Crypto-Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become a modern cyberplague that presents an existential threat for organizations poorly prepared for an assault. Different versions of ransomware like the CrySIS, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been out in the wild for years and still cause destruction. Newer strains of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, plus additional as yet unnamed malware, not only encrypt online files but also infect most available system backups. Files replicated to cloud environments can also be corrupted. In a poorly designed system, it can make automated restoration useless and effectively knocks the network back to square one.
Getting back on-line programs and data after a ransomware event becomes a race against the clock as the targeted business struggles to stop lateral movement and eradicate the ransomware and to resume enterprise-critical activity. Due to the fact that ransomware takes time to replicate, penetrations are frequently sprung on weekends and holidays, when successful attacks typically take longer to uncover. This multiplies the difficulty of rapidly marshalling and coordinating a capable response team.
Progent has a range of services for protecting Orlando enterprises from ransomware attacks. Among these are user training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based threat protection to discover and extinguish zero-day malware assaults. Progent also offers the assistance of expert ransomware recovery engineers with the talent and perseverance to restore a breached environment as rapidly as possible.
Progent's Ransomware Restoration Support Services
Soon after a crypto-ransomware penetration, paying the ransom in Bitcoin cryptocurrency does not guarantee that distant criminals will provide the needed keys to unencrypt any of your files. Kaspersky ascertained that 17% of crypto-ransomware victims never recovered their data even after having sent off the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is well higher than the usual ransomware demands, which ZDNET determined to be approximately $13,000 for small businesses. The alternative is to re-install the critical elements of your IT environment. Without the availability of full information backups, this requires a wide range of skill sets, professional project management, and the willingness to work non-stop until the task is done.
For two decades, Progent has made available professional Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have been awarded high-level certifications in leading technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have earned internationally-renowned certifications including CISA, CISSP, CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent in addition has experience in financial management and ERP application software. This breadth of expertise gives Progent the ability to knowledgably ascertain critical systems and integrate the surviving components of your computer network environment after a ransomware attack and assemble them into an operational network.
Progent's ransomware group uses best of breed project management systems to coordinate the sophisticated recovery process. Progent knows the urgency of working quickly and in unison with a client's management and Information Technology team members to prioritize tasks and to get key applications back on-line as soon as possible.
Customer Story: A Successful Ransomware Virus Response
A business engaged Progent after their company was brought down by Ryuk crypto-ransomware. Ryuk is thought to have been developed by Northern Korean government sponsored criminal gangs, possibly adopting techniques exposed from the U.S. NSA organization. Ryuk targets specific businesses with limited room for operational disruption and is one of the most profitable instances of ransomware. Headline targets include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturing business headquartered in the Chicago metro area with about 500 employees. The Ryuk event had disabled all company operations and manufacturing processes. The majority of the client's information backups had been online at the time of the intrusion and were eventually encrypted. The client was taking steps for paying the ransom (in excess of $200,000) and wishfully thinking for good luck, but ultimately reached out to Progent.
Progent worked with the customer to quickly assess and assign priority to the critical services that had to be restored to make it possible to restart business functions:
In less than 2 days, Progent was able to re-build Active Directory to its pre-intrusion state. Progent then accomplished reinstallations and storage recovery of critical applications. All Exchange Server schema and attributes were usable, which facilitated the rebuild of Exchange. Progent was also able to locate intact OST data files (Outlook Off-Line Data Files) on various desktop computers and laptops in order to recover email data. A recent offline backup of the businesses accounting software made it possible to recover these essential programs back online. Although a lot of work still had to be done to recover fully from the Ryuk virus, the most important services were recovered quickly:
Over the next month critical milestones in the recovery project were accomplished through tight collaboration between Progent consultants and the customer:
Conclusion
A potential business-killing catastrophe was avoided with results-oriented experts, a broad array of technical expertise, and tight collaboration. Although in post mortem the ransomware incident detailed here should have been stopped with current security solutions and security best practices, staff training, and appropriate incident response procedures for data protection and applying software patches, the fact is that state-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do fall victim to a ransomware attack, feel confident that Progent's team of professionals has extensive experience in ransomware virus blocking, cleanup, and information systems disaster recovery.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Orlando
For ransomware recovery consulting services in the Orlando metro area, phone Progent at