Ransomware : Your Crippling IT Disaster
Ransomware has become a modern cyberplague that poses an enterprise-level danger for businesses poorly prepared for an attack. Multiple generations of ransomware such as CryptoLocker, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for years and continue to inflict destruction. Newer versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, along with more as yet unnamed malware, not only encrypt on-line information but also infect all configured system backups. Data synchronized to cloud environments can also be rendered useless. In a vulnerable data protection solution, this can make automatic restoration impossible and basically knocks the datacenter back to square one.
Recovering applications and data after a ransomware outage becomes a race against time as the targeted business struggles to stop lateral movement and cleanup the ransomware and to resume enterprise-critical activity. Due to the fact that ransomware takes time to replicate, penetrations are often sprung during weekends and nights, when attacks in many cases take longer to recognize. This multiplies the difficulty of rapidly mobilizing and orchestrating a knowledgeable response team.
Progent makes available an assortment of services for securing Orlando organizations from ransomware attacks. Among these are team training to help recognize and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for remote monitoring and management, along with installation of next-generation security appliances with machine learning technology to rapidly discover and quarantine zero-day cyber threats. Progent in addition offers the assistance of veteran ransomware recovery consultants with the talent and perseverance to reconstruct a breached network as urgently as possible.
Progent's Crypto-Ransomware Restoration Support Services
Following a crypto-ransomware event, sending the ransom in Bitcoin cryptocurrency does not guarantee that cyber hackers will respond with the codes to decrypt any of your files. Kaspersky Labs determined that 17% of ransomware victims never recovered their information after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the typical ransomware demands, which ZDNET estimated to be in the range of $13,000 for small businesses. The fallback is to re-install the mission-critical elements of your IT environment. Absent the availability of complete data backups, this requires a wide complement of skill sets, top notch team management, and the willingness to work non-stop until the task is finished.
For two decades, Progent has provided professional IT services for businesses across the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes consultants who have been awarded top industry certifications in foundation technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have garnered internationally-recognized certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has experience in accounting and ERP software solutions. This breadth of experience affords Progent the capability to rapidly understand necessary systems and re-organize the remaining components of your computer network environment after a ransomware event and rebuild them into an operational network.
Progent's ransomware team utilizes powerful project management systems to coordinate the complex restoration process. Progent knows the urgency of working quickly and together with a client's management and IT resources to assign priority to tasks and to get critical systems back on line as soon as possible.
Business Case Study: A Successful Ransomware Incident Restoration
A small business hired Progent after their organization was penetrated by Ryuk ransomware. Ryuk is believed to have been launched by Northern Korean state criminal gangs, suspected of using approaches exposed from the U.S. NSA organization. Ryuk seeks specific businesses with little tolerance for disruption and is one of the most profitable examples of ransomware viruses. Major targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturing business headquartered in Chicago and has about 500 workers. The Ryuk intrusion had brought down all essential operations and manufacturing processes. The majority of the client's information backups had been directly accessible at the beginning of the intrusion and were damaged. The client considered paying the ransom (more than $200,000) and praying for the best, but ultimately reached out to Progent.
Progent worked together with the customer to quickly assess and prioritize the most important elements that needed to be restored to make it possible to resume departmental operations:
In less than two days, Progent was able to rebuild Active Directory to its pre-attack state. Progent then helped perform rebuilding and storage recovery of essential systems. All Microsoft Exchange Server ties and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to locate local OST files (Outlook Off-Line Folder Files) on user PCs to recover email messages. A not too old off-line backup of the client's accounting/ERP software made them able to return these required services back online. Although significant work needed to be completed to recover totally from the Ryuk virus, critical services were recovered rapidly:
Over the following couple of weeks key milestones in the restoration process were completed in tight collaboration between Progent team members and the customer:
Conclusion
A possible company-ending catastrophe was averted due to results-oriented experts, a wide array of technical expertise, and close teamwork. Although in hindsight the ransomware penetration detailed here should have been identified and prevented with up-to-date cyber security technology solutions and best practices, user education, and properly executed security procedures for information backup and proper patching controls, the fact is that government-sponsored hackers from Russia, China and elsewhere are relentless and are not going away. If you do get hit by a ransomware incursion, feel confident that Progent's team of professionals has extensive experience in crypto-ransomware virus defense, mitigation, and information systems disaster recovery.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting Services in Orlando
For ransomware system recovery consulting services in the Orlando metro area, phone Progent at