Ransomware : Your Crippling IT Nightmare
Ransomware has become a modern cyberplague that presents an extinction-level danger for organizations unprepared for an assault. Different iterations of ransomware such as CrySIS, WannaCry, Locky, SamSam and MongoLock cryptoworms have been running rampant for many years and continue to inflict damage. Newer versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, along with daily unnamed viruses, not only encrypt on-line information but also infect any configured system restores and backups. Data synchronized to the cloud can also be ransomed. In a poorly designed system, this can render automatic restore operations impossible and basically sets the network back to square one.
Recovering services and data after a ransomware outage becomes a race against the clock as the victim struggles to contain the damage and remove the ransomware and to restore mission-critical activity. Because crypto-ransomware needs time to replicate, penetrations are often launched at night, when attacks typically take longer to notice. This compounds the difficulty of rapidly assembling and organizing a knowledgeable response team.
Progent offers a variety of solutions for protecting Springfield organizations from ransomware attacks. Among these are team training to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to installation of next-generation security gateways with AI technology to automatically detect and disable day-zero cyber attacks. Progent in addition can provide the assistance of veteran ransomware recovery professionals with the talent and commitment to re-deploy a compromised system as urgently as possible.
Progent's Ransomware Restoration Help
Following a ransomware event, even paying the ransom in Bitcoin cryptocurrency does not provide any assurance that cyber criminals will respond with the needed codes to decipher any of your files. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their data after having paid the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the typical ransomware demands, which ZDNET estimated to be around $13,000 for small organizations. The other path is to re-install the vital elements of your IT environment. Absent the availability of complete system backups, this requires a broad range of IT skills, well-coordinated project management, and the willingness to work non-stop until the job is over.
For twenty years, Progent has offered professional Information Technology services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have been awarded top certifications in important technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have garnered internationally-recognized certifications including CISM, CISSP-ISSAP, ISACA CRISC, and GIAC. (See Progent's certifications). Progent in addition has experience in financial systems and ERP applications. This breadth of expertise affords Progent the ability to rapidly determine critical systems and integrate the remaining parts of your Information Technology environment following a ransomware attack and rebuild them into an operational system.
Progent's ransomware group uses best of breed project management applications to coordinate the complex recovery process. Progent appreciates the importance of acting rapidly and in concert with a customer’s management and Information Technology team members to prioritize tasks and to put critical applications back on-line as soon as humanly possible.
Case Study: A Successful Crypto-Ransomware Attack Recovery
A customer contacted Progent after their network was brought down by Ryuk ransomware. Ryuk is generally considered to have been created by Northern Korean state sponsored hackers, possibly using algorithms exposed from the U.S. NSA organization. Ryuk goes after specific organizations with little tolerance for disruption and is among the most lucrative incarnations of ransomware. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturing company headquartered in the Chicago metro area and has about 500 workers. The Ryuk intrusion had frozen all company operations and manufacturing capabilities. The majority of the client's system backups had been directly accessible at the start of the intrusion and were encrypted. The client was actively seeking loans for paying the ransom (exceeding $200,000) and praying for the best, but ultimately utilized Progent.
Progent worked together with the customer to rapidly assess and prioritize the critical systems that had to be addressed to make it possible to restart business functions:
Within two days, Progent was able to restore Active Directory services to its pre-penetration state. Progent then accomplished rebuilding and hard drive recovery of critical systems. All Exchange Server ties and configuration information were usable, which accelerated the restore of Exchange. Progent was also able to assemble local OST files (Outlook Email Off-Line Data Files) on user PCs and laptops to recover mail information. A recent off-line backup of the customer’s financials/ERP systems made them able to return these vital services back available to users. Although a lot of work needed to be completed to recover fully from the Ryuk virus, critical services were returned to operations rapidly:
Over the following couple of weeks important milestones in the restoration project were achieved through close collaboration between Progent consultants and the customer:
Conclusion
A potential business-ending catastrophe was dodged due to results-oriented professionals, a wide spectrum of IT skills, and tight teamwork. Although in retrospect the ransomware incident described here could have been prevented with current cyber security technology and ISO/IEC 27001 best practices, staff training, and properly executed security procedures for data backup and applying software patches, the reality remains that government-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a crypto-ransomware penetration, feel confident that Progent's roster of experts has proven experience in ransomware virus defense, removal, and information systems restoration.
Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Expertise in Springfield
For ransomware recovery consulting in the Springfield metro area, call Progent at