransomware demands, which ZDNET determined to be in the range of $13,000 for small businesses. The fallback is to re-install the critical parts of your Information Technology environment. Absent access to complete information backups, this requires a broad range of skill sets, top notch team management, and the ability to work continuously until the task is done.
For two decades, Progent has made available expert Information Technology services for companies throughout the U.S. and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have been awarded top certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have garnered internationally-renowned certifications including CISA, CISSP-ISSAP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent in addition has experience with accounting and ERP applications. This breadth of expertise provides Progent the ability to rapidly determine critical systems and organize the surviving components of your Information Technology environment following a ransomware penetration and assemble them into a functioning network.
Progent's security team has best of breed project management systems to orchestrate the complicated restoration process. Progent appreciates the importance of acting rapidly and in concert with a customer's management and IT resources to prioritize tasks and to get critical systems back online as fast as humanly possible.
Customer Case Study: A Successful Ransomware Incident Response
A small business escalated to Progent after their network system was attacked by the Ryuk ransomware. Ryuk is generally considered to have been launched by North Korean state sponsored hackers, suspected of using technology exposed from the U.S. NSA organization. Ryuk targets specific companies with little or no ability to sustain operational disruption and is one of the most profitable examples of ransomware. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturer headquartered in the Chicago metro area and has about 500 staff members. The Ryuk penetration had frozen all business operations and manufacturing capabilities. The majority of the client's information backups had been directly accessible at the beginning of the intrusion and were encrypted. The client was evaluating paying the ransom demand (in excess of $200K) and wishfully thinking for the best, but ultimately reached out to Progent.
Progent worked with the customer to quickly determine and assign priority to the critical areas that needed to be restored to make it possible to restart company functions:
In less than 2 days, Progent was able to recover Active Directory services to its pre-penetration state. Progent then charged ahead with setup and hard drive recovery of mission critical servers. All Exchange Server schema and configuration information were intact, which accelerated the restore of Exchange. Progent was also able to assemble non-encrypted OST files (Outlook Off-Line Data Files) on user workstations in order to recover mail messages. A recent off-line backup of the customer's financials/MRP systems made them able to return these essential programs back servicing users. Although a large amount of work still had to be done to recover completely from the Ryuk virus, the most important systems were restored quickly:
During the following few weeks critical milestones in the restoration project were accomplished in tight collaboration between Progent team members and the customer:
Conclusion
A probable company-ending disaster was dodged through the efforts of top-tier experts, a wide spectrum of subject matter expertise, and tight collaboration. Although in analyzing the event afterwards the ransomware virus penetration described here should have been shut down with modern security solutions and best practices, team education, and appropriate security procedures for backup and applying software patches, the fact is that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware incident, feel confident that Progent's team of professionals has proven experience in ransomware virus defense, mitigation, and file disaster recovery.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting Services in Clearwater
For ransomware system restoration consulting services in the Clearwater metro area, phone Progent at