Ransomware : Your Worst Information Technology Nightmare
Ransomware has become an escalating cyber pandemic that represents an existential threat for businesses unprepared for an assault. Multiple generations of ransomware like the Reveton, WannaCry, Locky, Syskey and MongoLock cryptoworms have been running rampant for years and continue to cause damage. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with additional as yet unnamed viruses, not only perform encryption of online critical data but also infect most accessible system protection mechanisms. Data replicated to cloud environments can also be corrupted. In a poorly designed system, this can render automated restoration useless and basically sets the network back to zero.
Retrieving applications and data following a ransomware attack becomes a sprint against time as the victim fights to stop lateral movement, clear the virus, and restore business-critical activity. Because ransomware requires time to spread across a targeted network, assaults are often sprung on weekends, when penetrations in many cases take longer to discover. This compounds the difficulty of promptly mobilizing and coordinating a qualified response team.
Progent offers a variety of support services for protecting Hartford enterprises from crypto-ransomware events. Among these are team member training to help identify and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's AI-based cyberthreat protection to detect and quarantine day-zero modern malware assaults. Progent also can provide the assistance of expert ransomware recovery professionals with the talent and commitment to rebuild a breached environment as soon as possible.
Progent's Crypto-Ransomware Recovery Support Services
Following a crypto-ransomware invasion, paying the ransom in cryptocurrency does not provide any assurance that cyber hackers will return the keys to unencrypt all your files. Kaspersky ascertained that 17% of ransomware victims never restored their data after having paid the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms are commonly several hundred thousand dollars. For larger organizations, the ransom can reach millions. The fallback is to piece back together the essential components of your Information Technology environment. Without the availability of essential information backups, this calls for a wide range of IT skills, top notch project management, and the ability to work continuously until the job is finished.
For twenty years, Progent has offered certified expert Information Technology services for businesses across the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have been awarded top certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have garnered internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise in accounting and ERP software solutions. This breadth of expertise provides Progent the skills to quickly determine necessary systems and re-organize the surviving parts of your network environment following a ransomware event and assemble them into an operational system.
Progent's recovery team of experts uses top notch project management systems to orchestrate the complicated recovery process. Progent appreciates the importance of acting rapidly and together with a customer's management and Information Technology staff to prioritize tasks and to get key applications back online as fast as humanly possible.
Customer Story: A Successful Ransomware Incident Recovery
A small business engaged Progent after their network was attacked by the Ryuk ransomware. Ryuk is believed to have been launched by North Korean government sponsored criminal gangs, possibly adopting techniques leaked from the United States NSA organization. Ryuk goes after specific businesses with limited tolerance for disruption and is one of the most profitable iterations of ransomware viruses. High publicized victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturing business based in the Chicago metro area with around 500 workers. The Ryuk intrusion had shut down all essential operations and manufacturing processes. Most of the client's backups had been on-line at the start of the intrusion and were destroyed. The client was evaluating paying the ransom (exceeding two hundred thousand dollars) and hoping for the best, but ultimately called Progent.
Progent worked with the customer to quickly get our arms around and prioritize the mission critical applications that needed to be addressed in order to continue business functions:
Within 2 days, Progent was able to restore Windows Active Directory to its pre-attack state. Progent then initiated reinstallations and hard drive recovery of critical servers. All Exchange schema and attributes were intact, which accelerated the rebuild of Exchange. Progent was able to assemble intact OST data files (Microsoft Outlook Off-Line Folder Files) on various PCs and laptops to recover mail information. A not too old off-line backup of the client's financials/MRP software made them able to recover these essential services back online for users. Although a large amount of work was left to recover completely from the Ryuk event, essential services were returned to operations rapidly:
During the next few weeks key milestones in the recovery process were achieved through close collaboration between Progent consultants and the client:
Conclusion
A possible business disaster was avoided due to dedicated professionals, a broad range of IT skills, and close teamwork. Although in retrospect the crypto-ransomware virus penetration described here could have been blocked with current cyber security systems and security best practices, staff education, and properly executed security procedures for information protection and applying software patches, the fact is that state-sponsored criminal cyber gangs from Russia, China and elsewhere are relentless and are not going away. If you do fall victim to a ransomware incident, feel confident that Progent's team of professionals has proven experience in ransomware virus blocking, cleanup, and file restoration.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting Services in Hartford
For ransomware system recovery services in the Hartford area, phone Progent at