Ransomware : Your Crippling IT Disaster
Ransomware has become a modern cyberplague that represents an enterprise-level danger for businesses poorly prepared for an attack. Different iterations of ransomware such as Dharma, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for many years and continue to cause damage. Modern strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, along with additional as yet unnamed malware, not only do encryption of online files but also infiltrate many accessible system backups. Information synched to cloud environments can also be rendered useless. In a poorly designed data protection solution, this can make automatic recovery impossible and basically sets the datacenter back to square one.
Recovering programs and data after a ransomware attack becomes a race against the clock as the targeted organization struggles to contain the damage and remove the ransomware and to resume enterprise-critical operations. Due to the fact that crypto-ransomware needs time to move laterally, attacks are frequently launched at night, when successful penetrations are likely to take more time to identify. This compounds the difficulty of promptly assembling and orchestrating a capable response team.
Progent has a range of support services for securing Corpus Christi businesses from ransomware events. These include team member education to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's behavior-based cyberthreat defense to detect and disable day-zero modern malware attacks. Progent in addition can provide the services of experienced crypto-ransomware recovery consultants with the talent and commitment to re-deploy a compromised network as urgently as possible.
Progent's Ransomware Recovery Help
After a ransomware penetration, paying the ransom demands in cryptocurrency does not provide any assurance that cyber criminals will respond with the keys to decrypt all your data. Kaspersky Labs estimated that 17% of ransomware victims never recovered their files after having sent off the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the average ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller businesses. The alternative is to re-install the key parts of your Information Technology environment. Absent the availability of essential system backups, this calls for a broad complement of skill sets, top notch team management, and the willingness to work non-stop until the task is over.
For two decades, Progent has made available professional IT services for businesses throughout the US and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have been awarded advanced industry certifications in leading technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have garnered internationally-renowned industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, and GIAC. (Refer to Progent's certifications). Progent in addition has experience in financial management and ERP applications. This breadth of experience affords Progent the skills to rapidly determine critical systems and organize the remaining parts of your IT environment after a ransomware event and rebuild them into an operational network.
Progent's ransomware team of experts uses top notch project management applications to orchestrate the sophisticated restoration process. Progent appreciates the urgency of working rapidly and together with a customer's management and Information Technology team members to prioritize tasks and to get essential applications back on line as fast as possible.
Client Story: A Successful Ransomware Intrusion Restoration
A client engaged Progent after their network was brought down by the Ryuk crypto-ransomware. Ryuk is generally considered to have been created by Northern Korean government sponsored cybercriminals, suspected of using strategies leaked from the U.S. NSA organization. Ryuk seeks specific companies with little ability to sustain operational disruption and is one of the most lucrative incarnations of ransomware. Headline targets include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing company based in Chicago and has around 500 employees. The Ryuk attack had shut down all company operations and manufacturing processes. Most of the client's data backups had been online at the time of the attack and were encrypted. The client considered paying the ransom (more than two hundred thousand dollars) and wishfully thinking for the best, but ultimately brought in Progent.
Progent worked with the client to quickly understand and assign priority to the key elements that had to be recovered in order to restart departmental operations:
In less than 48 hours, Progent was able to restore Windows Active Directory to its pre-virus state. Progent then helped perform reinstallations and hard drive recovery on critical systems. All Exchange data and configuration information were usable, which facilitated the rebuild of Exchange. Progent was also able to assemble local OST files (Outlook Email Offline Data Files) on user desktop computers and laptops in order to recover mail data. A not too old offline backup of the businesses financials/ERP software made them able to recover these required services back available to users. Although major work was left to recover fully from the Ryuk event, critical services were returned to operations quickly:
Over the next month key milestones in the recovery project were made in tight collaboration between Progent consultants and the client:
Conclusion
A probable business-ending disaster was avoided by dedicated professionals, a wide range of subject matter expertise, and close teamwork. Although upon completion of forensics the ransomware virus incident detailed here could have been prevented with advanced cyber security technology solutions and recognized best practices, team education, and appropriate security procedures for backup and applying software patches, the reality remains that state-sponsored cyber criminals from China, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a ransomware penetration, feel confident that Progent's roster of experts has a proven track record in ransomware virus defense, removal, and data restoration.
Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Corpus Christi
For ransomware cleanup consulting services in the Corpus Christi metro area, call Progent at