Ransomware : Your Crippling Information Technology Catastrophe
Ransomware has become a modern cyber pandemic that presents an extinction-level threat for businesses of all sizes poorly prepared for an assault. Different versions of ransomware such as CrySIS, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been out in the wild for many years and continue to cause destruction. Newer versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, as well as frequent unnamed malware, not only encrypt on-line files but also infect all configured system protection mechanisms. Files synchronized to the cloud can also be corrupted. In a vulnerable system, this can make automatic restoration impossible and effectively sets the entire system back to square one.
Getting back online programs and information following a ransomware event becomes a race against time as the targeted business fights to contain the damage and clear the ransomware and to resume enterprise-critical activity. Due to the fact that ransomware needs time to spread, assaults are often sprung during nights and weekends, when successful penetrations typically take longer to notice. This multiplies the difficulty of quickly marshalling and orchestrating a capable response team.
Progent offers a range of support services for protecting Virginia Beach enterprises from ransomware attacks. Among these are team member education to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat defense to discover and extinguish zero-day modern malware assaults. Progent in addition can provide the assistance of veteran ransomware recovery professionals with the skills and perseverance to rebuild a compromised network as quickly as possible.
Progent's Crypto-Ransomware Recovery Help
After a ransomware attack, even paying the ransom in cryptocurrency does not provide any assurance that cyber criminals will provide the needed codes to unencrypt any of your data. Kaspersky Labs determined that 17% of ransomware victims never restored their information even after having paid the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the average crypto-ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller businesses. The fallback is to re-install the vital elements of your Information Technology environment. Without the availability of complete data backups, this calls for a broad range of skills, top notch project management, and the willingness to work non-stop until the recovery project is completed.
For twenty years, Progent has offered professional IT services for companies throughout the U.S. and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have been awarded high-level certifications in leading technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security consultants have garnered internationally-recognized certifications including CISM, CISSP-ISSAP, CRISC, and GIAC. (Refer to Progent's certifications). Progent in addition has experience with financial systems and ERP applications. This breadth of expertise gives Progent the ability to rapidly ascertain important systems and integrate the remaining components of your network system following a crypto-ransomware penetration and assemble them into a functioning system.
Progent's security team utilizes top notch project management applications to orchestrate the sophisticated recovery process. Progent knows the urgency of working swiftly and together with a client's management and Information Technology staff to assign priority to tasks and to put key systems back on line as soon as humanly possible.
Business Case Study: A Successful Ransomware Penetration Recovery
A business engaged Progent after their network was taken over by Ryuk ransomware. Ryuk is believed to have been deployed by North Korean state sponsored hackers, suspected of adopting approaches exposed from the United States NSA organization. Ryuk attacks specific businesses with little ability to sustain operational disruption and is among the most lucrative versions of ransomware malware. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturing business located in Chicago and has around 500 staff members. The Ryuk intrusion had disabled all business operations and manufacturing processes. The majority of the client's backups had been on-line at the time of the attack and were damaged. The client was pursuing financing for paying the ransom demand (in excess of $200K) and praying for good luck, but ultimately made the decision to use Progent.
Progent worked with the customer to quickly determine and prioritize the most important services that had to be restored to make it possible to resume company functions:
In less than 48 hours, Progent was able to restore Active Directory services to its pre-penetration state. Progent then completed rebuilding and storage recovery on needed applications. All Exchange ties and attributes were intact, which greatly helped the rebuild of Exchange. Progent was also able to locate non-encrypted OST data files (Outlook Off-Line Folder Files) on various PCs in order to recover email information. A recent offline backup of the businesses manufacturing software made it possible to recover these required applications back servicing users. Although a large amount of work was left to recover fully from the Ryuk event, essential systems were restored rapidly:
During the following few weeks important milestones in the recovery process were completed through close collaboration between Progent consultants and the customer:
Conclusion
A potential business-ending disaster was avoided through the efforts of top-tier professionals, a wide spectrum of knowledge, and close teamwork. Although in post mortem the ransomware virus attack described here would have been identified and prevented with advanced cyber security technology and best practices, user and IT administrator training, and well thought out incident response procedures for data backup and keeping systems up to date with security patches, the reality remains that state-sponsored cybercriminals from Russia, China and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incident, remember that Progent's roster of professionals has proven experience in ransomware virus blocking, mitigation, and file recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting Services in Virginia Beach
For ransomware system restoration expertise in the Virginia Beach area, call Progent at