Ransomware : Your Worst Information Technology Disaster
Ransomware has become an escalating cyberplague that presents an existential threat for organizations unprepared for an attack. Versions of crypto-ransomware such as CryptoLocker, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been out in the wild for many years and continue to inflict damage. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, plus additional as yet unnamed malware, not only encrypt online critical data but also infect all accessible system protection. Information synchronized to cloud environments can also be rendered useless. In a poorly designed environment, it can make any recovery impossible and effectively knocks the network back to square one.
Getting back online programs and information after a ransomware intrusion becomes a sprint against the clock as the victim struggles to contain, remove the ransomware, and restore mission-critical activity. Since crypto-ransomware takes time to move laterally across a network, penetrations are usually launched on weekends, when attacks are likely to take more time to uncover. This compounds the difficulty of promptly mobilizing and organizing a knowledgeable response team.
Progent provides an assortment of services for securing Hartford enterprises from ransomware penetrations. Among these are team education to become familiar with and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's AI-based cyberthreat defense to discover and disable day-zero modern malware assaults. Progent also provides the services of veteran ransomware recovery engineers with the track record and perseverance to rebuild a compromised system as rapidly as possible.
Progent's Ransomware Recovery Services
Subsequent to a crypto-ransomware penetration, sending the ransom demands in cryptocurrency does not ensure that cyber hackers will return the needed codes to decrypt any of your information. Kaspersky determined that seventeen percent of crypto-ransomware victims never recovered their information after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms are commonly several hundred thousand dollars. For larger enterprises, the ransom demand can reach millions of dollars. The fallback is to piece back together the essential components of your IT environment. Absent access to full data backups, this calls for a wide complement of IT skills, top notch project management, and the willingness to work non-stop until the recovery project is complete.
For decades, Progent has provided expert Information Technology services for businesses across the US and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have been awarded high-level industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security experts have earned internationally-renowned certifications including CISA, CISSP, CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has expertise with accounting and ERP application software. This breadth of expertise provides Progent the capability to quickly determine critical systems and integrate the remaining components of your network system following a ransomware attack and rebuild them into a functioning system.
Progent's security team of experts uses state-of-the-art project management systems to orchestrate the complex recovery process. Progent knows the urgency of working rapidly and in unison with a client's management and IT staff to prioritize tasks and to get key systems back on-line as soon as possible.
Business Case Study: A Successful Ransomware Intrusion Recovery
A client engaged Progent after their network was taken over by Ryuk ransomware virus. Ryuk is believed to have been developed by North Korean state sponsored criminal gangs, suspected of adopting approaches leaked from America's NSA organization. Ryuk attacks specific organizations with limited ability to sustain operational disruption and is among the most lucrative iterations of crypto-ransomware. Well Known victims include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in Chicago and has around 500 employees. The Ryuk attack had brought down all business operations and manufacturing processes. The majority of the client's backups had been directly accessible at the beginning of the attack and were destroyed. The client considered paying the ransom (more than $200,000) and praying for the best, but ultimately called Progent.
Progent worked hand in hand the client to rapidly assess and assign priority to the mission critical systems that needed to be addressed in order to continue business functions:
Within 48 hours, Progent was able to re-build Active Directory services to its pre-intrusion state. Progent then charged ahead with rebuilding and storage recovery on key servers. All Microsoft Exchange Server ties and configuration information were intact, which accelerated the restore of Exchange. Progent was also able to collect local OST files (Microsoft Outlook Offline Data Files) on various workstations and laptops in order to recover email data. A not too old offline backup of the businesses financials/ERP systems made them able to return these required services back online. Although major work remained to recover completely from the Ryuk event, essential systems were returned to operations rapidly:
During the following couple of weeks critical milestones in the restoration project were made in tight cooperation between Progent team members and the customer:
Conclusion
A likely company-ending disaster was averted due to results-oriented professionals, a broad range of technical expertise, and tight teamwork. Although in retrospect the ransomware virus attack described here would have been blocked with up-to-date cyber security solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user training, and appropriate incident response procedures for information protection and proper patching controls, the reality is that government-sponsored cybercriminals from China, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware virus, remember that Progent's team of experts has proven experience in ransomware virus blocking, mitigation, and information systems recovery.
Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Expertise in Hartford
For ransomware system restoration expertise in the Hartford area, call Progent at