Crypto-Ransomware : Your Worst IT Disaster
Crypto-Ransomware has become a too-frequent cyberplague that represents an extinction-level threat for businesses vulnerable to an attack. Multiple generations of ransomware like the Reveton, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been running rampant for a long time and continue to cause havoc. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, along with more unnamed malware, not only do encryption of on-line information but also infect most accessible system restores and backups. Data synchronized to off-site disaster recovery sites can also be rendered useless. In a poorly designed environment, it can make automated restoration impossible and effectively knocks the datacenter back to square one.
Recovering programs and information after a crypto-ransomware outage becomes a race against time as the targeted business tries its best to contain and cleanup the crypto-ransomware and to restore business-critical activity. Due to the fact that ransomware takes time to spread, attacks are often launched on weekends, when penetrations may take longer to discover. This compounds the difficulty of quickly assembling and organizing an experienced response team.
Progent has a variety of solutions for protecting Midtown Manhattan enterprises from ransomware attacks. These include team education to help recognize and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to installation of the latest generation security solutions with AI technology to quickly identify and extinguish new threats. Progent also offers the assistance of veteran crypto-ransomware recovery consultants with the talent and commitment to restore a compromised system as quickly as possible.
Progent's Ransomware Restoration Services
Following a crypto-ransomware event, sending the ransom demands in cryptocurrency does not ensure that cyber criminals will return the codes to decipher all your data. Kaspersky determined that 17% of ransomware victims never restored their data even after having paid the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the average crypto-ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller organizations. The fallback is to piece back together the key components of your Information Technology environment. Without access to complete system backups, this calls for a broad complement of IT skills, top notch project management, and the ability to work 24x7 until the job is complete.
For decades, Progent has made available expert Information Technology services for businesses across the United States and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have been awarded high-level certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have earned internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent also has expertise with financial systems and ERP applications. This breadth of expertise provides Progent the skills to knowledgably identify necessary systems and integrate the remaining parts of your computer network system following a crypto-ransomware event and configure them into a functioning system.
Progent's ransomware team has top notch project management tools to coordinate the complicated recovery process. Progent knows the importance of working rapidly and in concert with a customer’s management and Information Technology resources to prioritize tasks and to get essential systems back online as fast as humanly possible.
Client Story: A Successful Ransomware Penetration Restoration
A business sought out Progent after their network system was taken over by the Ryuk ransomware. Ryuk is thought to have been launched by North Korean government sponsored criminal gangs, possibly adopting techniques exposed from the United States NSA organization. Ryuk attacks specific companies with little ability to sustain operational disruption and is one of the most profitable incarnations of ransomware. Headline organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing business located in the Chicago metro area with about 500 workers. The Ryuk penetration had brought down all company operations and manufacturing processes. Most of the client's system backups had been on-line at the beginning of the attack and were encrypted. The client was evaluating paying the ransom (in excess of $200,000) and wishfully thinking for good luck, but in the end engaged Progent.
Progent worked hand in hand the customer to rapidly get our arms around and prioritize the most important services that needed to be restored to make it possible to restart departmental operations:
In less than 2 days, Progent was able to restore Active Directory to its pre-virus state. Progent then performed rebuilding and storage recovery of key servers. All Microsoft Exchange Server data and attributes were usable, which greatly helped the rebuild of Exchange. Progent was also able to find local OST data files (Outlook Email Offline Data Files) on staff desktop computers in order to recover mail information. A recent offline backup of the client's accounting/MRP software made it possible to recover these essential programs back available to users. Although a lot of work remained to recover completely from the Ryuk damage, critical services were restored quickly:
Over the next couple of weeks critical milestones in the recovery project were accomplished in close collaboration between Progent engineers and the customer:
Conclusion
A potential business-killing catastrophe was averted due to dedicated experts, a broad range of knowledge, and close collaboration. Although in analyzing the event afterwards the ransomware virus incident described here could have been prevented with current cyber security solutions and security best practices, staff training, and properly executed incident response procedures for data backup and applying software patches, the reality is that state-sponsored cybercriminals from China, North Korea and elsewhere are relentless and will continue. If you do get hit by a crypto-ransomware incident, feel confident that Progent's team of professionals has extensive experience in crypto-ransomware virus defense, mitigation, and information systems restoration.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Midtown Manhattan
For ransomware cleanup services in the Midtown Manhattan area, phone Progent at