Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become a too-frequent cyberplague that presents an extinction-level threat for organizations poorly prepared for an assault. Versions of ransomware such as CryptoLocker, WannaCry, Locky, Syskey and MongoLock cryptoworms have been out in the wild for many years and still inflict harm. Newer versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus more as yet unnamed viruses, not only encrypt on-line data but also infect most accessible system protection mechanisms. Files replicated to the cloud can also be rendered useless. In a poorly architected environment, this can render any recovery useless and basically sets the entire system back to zero.
Restoring applications and information following a ransomware attack becomes a race against the clock as the targeted business struggles to contain and remove the ransomware and to resume mission-critical operations. Because crypto-ransomware takes time to spread, assaults are often launched during nights and weekends, when successful attacks are likely to take longer to detect. This multiplies the difficulty of promptly marshalling and orchestrating a qualified response team.
Progent offers an assortment of services for securing Hartford organizations from crypto-ransomware penetrations. These include user education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat defense to identify and quarantine zero-day malware attacks. Progent in addition offers the assistance of expert ransomware recovery professionals with the talent and commitment to restore a breached network as urgently as possible.
Progent's Ransomware Recovery Support Services
After a ransomware attack, sending the ransom in Bitcoin cryptocurrency does not ensure that distant criminals will return the needed keys to unencrypt any of your files. Kaspersky Labs estimated that seventeen percent of ransomware victims never restored their information after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the usual crypto-ransomware demands, which ZDNET determined to be approximately $13,000 for small businesses. The other path is to setup from scratch the key parts of your IT environment. Absent the availability of complete data backups, this calls for a wide range of IT skills, well-coordinated team management, and the willingness to work non-stop until the task is finished.
For decades, Progent has offered professional IT services for businesses across the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have been awarded top industry certifications in key technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity engineers have garnered internationally-recognized industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has expertise in financial management and ERP software solutions. This breadth of experience gives Progent the capability to efficiently ascertain important systems and consolidate the surviving pieces of your computer network system following a crypto-ransomware event and assemble them into a functioning system.
Progent's security team utilizes state-of-the-art project management tools to coordinate the complicated recovery process. Progent knows the importance of acting rapidly and in concert with a client's management and Information Technology resources to prioritize tasks and to get critical systems back online as soon as humanly possible.
Customer Case Study: A Successful Ransomware Penetration Recovery
A customer contacted Progent after their company was taken over by the Ryuk ransomware virus. Ryuk is thought to have been launched by North Korean state sponsored cybercriminals, suspected of using techniques leaked from the United States NSA organization. Ryuk targets specific organizations with limited room for disruption and is one of the most lucrative incarnations of ransomware. Headline organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturer located in Chicago with around 500 staff members. The Ryuk penetration had paralyzed all business operations and manufacturing capabilities. The majority of the client's information backups had been on-line at the time of the attack and were damaged. The client was taking steps for paying the ransom demand (exceeding $200,000) and hoping for the best, but in the end brought in Progent.
Progent worked with the client to quickly identify and assign priority to the critical systems that needed to be recovered in order to restart company functions:
Within two days, Progent was able to re-build Windows Active Directory to its pre-intrusion state. Progent then charged ahead with setup and storage recovery of key systems. All Microsoft Exchange Server ties and attributes were intact, which accelerated the restore of Exchange. Progent was also able to collect intact OST data files (Outlook Email Off-Line Data Files) on team PCs and laptops to recover mail data. A not too old off-line backup of the businesses accounting systems made them able to restore these vital services back online. Although a large amount of work needed to be completed to recover fully from the Ryuk damage, the most important systems were restored rapidly:
During the next few weeks key milestones in the recovery process were accomplished through tight cooperation between Progent consultants and the customer:
Conclusion
A likely business-ending catastrophe was dodged due to top-tier experts, a wide range of technical expertise, and close teamwork. Although in retrospect the crypto-ransomware virus penetration detailed here should have been blocked with advanced cyber security solutions and security best practices, team training, and well thought out security procedures for data backup and applying software patches, the reality remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware incursion, feel confident that Progent's team of professionals has extensive experience in ransomware virus defense, cleanup, and information systems restoration.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting Services in Hartford
For ransomware recovery consulting services in the Hartford area, call Progent at