Ransomware : Your Feared IT Nightmare
Ransomware has become an escalating cyber pandemic that poses an existential danger for businesses of all sizes vulnerable to an assault. Different versions of ransomware such as CrySIS, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for years and still inflict havoc. Newer strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, as well as frequent unnamed newcomers, not only encrypt online critical data but also infiltrate most accessible system protection mechanisms. Files synchronized to cloud environments can also be corrupted. In a poorly architected data protection solution, it can render automatic recovery impossible and basically knocks the entire system back to square one.
Retrieving programs and information after a ransomware intrusion becomes a sprint against the clock as the targeted organization fights to contain and clear the virus and to restore mission-critical activity. Since ransomware needs time to replicate, penetrations are usually sprung during nights and weekends, when successful attacks may take more time to identify. This multiplies the difficulty of rapidly assembling and organizing a capable response team.
Progent makes available an assortment of solutions for protecting Montgomery businesses from crypto-ransomware attacks. Among these are user training to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat defense to discover and suppress zero-day modern malware assaults. Progent in addition provides the services of expert crypto-ransomware recovery engineers with the track record and perseverance to restore a compromised environment as soon as possible.
Progent's Crypto-Ransomware Recovery Support Services
Subsequent to a ransomware penetration, paying the ransom in cryptocurrency does not provide any assurance that distant criminals will return the keys to unencrypt all your files. Kaspersky Labs determined that 17% of crypto-ransomware victims never recovered their data after having sent off the ransom, resulting in increased losses. The gamble is also very costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is greatly higher than the usual crypto-ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller businesses. The other path is to setup from scratch the vital components of your Information Technology environment. Absent the availability of complete information backups, this requires a wide complement of skill sets, professional team management, and the ability to work continuously until the job is completed.
For decades, Progent has made available professional IT services for companies across the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have attained advanced industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have garnered internationally-renowned certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent in addition has experience with financial systems and ERP applications. This breadth of expertise provides Progent the capability to efficiently understand important systems and organize the remaining components of your network environment after a ransomware penetration and rebuild them into an operational system.
Progent's security group uses state-of-the-art project management tools to orchestrate the complex restoration process. Progent knows the importance of acting quickly and together with a customer's management and IT team members to prioritize tasks and to put essential applications back online as fast as possible.
Customer Story: A Successful Crypto-Ransomware Virus Response
A small business escalated to Progent after their network was penetrated by the Ryuk ransomware virus. Ryuk is generally considered to have been launched by North Korean state sponsored cybercriminals, suspected of using techniques leaked from America's National Security Agency. Ryuk seeks specific organizations with limited tolerance for operational disruption and is one of the most profitable instances of ransomware. Well Known organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing company headquartered in Chicago with about 500 workers. The Ryuk attack had brought down all essential operations and manufacturing capabilities. Most of the client's information backups had been online at the time of the intrusion and were destroyed. The client was pursuing financing for paying the ransom (in excess of $200K) and hoping for good luck, but ultimately reached out to Progent.
Progent worked with the client to rapidly determine and assign priority to the key areas that had to be addressed to make it possible to restart departmental operations:
In less than 48 hours, Progent was able to recover Windows Active Directory to its pre-virus state. Progent then performed rebuilding and storage recovery on the most important servers. All Exchange Server schema and configuration information were intact, which facilitated the rebuild of Exchange. Progent was also able to locate local OST data files (Outlook Email Off-Line Data Files) on staff workstations and laptops to recover mail messages. A recent off-line backup of the businesses accounting/ERP systems made it possible to recover these essential services back on-line. Although a large amount of work needed to be completed to recover completely from the Ryuk damage, core services were restored quickly:
During the next couple of weeks critical milestones in the restoration process were accomplished in close collaboration between Progent engineers and the client:
Conclusion
A probable business-ending catastrophe was dodged with results-oriented experts, a broad range of IT skills, and tight teamwork. Although in retrospect the crypto-ransomware virus incident detailed here would have been identified and prevented with advanced cyber security solutions and security best practices, user and IT administrator training, and well thought out security procedures for information protection and keeping systems up to date with security patches, the reality remains that state-sponsored hackers from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a crypto-ransomware incursion, feel confident that Progent's team of experts has extensive experience in crypto-ransomware virus blocking, mitigation, and file disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Services in Montgomery
For ransomware system restoration services in the Montgomery area, call Progent at