Ransomware : Your Crippling Information Technology Disaster
Ransomware has become a modern cyber pandemic that presents an enterprise-level danger for businesses of all sizes unprepared for an attack. Versions of crypto-ransomware such as Reveton, WannaCry, Locky, SamSam and MongoLock cryptoworms have been out in the wild for years and continue to inflict harm. Modern variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, along with frequent unnamed newcomers, not only encrypt on-line information but also infect most accessible system restores and backups. Information synched to cloud environments can also be rendered useless. In a vulnerable data protection solution, this can render automatic restoration useless and basically sets the entire system back to zero.
Getting back services and data following a crypto-ransomware intrusion becomes a race against time as the targeted organization tries its best to contain and clear the virus and to restore enterprise-critical operations. Due to the fact that ransomware needs time to replicate, penetrations are usually launched on weekends and holidays, when penetrations typically take more time to detect. This multiplies the difficulty of promptly assembling and coordinating a knowledgeable mitigation team.
Progent offers an assortment of support services for protecting Albuquerque organizations from ransomware penetrations. Among these are team training to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's AI-based cyberthreat defense to identify and disable zero-day malware assaults. Progent also provides the services of experienced crypto-ransomware recovery professionals with the skills and perseverance to re-deploy a compromised network as quickly as possible.
Progent's Ransomware Recovery Services
Soon after a crypto-ransomware penetration, sending the ransom in Bitcoin cryptocurrency does not ensure that criminal gangs will return the keys to decipher any or all of your files. Kaspersky determined that 17% of ransomware victims never recovered their data even after having sent off the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is greatly higher than the typical ransomware demands, which ZDNET estimated to be in the range of $13,000 for small businesses. The other path is to re-install the critical parts of your IT environment. Without the availability of full information backups, this requires a broad complement of skills, top notch team management, and the ability to work 24x7 until the job is completed.
For twenty years, Progent has provided professional IT services for companies across the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have earned top certifications in important technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security specialists have earned internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise in financial systems and ERP software solutions. This breadth of expertise gives Progent the capability to rapidly understand necessary systems and organize the surviving components of your computer network environment following a ransomware penetration and configure them into a functioning network.
Progent's ransomware team of experts utilizes best of breed project management applications to orchestrate the complex restoration process. Progent knows the importance of working swiftly and in unison with a client's management and IT team members to assign priority to tasks and to put critical applications back on-line as soon as possible.
Client Case Study: A Successful Ransomware Virus Response
A customer contacted Progent after their network system was penetrated by the Ryuk ransomware. Ryuk is believed to have been launched by North Korean government sponsored cybercriminals, suspected of adopting technology leaked from America's National Security Agency. Ryuk goes after specific organizations with little ability to sustain disruption and is among the most profitable examples of crypto-ransomware. Well Known targets include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturing business based in Chicago with around 500 staff members. The Ryuk intrusion had shut down all company operations and manufacturing processes. Most of the client's data backups had been on-line at the beginning of the intrusion and were damaged. The client considered paying the ransom demand (in excess of $200,000) and wishfully thinking for good luck, but ultimately engaged Progent.
Progent worked hand in hand the client to rapidly understand and assign priority to the critical areas that needed to be addressed to make it possible to continue business operations:
In less than 2 days, Progent was able to rebuild Active Directory to its pre-virus state. Progent then completed reinstallations and hard drive recovery of essential servers. All Microsoft Exchange Server schema and configuration information were usable, which facilitated the rebuild of Exchange. Progent was also able to find local OST data files (Outlook Off-Line Folder Files) on user desktop computers to recover mail messages. A recent offline backup of the customer's financials/ERP software made them able to restore these required services back available to users. Although a lot of work remained to recover fully from the Ryuk event, essential systems were returned to operations quickly:
Over the following few weeks important milestones in the recovery project were accomplished through tight collaboration between Progent consultants and the client:
Conclusion
A probable enterprise-killing disaster was evaded through the efforts of dedicated professionals, a wide spectrum of subject matter expertise, and tight teamwork. Although in hindsight the ransomware attack described here would have been disabled with modern cyber security systems and security best practices, team education, and well designed incident response procedures for information protection and proper patching controls, the fact is that government-sponsored cybercriminals from China, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a crypto-ransomware penetration, feel confident that Progent's team of professionals has extensive experience in crypto-ransomware virus blocking, cleanup, and data restoration.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Expertise in Albuquerque
For ransomware system recovery services in the Albuquerque metro area, phone Progent at