Ransomware : Your Crippling Information Technology Catastrophe
Crypto-Ransomware has become a too-frequent cyberplague that presents an extinction-level danger for businesses vulnerable to an assault. Different versions of ransomware such as Dharma, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been out in the wild for a long time and continue to cause destruction. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with more as yet unnamed malware, not only do encryption of on-line files but also infect many available system protection. Files synched to the cloud can also be rendered useless. In a vulnerable system, it can render automated restore operations impossible and effectively sets the network back to square one.
Recovering services and data following a ransomware intrusion becomes a race against the clock as the targeted organization struggles to contain and clear the virus and to restore mission-critical activity. Due to the fact that ransomware needs time to spread, attacks are usually sprung on weekends, when attacks tend to take more time to uncover. This multiplies the difficulty of rapidly marshalling and orchestrating a capable mitigation team.
Progent makes available an assortment of services for securing San Juan businesses from ransomware events. These include user education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's AI-based threat protection to discover and disable day-zero malware attacks. Progent also can provide the assistance of veteran crypto-ransomware recovery engineers with the talent and commitment to rebuild a compromised network as soon as possible.
Progent's Ransomware Restoration Services
After a ransomware penetration, paying the ransom in cryptocurrency does not provide any assurance that merciless criminals will provide the needed codes to decrypt any of your information. Kaspersky determined that seventeen percent of ransomware victims never restored their information after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is greatly higher than the usual ransomware demands, which ZDNET determined to be approximately $13,000 for small businesses. The alternative is to setup from scratch the essential elements of your Information Technology environment. Without access to complete information backups, this requires a wide range of skills, well-coordinated team management, and the ability to work non-stop until the task is over.
For two decades, Progent has offered expert IT services for companies across the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have attained advanced certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security consultants have garnered internationally-recognized certifications including CISA, CISSP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has experience with accounting and ERP applications. This breadth of expertise gives Progent the ability to quickly determine necessary systems and re-organize the surviving components of your computer network environment after a ransomware attack and assemble them into an operational network.
Progent's recovery team utilizes powerful project management applications to coordinate the complicated restoration process. Progent knows the importance of working rapidly and together with a client's management and Information Technology staff to prioritize tasks and to put the most important systems back on-line as fast as possible.
Case Study: A Successful Ransomware Incident Recovery
A customer hired Progent after their network system was taken over by the Ryuk ransomware virus. Ryuk is generally considered to have been launched by Northern Korean government sponsored criminal gangs, possibly adopting algorithms exposed from the U.S. National Security Agency. Ryuk targets specific organizations with little ability to sustain disruption and is one of the most profitable instances of crypto-ransomware. Major organizations include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturing company headquartered in Chicago and has around 500 employees. The Ryuk penetration had frozen all company operations and manufacturing capabilities. Most of the client's system backups had been online at the beginning of the intrusion and were eventually encrypted. The client was evaluating paying the ransom (more than $200K) and wishfully thinking for the best, but ultimately made the decision to use Progent.
Progent worked hand in hand the client to quickly determine and prioritize the essential elements that needed to be restored to make it possible to restart departmental operations:
Within 48 hours, Progent was able to restore Windows Active Directory to its pre-virus state. Progent then helped perform reinstallations and hard drive recovery on key servers. All Microsoft Exchange Server ties and configuration information were intact, which accelerated the restore of Exchange. Progent was able to locate intact OST files (Microsoft Outlook Offline Data Files) on user desktop computers and laptops to recover email information. A not too old off-line backup of the businesses accounting/ERP software made it possible to return these vital programs back available to users. Although significant work was left to recover totally from the Ryuk damage, core systems were recovered rapidly:
Throughout the following couple of weeks critical milestones in the recovery project were achieved through close collaboration between Progent engineers and the client:
Conclusion
A potential enterprise-killing disaster was avoided due to hard-working professionals, a broad spectrum of knowledge, and close collaboration. Although in hindsight the crypto-ransomware penetration detailed here should have been shut down with modern cyber security solutions and best practices, team training, and appropriate incident response procedures for data backup and applying software patches, the reality is that government-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and will continue. If you do fall victim to a ransomware virus, remember that Progent's team of professionals has extensive experience in ransomware virus defense, mitigation, and data disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in San Juan
For ransomware cleanup expertise in the San Juan metro area, phone Progent at