Ransomware : Your Feared IT Disaster
Ransomware has become a too-frequent cyber pandemic that represents an extinction-level threat for businesses of all sizes unprepared for an assault. Different iterations of ransomware like the CryptoLocker, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been around for a long time and still inflict damage. More recent strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, plus daily unnamed viruses, not only encrypt online data files but also infect many configured system restores and backups. Information synchronized to the cloud can also be encrypted. In a poorly architected environment, it can render automatic restoration hopeless and basically knocks the datacenter back to zero.
Retrieving programs and data following a ransomware event becomes a sprint against the clock as the targeted organization tries its best to stop the spread, clear the crypto-ransomware, and restore enterprise-critical activity. Due to the fact that ransomware needs time to move laterally across a network, assaults are often launched on weekends, when penetrations tend to take more time to discover. This multiplies the difficulty of rapidly assembling and organizing a knowledgeable mitigation team.
Progent makes available an assortment of help services for securing Cleveland enterprises from ransomware events. Among these are staff training to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat defense to identify and quarantine day-zero malware assaults. Progent in addition offers the services of expert ransomware recovery consultants with the track record and commitment to rebuild a compromised system as urgently as possible.
Progent's Ransomware Recovery Support Services
Soon after a crypto-ransomware event, even paying the ransom in cryptocurrency does not guarantee that cyber criminals will provide the codes to decrypt all your information. Kaspersky ascertained that 17% of ransomware victims never restored their information after having paid the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom demand can be in the millions of dollars. The other path is to piece back together the key elements of your Information Technology environment. Absent access to complete information backups, this requires a wide range of IT skills, professional team management, and the capability to work 24x7 until the job is complete.
For decades, Progent has offered professional IT services for businesses across the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have earned high-level industry certifications in foundation technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have garnered internationally-recognized industry certifications including CISM, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of experience provides Progent the skills to knowledgably identify necessary systems and re-organize the remaining pieces of your IT environment after a ransomware penetration and configure them into a functioning network.
Progent's recovery group utilizes top notch project management tools to coordinate the complicated restoration process. Progent appreciates the importance of acting quickly and in concert with a client's management and IT staff to prioritize tasks and to get essential applications back on line as soon as possible.
Case Study: A Successful Ransomware Penetration Response
A client contacted Progent after their network was crashed by the Ryuk ransomware. Ryuk is believed to have been deployed by North Korean government sponsored cybercriminals, possibly adopting approaches leaked from the U.S. National Security Agency. Ryuk targets specific organizations with little tolerance for disruption and is one of the most lucrative instances of ransomware viruses. Well Known organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturer headquartered in Chicago and has around 500 employees. The Ryuk penetration had frozen all essential operations and manufacturing capabilities. Most of the client's system backups had been on-line at the beginning of the intrusion and were destroyed. The client was taking steps for paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for good luck, but in the end utilized Progent.
Progent worked together with the customer to quickly determine and prioritize the essential systems that needed to be recovered to make it possible to restart business operations:
In less than 48 hours, Progent was able to rebuild Active Directory services to its pre-virus state. Progent then accomplished reinstallations and storage recovery on critical systems. All Exchange Server ties and attributes were intact, which facilitated the restore of Exchange. Progent was also able to find non-encrypted OST files (Outlook Offline Folder Files) on user workstations to recover mail information. A not too old off-line backup of the businesses accounting software made them able to restore these essential programs back servicing users. Although a lot of work remained to recover completely from the Ryuk attack, core services were restored rapidly:
Throughout the following few weeks key milestones in the restoration project were made through tight collaboration between Progent team members and the customer:
Conclusion
A possible business catastrophe was dodged due to results-oriented experts, a broad spectrum of subject matter expertise, and close teamwork. Although in post mortem the crypto-ransomware penetration described here should have been stopped with modern security technology and recognized best practices, staff training, and appropriate security procedures for backup and keeping systems up to date with security patches, the fact remains that government-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and will continue. If you do fall victim to a ransomware incident, remember that Progent's team of professionals has extensive experience in ransomware virus blocking, mitigation, and data recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Cleveland
For ransomware recovery consulting services in the Cleveland metro area, call Progent at