Ransomware : Your Worst Information Technology Nightmare
Ransomware has become a modern cyber pandemic that presents an existential threat for businesses unprepared for an assault. Multiple generations of crypto-ransomware like the Reveton, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been replicating for many years and continue to inflict damage. Modern strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, along with additional as yet unnamed malware, not only perform encryption of on-line critical data but also infiltrate all accessible system protection mechanisms. Information replicated to off-premises disaster recovery sites can also be ransomed. In a poorly designed data protection solution, it can make automated restore operations hopeless and effectively knocks the entire system back to zero.
Restoring services and information following a ransomware outage becomes a race against time as the targeted organization tries its best to stop the spread, cleanup the crypto-ransomware, and restore mission-critical operations. Because ransomware takes time to move laterally throughout a targeted network, assaults are often sprung on weekends, when successful attacks are likely to take longer to discover. This multiplies the difficulty of promptly assembling and coordinating a knowledgeable mitigation team.
Progent makes available an assortment of support services for securing Virginia Beach businesses from ransomware attacks. These include team member education to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to identify and suppress day-zero malware assaults. Progent in addition offers the services of seasoned ransomware recovery professionals with the skills and perseverance to rebuild a breached system as rapidly as possible.
Progent's Crypto-Ransomware Recovery Services
Subsequent to a crypto-ransomware invasion, sending the ransom demands in cryptocurrency does not guarantee that cyber hackers will respond with the needed codes to decrypt all your information. Kaspersky ascertained that 17% of ransomware victims never restored their data even after having paid the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms are often several hundred thousand dollars. For larger organizations, the ransom can reach millions. The alternative is to setup from scratch the mission-critical parts of your IT environment. Without access to essential data backups, this calls for a wide complement of skills, well-coordinated project management, and the ability to work continuously until the task is over.
For two decades, Progent has made available expert IT services for businesses across the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have earned top certifications in key technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized industry certifications including CISA, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has experience in accounting and ERP applications. This breadth of expertise provides Progent the skills to quickly identify necessary systems and integrate the remaining parts of your Information Technology system following a ransomware event and rebuild them into a functioning system.
Progent's security team uses best of breed project management systems to orchestrate the sophisticated recovery process. Progent understands the importance of acting rapidly and in concert with a client's management and IT team members to prioritize tasks and to get essential applications back on-line as fast as humanly possible.
Client Case Study: A Successful Ransomware Intrusion Restoration
A client engaged Progent after their network system was brought down by the Ryuk ransomware virus. Ryuk is believed to have been developed by North Korean government sponsored cybercriminals, suspected of using techniques exposed from the United States National Security Agency. Ryuk attacks specific organizations with little tolerance for disruption and is among the most lucrative incarnations of ransomware malware. Well Known organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a small manufacturing business located in Chicago with about 500 employees. The Ryuk penetration had paralyzed all essential operations and manufacturing capabilities. Most of the client's system backups had been directly accessible at the time of the attack and were destroyed. The client was taking steps for paying the ransom demand (exceeding $200K) and hoping for the best, but in the end made the decision to use Progent.
Progent worked hand in hand the customer to quickly assess and prioritize the mission critical systems that needed to be restored in order to restart departmental functions:
Within 48 hours, Progent was able to restore Active Directory services to its pre-intrusion state. Progent then assisted with rebuilding and hard drive recovery of essential applications. All Microsoft Exchange Server data and configuration information were usable, which greatly helped the restore of Exchange. Progent was able to collect non-encrypted OST data files (Outlook Email Off-Line Folder Files) on team workstations and laptops in order to recover mail data. A not too old offline backup of the customer's accounting/MRP systems made it possible to restore these essential applications back available to users. Although significant work remained to recover totally from the Ryuk event, core systems were returned to operations quickly:
Throughout the following few weeks important milestones in the restoration project were completed through close collaboration between Progent consultants and the client:
Conclusion
A likely enterprise-killing catastrophe was avoided due to dedicated experts, a wide spectrum of IT skills, and tight teamwork. Although in hindsight the crypto-ransomware penetration detailed here would have been shut down with modern security systems and best practices, user training, and well designed incident response procedures for information protection and keeping systems up to date with security patches, the reality remains that state-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware incident, feel confident that Progent's roster of experts has a proven track record in ransomware virus blocking, mitigation, and information systems disaster recovery.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Virginia Beach
For ransomware system recovery expertise in the Virginia Beach metro area, phone Progent at