Ransomware : Your Feared Information Technology Disaster
Ransomware has become a too-frequent cyberplague that poses an existential danger for businesses poorly prepared for an attack. Multiple generations of ransomware such as Reveton, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been replicating for years and still inflict harm. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, plus additional unnamed viruses, not only encrypt online critical data but also infect all available system restores and backups. Information synched to the cloud can also be rendered useless. In a poorly architected system, it can make any restoration useless and effectively sets the datacenter back to zero.
Getting back services and data after a ransomware intrusion becomes a sprint against time as the victim tries its best to contain and clear the ransomware and to resume mission-critical activity. Due to the fact that ransomware requires time to spread, assaults are frequently sprung during weekends and nights, when penetrations may take longer to recognize. This multiplies the difficulty of quickly assembling and coordinating an experienced response team.
Progent makes available a variety of solutions for securing San Juan enterprises from ransomware penetrations. Among these are team education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to setup and configuration of next-generation security appliances with artificial intelligence technology to automatically identify and suppress zero-day threats. Progent in addition provides the services of seasoned ransomware recovery consultants with the talent and commitment to reconstruct a breached environment as rapidly as possible.
Progent's Crypto-Ransomware Recovery Services
Following a ransomware event, sending the ransom in cryptocurrency does not provide any assurance that cyber criminals will respond with the needed keys to unencrypt any of your information. Kaspersky Labs determined that seventeen percent of crypto-ransomware victims never restored their information even after having paid the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the average ransomware demands, which ZDNET estimated to be in the range of $13,000 for small organizations. The alternative is to setup from scratch the vital components of your IT environment. Without access to complete system backups, this requires a wide complement of IT skills, professional team management, and the willingness to work 24x7 until the recovery project is over.
For two decades, Progent has provided professional IT services for companies throughout the U.S. and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes professionals who have earned high-level industry certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security consultants have earned internationally-renowned industry certifications including CISM, CISSP-ISSAP, CRISC, and GIAC. (Visit Progent's certifications). Progent in addition has expertise with accounting and ERP application software. This breadth of expertise gives Progent the capability to knowledgably identify necessary systems and consolidate the remaining components of your computer network environment after a ransomware event and rebuild them into a functioning system.
Progent's recovery team of experts deploys powerful project management applications to coordinate the complex recovery process. Progent appreciates the urgency of acting rapidly and in unison with a client's management and Information Technology resources to prioritize tasks and to put the most important applications back on line as soon as humanly possible.
Customer Case Study: A Successful Ransomware Incident Recovery
A customer engaged Progent after their network system was crashed by Ryuk crypto-ransomware. Ryuk is thought to have been launched by Northern Korean state criminal gangs, suspected of adopting algorithms leaked from America’s NSA organization. Ryuk targets specific businesses with little tolerance for disruption and is one of the most lucrative versions of ransomware viruses. Well Known organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing business headquartered in the Chicago metro area and has around 500 staff members. The Ryuk event had frozen all essential operations and manufacturing capabilities. The majority of the client's data protection had been on-line at the beginning of the intrusion and were encrypted. The client was actively seeking loans for paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for good luck, but ultimately reached out to Progent.
Progent worked together with the client to quickly assess and assign priority to the mission critical applications that had to be addressed to make it possible to continue departmental functions:
Within two days, Progent was able to rebuild Active Directory to its pre-intrusion state. Progent then completed setup and storage recovery on the most important applications. All Exchange Server ties and configuration information were intact, which facilitated the restore of Exchange. Progent was also able to collect intact OST data files (Outlook Email Offline Folder Files) on user desktop computers and laptops in order to recover email data. A recent offline backup of the customer’s manufacturing systems made them able to restore these required services back online for users. Although significant work still had to be done to recover completely from the Ryuk damage, the most important systems were recovered quickly:
Over the following month critical milestones in the recovery project were made in tight cooperation between Progent team members and the client:
Conclusion
A potential business catastrophe was evaded by top-tier professionals, a wide array of knowledge, and close teamwork. Although in post mortem the ransomware attack detailed here should have been disabled with advanced security systems and NIST Cybersecurity Framework best practices, staff training, and properly executed security procedures for backup and keeping systems up to date with security patches, the fact is that government-sponsored cybercriminals from Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incident, feel confident that Progent's team of experts has extensive experience in ransomware virus defense, cleanup, and file recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this customer story, click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in San Juan
For ransomware system recovery consulting in the San Juan metro area, call Progent at