Ransomware : Your Worst IT Nightmare
Crypto-Ransomware has become a modern cyber pandemic that presents an existential danger for businesses of all sizes vulnerable to an attack. Versions of crypto-ransomware like the Reveton, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been replicating for years and still inflict damage. Modern variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, plus additional unnamed newcomers, not only do encryption of online information but also infiltrate most configured system backups. Data synchronized to the cloud can also be ransomed. In a vulnerable data protection solution, this can make automatic restoration impossible and effectively sets the entire system back to square one.
Getting back services and information following a crypto-ransomware attack becomes a sprint against the clock as the victim tries its best to stop the spread and remove the crypto-ransomware and to restore mission-critical activity. Since ransomware needs time to spread, attacks are usually sprung during nights and weekends, when penetrations typically take longer to uncover. This compounds the difficulty of rapidly assembling and orchestrating a qualified response team.
Progent has an assortment of support services for protecting Midtown Manhattan organizations from ransomware penetrations. These include staff education to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to identify and extinguish zero-day modern malware attacks. Progent also provides the assistance of expert crypto-ransomware recovery engineers with the skills and perseverance to restore a breached system as urgently as possible.
Progent's Ransomware Recovery Support Services
Subsequent to a ransomware event, sending the ransom demands in cryptocurrency does not guarantee that cyber criminals will respond with the codes to decrypt all your information. Kaspersky estimated that seventeen percent of ransomware victims never recovered their information even after having paid the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is greatly higher than the usual ransomware demands, which ZDNET determined to be approximately $13,000 for small businesses. The fallback is to piece back together the essential parts of your IT environment. Without access to full information backups, this calls for a broad complement of IT skills, well-coordinated team management, and the willingness to work continuously until the job is completed.
For decades, Progent has provided expert Information Technology services for businesses across the United States and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have attained advanced certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have garnered internationally-renowned industry certifications including CISM, CISSP, CRISC, and GIAC. (See Progent's certifications). Progent in addition has expertise with accounting and ERP software solutions. This breadth of experience provides Progent the skills to rapidly understand necessary systems and re-organize the surviving pieces of your IT environment following a ransomware attack and configure them into a functioning network.
Progent's ransomware group has state-of-the-art project management systems to orchestrate the complicated recovery process. Progent understands the importance of working swiftly and together with a customer's management and IT resources to assign priority to tasks and to put the most important systems back online as soon as humanly possible.
Customer Story: A Successful Ransomware Penetration Recovery
A client contacted Progent after their organization was taken over by Ryuk ransomware virus. Ryuk is believed to have been launched by North Korean state sponsored criminal gangs, suspected of using techniques leaked from America's NSA organization. Ryuk goes after specific businesses with little or no tolerance for operational disruption and is among the most profitable examples of ransomware viruses. Major victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturer headquartered in Chicago and has about 500 staff members. The Ryuk intrusion had disabled all essential operations and manufacturing capabilities. Most of the client's backups had been directly accessible at the start of the attack and were damaged. The client considered paying the ransom (more than two hundred thousand dollars) and wishfully thinking for good luck, but in the end utilized Progent.
Progent worked hand in hand the customer to quickly assess and prioritize the essential areas that had to be addressed in order to restart company operations:
In less than 2 days, Progent was able to recover Windows Active Directory to its pre-intrusion state. Progent then initiated setup and storage recovery on mission critical systems. All Exchange Server schema and configuration information were intact, which facilitated the restore of Exchange. Progent was also able to find local OST data files (Outlook Email Off-Line Data Files) on various desktop computers to recover mail data. A recent offline backup of the client's manufacturing software made it possible to return these essential services back online. Although major work was left to recover totally from the Ryuk virus, essential services were recovered rapidly:
Throughout the following couple of weeks key milestones in the recovery process were completed in tight cooperation between Progent team members and the customer:
Conclusion
A probable business extinction catastrophe was evaded by results-oriented experts, a wide array of technical expertise, and tight collaboration. Although in hindsight the ransomware virus incident described here would have been prevented with current security technology solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator training, and appropriate incident response procedures for information protection and keeping systems up to date with security patches, the reality is that government-sponsored cybercriminals from China, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a crypto-ransomware incursion, feel confident that Progent's team of professionals has proven experience in ransomware virus blocking, removal, and information systems recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Midtown Manhattan
For ransomware system recovery consulting in the Midtown Manhattan area, phone Progent at