Crypto-Ransomware : Your Worst Information Technology Disaster
Crypto-Ransomware has become an escalating cyberplague that poses an extinction-level threat for businesses of all sizes poorly prepared for an attack. Multiple generations of ransomware like the CryptoLocker, Fusob, Locky, Syskey and MongoLock cryptoworms have been replicating for a long time and still cause harm. Modern variants of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, as well as daily unnamed viruses, not only do encryption of on-line files but also infect many accessible system protection mechanisms. Information synched to off-site disaster recovery sites can also be corrupted. In a vulnerable system, this can render any recovery useless and effectively knocks the entire system back to zero.
Recovering programs and information after a ransomware event becomes a race against time as the targeted organization tries its best to stop the spread and remove the virus and to resume business-critical operations. Since ransomware takes time to move laterally, assaults are frequently sprung at night, when successful attacks typically take longer to identify. This multiplies the difficulty of rapidly assembling and orchestrating an experienced mitigation team.
Progent provides an assortment of help services for securing Albuquerque enterprises from crypto-ransomware attacks. These include team member training to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based threat defense to detect and quarantine zero-day modern malware attacks. Progent also offers the services of seasoned ransomware recovery engineers with the talent and commitment to re-deploy a compromised system as urgently as possible.
Progent's Ransomware Restoration Help
Subsequent to a ransomware penetration, even paying the ransom in Bitcoin cryptocurrency does not provide any assurance that criminal gangs will return the codes to unencrypt any of your data. Kaspersky ascertained that 17% of ransomware victims never restored their data after having sent off the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the typical ransomware demands, which ZDNET determined to be approximately $13,000 for smaller businesses. The other path is to setup from scratch the critical components of your Information Technology environment. Absent access to essential data backups, this requires a broad range of skill sets, well-coordinated team management, and the willingness to work continuously until the job is finished.
For decades, Progent has provided expert IT services for businesses throughout the US and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes professionals who have earned advanced certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have garnered internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent in addition has expertise in accounting and ERP software solutions. This breadth of experience gives Progent the ability to knowledgably understand necessary systems and consolidate the surviving pieces of your computer network system following a crypto-ransomware event and rebuild them into an operational system.
Progent's security group has powerful project management systems to orchestrate the complex restoration process. Progent understands the urgency of working swiftly and in unison with a client's management and Information Technology team members to prioritize tasks and to put critical applications back online as fast as humanly possible.
Customer Case Study: A Successful Ransomware Attack Restoration
A client sought out Progent after their organization was crashed by Ryuk ransomware virus. Ryuk is thought to have been deployed by North Korean state sponsored hackers, possibly using technology exposed from the United States NSA organization. Ryuk goes after specific companies with little or no tolerance for operational disruption and is one of the most profitable instances of ransomware. Major organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturing business headquartered in Chicago and has around 500 employees. The Ryuk intrusion had brought down all essential operations and manufacturing processes. Most of the client's data protection had been on-line at the start of the attack and were eventually encrypted. The client was actively seeking loans for paying the ransom (more than $200K) and hoping for good luck, but in the end called Progent.
Progent worked together with the customer to rapidly identify and assign priority to the key services that had to be restored to make it possible to restart business operations:
Within 2 days, Progent was able to recover Active Directory services to its pre-attack state. Progent then assisted with setup and hard drive recovery of needed systems. All Exchange Server schema and configuration information were intact, which accelerated the rebuild of Exchange. Progent was able to find intact OST files (Microsoft Outlook Off-Line Data Files) on team PCs to recover email messages. A not too old off-line backup of the businesses accounting/MRP software made it possible to recover these vital programs back on-line. Although a large amount of work was left to recover fully from the Ryuk damage, essential services were restored rapidly:
Throughout the following couple of weeks important milestones in the restoration process were accomplished through tight collaboration between Progent team members and the customer:
Conclusion
A likely business-killing catastrophe was dodged with hard-working professionals, a wide array of IT skills, and tight collaboration. Although in analyzing the event afterwards the crypto-ransomware virus penetration described here would have been blocked with current security technology solutions and best practices, user training, and well thought out incident response procedures for data protection and applying software patches, the reality remains that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a crypto-ransomware incursion, feel confident that Progent's roster of experts has substantial experience in ransomware virus defense, mitigation, and data restoration.
Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting in Albuquerque
For ransomware system restoration expertise in the Albuquerque area, phone Progent at