Crypto-Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become a modern cyberplague that presents an existential threat for organizations poorly prepared for an assault. Multiple generations of ransomware like the CrySIS, Fusob, Locky, Syskey and MongoLock cryptoworms have been running rampant for many years and still inflict damage. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as daily unnamed viruses, not only do encryption of on-line information but also infiltrate all configured system backup. Data replicated to the cloud can also be encrypted. In a poorly architected system, this can render any recovery impossible and basically knocks the network back to square one.
Restoring programs and information after a ransomware outage becomes a sprint against time as the targeted organization tries its best to contain and clear the ransomware and to restore enterprise-critical operations. Due to the fact that ransomware requires time to move laterally, assaults are often sprung during weekends and nights, when penetrations tend to take longer to recognize. This multiplies the difficulty of rapidly marshalling and orchestrating a knowledgeable mitigation team.
Progent provides a range of support services for securing Montgomery businesses from crypto-ransomware events. These include team member training to help recognize and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to installation of next-generation security solutions with machine learning capabilities to rapidly discover and disable day-zero threats. Progent in addition offers the services of experienced ransomware recovery consultants with the skills and commitment to rebuild a compromised network as quickly as possible.
Progent's Ransomware Recovery Support Services
After a crypto-ransomware penetration, even paying the ransom demands in Bitcoin cryptocurrency does not guarantee that cyber criminals will provide the needed keys to unencrypt all your files. Kaspersky Labs determined that seventeen percent of crypto-ransomware victims never recovered their data even after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the typical ransomware demands, which ZDNET determined to be in the range of $13,000 for small businesses. The fallback is to setup from scratch the essential parts of your IT environment. Absent the availability of full information backups, this calls for a broad range of skills, top notch project management, and the willingness to work non-stop until the job is over.
For twenty years, Progent has provided professional Information Technology services for businesses throughout the US and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned top industry certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security engineers have garnered internationally-renowned industry certifications including CISA, CISSP, CRISC, and GIAC. (Visit Progent's certifications). Progent also has experience with financial management and ERP applications. This breadth of experience provides Progent the capability to rapidly ascertain critical systems and organize the surviving pieces of your IT system after a ransomware event and assemble them into a functioning system.
Progent's ransomware group has top notch project management systems to orchestrate the complex recovery process. Progent knows the importance of acting swiftly and in unison with a client's management and Information Technology resources to prioritize tasks and to get critical applications back online as fast as humanly possible.
Customer Case Study: A Successful Ransomware Penetration Response
A small business sought out Progent after their network was brought down by the Ryuk ransomware. Ryuk is believed to have been launched by Northern Korean state sponsored hackers, possibly using algorithms exposed from America's NSA organization. Ryuk targets specific businesses with little tolerance for disruption and is one of the most lucrative incarnations of ransomware malware. High publicized targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturer located in Chicago with around 500 employees. The Ryuk attack had disabled all business operations and manufacturing processes. Most of the client's information backups had been directly accessible at the time of the intrusion and were eventually encrypted. The client considered paying the ransom (in excess of $200,000) and praying for the best, but in the end engaged Progent.
Progent worked hand in hand the client to quickly identify and assign priority to the key areas that had to be recovered in order to resume departmental operations:
In less than 2 days, Progent was able to rebuild Active Directory to its pre-intrusion state. Progent then performed rebuilding and storage recovery of critical systems. All Exchange ties and configuration information were usable, which facilitated the rebuild of Exchange. Progent was also able to assemble local OST files (Outlook Off-Line Folder Files) on team desktop computers and laptops to recover mail data. A not too old offline backup of the customer's accounting/MRP systems made it possible to restore these required programs back on-line. Although a large amount of work was left to recover totally from the Ryuk attack, the most important services were returned to operations rapidly:
During the following couple of weeks important milestones in the restoration process were completed through tight collaboration between Progent team members and the client:
Conclusion
A possible company-ending catastrophe was averted through the efforts of results-oriented experts, a wide range of technical expertise, and tight teamwork. Although in analyzing the event afterwards the crypto-ransomware virus penetration detailed here would have been identified and stopped with current security solutions and NIST Cybersecurity Framework best practices, team training, and well thought out security procedures for data backup and proper patching controls, the reality remains that state-sponsored cybercriminals from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a crypto-ransomware attack, remember that Progent's team of experts has extensive experience in crypto-ransomware virus defense, removal, and information systems recovery.
Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Montgomery
For ransomware system recovery expertise in the Montgomery metro area, call Progent at