Crypto-Ransomware : Your Worst IT Nightmare
Ransomware has become a modern cyberplague that poses an extinction-level danger for organizations poorly prepared for an assault. Versions of ransomware like the CryptoLocker, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been out in the wild for many years and continue to cause harm. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, as well as daily as yet unnamed newcomers, not only encrypt on-line information but also infiltrate all accessible system protection mechanisms. Data synched to cloud environments can also be encrypted. In a poorly architected data protection solution, it can make any recovery useless and effectively knocks the network back to zero.
Recovering services and information following a ransomware event becomes a sprint against time as the targeted business fights to stop the spread, remove the ransomware, and resume enterprise-critical operations. Because ransomware requires time to replicate across a targeted network, assaults are frequently sprung on weekends and holidays, when successful attacks tend to take longer to detect. This compounds the difficulty of promptly assembling and coordinating a knowledgeable response team.
Progent offers a variety of support services for securing Corpus Christi enterprises from crypto-ransomware penetrations. Among these are team member education to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat defense to identify and disable zero-day malware assaults. Progent in addition can provide the assistance of seasoned crypto-ransomware recovery consultants with the skills and commitment to rebuild a compromised environment as urgently as possible.
Progent's Ransomware Recovery Support Services
Following a crypto-ransomware event, even paying the ransom demands in cryptocurrency does not ensure that criminal gangs will provide the keys to unencrypt any of your information. Kaspersky ascertained that 17% of ransomware victims never recovered their information after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms are often a few hundred thousand dollars. For larger organizations, the ransom demand can reach millions of dollars. The fallback is to piece back together the key parts of your Information Technology environment. Absent the availability of essential data backups, this calls for a wide complement of IT skills, well-coordinated team management, and the willingness to work 24x7 until the job is finished.
For decades, Progent has provided certified expert Information Technology services for companies across the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have attained advanced certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise in accounting and ERP software solutions. This breadth of experience provides Progent the capability to knowledgably identify important systems and organize the remaining components of your IT environment after a ransomware event and assemble them into a functioning network.
Progent's recovery team of experts deploys state-of-the-art project management systems to coordinate the sophisticated restoration process. Progent knows the importance of acting swiftly and in unison with a client's management and IT staff to prioritize tasks and to put critical applications back online as soon as possible.
Customer Case Study: A Successful Ransomware Virus Response
A client hired Progent after their organization was penetrated by Ryuk ransomware. Ryuk is thought to have been developed by North Korean government sponsored criminal gangs, suspected of using algorithms leaked from the U.S. National Security Agency. Ryuk targets specific companies with little room for operational disruption and is among the most profitable iterations of ransomware viruses. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing company headquartered in the Chicago metro area and has around 500 workers. The Ryuk event had brought down all business operations and manufacturing processes. Most of the client's information backups had been on-line at the beginning of the intrusion and were eventually encrypted. The client considered paying the ransom demand (exceeding $200K) and praying for the best, but in the end called Progent.
Progent worked hand in hand the client to quickly assess and assign priority to the key systems that had to be recovered in order to resume company operations:
Within 2 days, Progent was able to recover Windows Active Directory to its pre-virus state. Progent then initiated reinstallations and storage recovery of essential applications. All Exchange Server data and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was able to locate non-encrypted OST files (Microsoft Outlook Offline Folder Files) on staff workstations in order to recover mail information. A not too old offline backup of the client's accounting software made them able to restore these required programs back online for users. Although significant work still had to be done to recover completely from the Ryuk event, critical systems were recovered rapidly:
Throughout the following month critical milestones in the restoration process were completed through close cooperation between Progent consultants and the customer:
Conclusion
A likely enterprise-killing disaster was evaded with hard-working experts, a wide range of IT skills, and tight collaboration. Although in analyzing the event afterwards the ransomware incident detailed here would have been shut down with current security systems and security best practices, staff training, and properly executed security procedures for information protection and keeping systems up to date with security patches, the reality remains that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and represent an ongoing threat. If you do get hit by a ransomware incursion, feel confident that Progent's roster of professionals has a proven track record in ransomware virus blocking, remediation, and information systems recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Corpus Christi
For ransomware recovery services in the Corpus Christi area, phone Progent at