Ransomware : Your Crippling Information Technology Nightmare
Crypto-Ransomware has become a modern cyber pandemic that represents an enterprise-level danger for businesses of all sizes poorly prepared for an assault. Multiple generations of ransomware like the CrySIS, CryptoWall, Bad Rabbit, NotPetya and MongoLock cryptoworms have been out in the wild for many years and continue to inflict harm. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, along with daily unnamed malware, not only encrypt on-line critical data but also infect all available system backup. Data synchronized to off-premises disaster recovery sites can also be encrypted. In a poorly designed environment, this can make automated recovery impossible and basically sets the entire system back to square one.
Getting back services and information following a crypto-ransomware attack becomes a sprint against time as the targeted business tries its best to stop the spread, remove the ransomware, and resume business-critical activity. Due to the fact that ransomware needs time to move laterally throughout a targeted network, attacks are usually launched at night, when penetrations typically take longer to discover. This compounds the difficulty of rapidly mobilizing and orchestrating a capable response team.
Progent offers a range of solutions for securing San Juan businesses from ransomware events. These include team training to help identify and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based threat defense to identify and quarantine zero-day malware attacks. Progent also offers the services of expert crypto-ransomware recovery consultants with the skills and perseverance to rebuild a breached system as soon as possible.
Progent's Ransomware Restoration Services
Subsequent to a crypto-ransomware attack, even paying the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will provide the codes to unencrypt all your files. Kaspersky Labs determined that 17% of ransomware victims never recovered their information after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms are often several hundred thousand dollars. For larger organizations, the ransom demand can be in the millions of dollars. The alternative is to setup from scratch the critical parts of your IT environment. Absent access to essential data backups, this requires a broad complement of skill sets, well-coordinated project management, and the willingness to work non-stop until the task is completed.
For two decades, Progent has offered certified expert Information Technology services for businesses across the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have been awarded high-level industry certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security consultants have earned internationally-recognized certifications including CISM, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience in financial systems and ERP software solutions. This breadth of experience provides Progent the ability to efficiently ascertain important systems and integrate the surviving components of your IT environment after a ransomware attack and configure them into an operational network.
Progent's recovery group deploys best of breed project management tools to coordinate the sophisticated restoration process. Progent knows the urgency of acting quickly and together with a client's management and IT resources to assign priority to tasks and to get key services back on-line as fast as possible.
Customer Case Study: A Successful Crypto-Ransomware Penetration Response
A business sought out Progent after their organization was brought down by Ryuk crypto-ransomware. Ryuk is thought to have been developed by North Korean state criminal gangs, possibly adopting approaches exposed from America's National Security Agency. Ryuk attacks specific businesses with little or no tolerance for operational disruption and is one of the most lucrative versions of ransomware viruses. Major organizations include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing company based in the Chicago metro area and has around 500 employees. The Ryuk intrusion had brought down all business operations and manufacturing processes. The majority of the client's backups had been online at the time of the attack and were destroyed. The client considered paying the ransom demand (in excess of $200,000) and wishfully thinking for good luck, but in the end engaged Progent.
Progent worked with the customer to rapidly get our arms around and assign priority to the critical services that needed to be addressed in order to continue company functions:
In less than 2 days, Progent was able to rebuild Active Directory services to its pre-attack state. Progent then accomplished reinstallations and hard drive recovery of essential systems. All Exchange Server ties and attributes were intact, which greatly helped the rebuild of Exchange. Progent was able to find local OST data files (Microsoft Outlook Off-Line Data Files) on staff workstations and laptops to recover email information. A recent off-line backup of the client's accounting systems made them able to recover these required programs back on-line. Although a lot of work still had to be done to recover totally from the Ryuk damage, critical systems were returned to operations quickly:
Over the following couple of weeks key milestones in the restoration process were completed in tight collaboration between Progent engineers and the client:
Conclusion
A possible business catastrophe was averted by hard-working experts, a broad spectrum of technical expertise, and close collaboration. Although in retrospect the crypto-ransomware attack described here should have been identified and disabled with up-to-date security solutions and recognized best practices, team training, and well designed incident response procedures for information protection and applying software patches, the reality remains that state-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and are an ongoing threat. If you do fall victim to a crypto-ransomware virus, remember that Progent's team of professionals has proven experience in ransomware virus blocking, removal, and file disaster recovery.
Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting Services in San Juan
For ransomware system recovery services in the San Juan metro area, call Progent at