Crypto-Ransomware : Your Crippling IT Catastrophe
Ransomware has become a modern cyber pandemic that represents an existential threat for organizations unprepared for an attack. Different versions of ransomware like the CryptoLocker, WannaCry, Locky, SamSam and MongoLock cryptoworms have been out in the wild for years and still cause destruction. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, plus frequent as yet unnamed newcomers, not only encrypt online data files but also infiltrate all accessible system backup. Files synched to the cloud can also be encrypted. In a poorly designed data protection solution, it can render automated restoration impossible and effectively knocks the network back to zero.
Retrieving services and data after a ransomware attack becomes a sprint against time as the targeted business fights to stop lateral movement, eradicate the ransomware, and restore business-critical operations. Due to the fact that ransomware requires time to move laterally throughout a targeted network, attacks are usually launched at night, when penetrations in many cases take more time to notice. This compounds the difficulty of promptly assembling and orchestrating a qualified mitigation team.
Progent provides a range of support services for protecting Porto Alegre businesses from ransomware penetrations. Among these are staff education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based threat defense to discover and suppress zero-day malware attacks. Progent in addition offers the services of expert ransomware recovery engineers with the talent and perseverance to rebuild a breached system as soon as possible.
Progent's Ransomware Restoration Support Services
Following a crypto-ransomware invasion, sending the ransom in cryptocurrency does not ensure that merciless criminals will respond with the needed keys to decrypt any of your data. Kaspersky determined that 17% of ransomware victims never recovered their information after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom can reach millions of dollars. The alternative is to piece back together the vital components of your Information Technology environment. Absent the availability of full data backups, this calls for a wide complement of IT skills, well-coordinated project management, and the ability to work 24x7 until the recovery project is done.
For decades, Progent has offered expert Information Technology services for businesses throughout the United States and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have been awarded advanced certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have garnered internationally-recognized industry certifications including CISA, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience with financial management and ERP application software. This breadth of experience affords Progent the capability to rapidly understand important systems and integrate the surviving parts of your network environment following a ransomware attack and rebuild them into a functioning system.
Progent's security group has best of breed project management systems to orchestrate the complex recovery process. Progent understands the importance of acting swiftly and in unison with a customer's management and IT resources to assign priority to tasks and to put key systems back online as soon as possible.
Customer Story: A Successful Ransomware Virus Restoration
A small business sought out Progent after their organization was crashed by the Ryuk ransomware virus. Ryuk is generally considered to have been created by North Korean government sponsored criminal gangs, possibly using technology leaked from the United States NSA organization. Ryuk goes after specific companies with little or no room for disruption and is one of the most profitable instances of ransomware malware. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a regional manufacturing company headquartered in Chicago and has around 500 workers. The Ryuk attack had disabled all business operations and manufacturing capabilities. The majority of the client's data backups had been online at the beginning of the intrusion and were eventually encrypted. The client was taking steps for paying the ransom demand (more than two hundred thousand dollars) and wishfully thinking for the best, but in the end made the decision to use Progent.
Progent worked with the customer to quickly understand and prioritize the essential areas that needed to be addressed to make it possible to resume departmental functions:
In less than 48 hours, Progent was able to rebuild Active Directory services to its pre-virus state. Progent then assisted with setup and storage recovery of mission critical systems. All Exchange schema and attributes were usable, which accelerated the rebuild of Exchange. Progent was also able to collect non-encrypted OST data files (Outlook Off-Line Folder Files) on staff PCs in order to recover mail messages. A not too old off-line backup of the client's financials/MRP software made it possible to restore these essential services back available to users. Although a lot of work was left to recover fully from the Ryuk attack, core systems were recovered rapidly:
Over the following couple of weeks important milestones in the restoration process were achieved through close cooperation between Progent consultants and the customer:
Conclusion
A likely business extinction catastrophe was averted with hard-working professionals, a wide array of technical expertise, and close collaboration. Although in post mortem the ransomware virus penetration described here could have been shut down with up-to-date cyber security solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, team training, and appropriate security procedures for information backup and keeping systems up to date with security patches, the fact remains that state-sponsored criminal cyber gangs from Russia, China and elsewhere are relentless and are an ongoing threat. If you do fall victim to a crypto-ransomware incident, remember that Progent's roster of experts has extensive experience in ransomware virus defense, remediation, and file recovery.
Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Porto Alegre
For ransomware recovery expertise in the Porto Alegre area, phone Progent at