Ransomware : Your Crippling Information Technology Catastrophe
Crypto-Ransomware has become an escalating cyberplague that presents an existential threat for organizations vulnerable to an assault. Different versions of ransomware such as Reveton, WannaCry, Locky, Syskey and MongoLock cryptoworms have been out in the wild for a long time and continue to inflict havoc. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti or Nephilim, along with daily unnamed viruses, not only encrypt online files but also infect any available system backup. Information replicated to cloud environments can also be rendered useless. In a poorly architected system, it can render automated restoration useless and effectively sets the datacenter back to zero.
Restoring services and information following a ransomware attack becomes a sprint against the clock as the victim struggles to contain the damage and eradicate the crypto-ransomware and to restore business-critical activity. Due to the fact that ransomware needs time to spread, attacks are often sprung during nights and weekends, when successful penetrations typically take more time to identify. This compounds the difficulty of promptly marshalling and organizing a knowledgeable mitigation team.
Progent offers an assortment of support services for protecting organizations from crypto-ransomware penetrations. Among these are team member education to help recognize and avoid phishing scams, ProSight Active Security Monitoring for remote monitoring and management, plus setup and configuration of the latest generation security appliances with artificial intelligence capabilities from SentinelOne to identify and quarantine new cyber threats quickly. Progent also offers the assistance of expert crypto-ransomware recovery professionals with the track record and perseverance to restore a breached system as quickly as possible.
Progent's Ransomware Recovery Support Services
Soon after a ransomware penetration, sending the ransom demands in Bitcoin cryptocurrency does not guarantee that distant criminals will return the needed codes to decipher any of your files. Kaspersky determined that 17% of ransomware victims never restored their files after having sent off the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly above the usual crypto-ransomware demands, which ZDNET estimates to be in the range of $13,000. The alternative is to re-install the critical elements of your IT environment. Without access to essential information backups, this calls for a wide range of skill sets, professional project management, and the willingness to work non-stop until the task is complete.
For decades, Progent has made available certified expert Information Technology services for businesses in Denver and across the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have earned top certifications in key technologies like Microsoft, Cisco, VMware, and popular distros of Linux. Progent's cyber security engineers have earned internationally-renowned industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has expertise in accounting and ERP software solutions. This breadth of expertise gives Progent the ability to rapidly identify important systems and organize the surviving pieces of your computer network environment following a ransomware attack and rebuild them into an operational network.
Progent's recovery group utilizes state-of-the-art project management applications to coordinate the complicated recovery process. Progent understands the urgency of working swiftly and in concert with a customer's management and IT resources to prioritize tasks and to get key systems back online as fast as humanly possible.
Client Case Study: A Successful Ransomware Attack Restoration
A client escalated to Progent after their company was penetrated by the Ryuk ransomware virus. Ryuk is believed to have been developed by Northern Korean state criminal gangs, possibly using approaches leaked from America's NSA organization. Ryuk seeks specific businesses with little ability to sustain operational disruption and is among the most profitable iterations of ransomware malware. Well Known targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a single-location manufacturing business headquartered in the Chicago metro area and has about 500 staff members. The Ryuk penetration had disabled all company operations and manufacturing processes. The majority of the client's data protection had been online at the time of the attack and were destroyed. The client was actively seeking loans for paying the ransom demand (exceeding $200,000) and wishfully thinking for good luck, but in the end called Progent.
"I cannot tell you enough about the help Progent provided us throughout the most stressful time of (our) businesses life. We may have had to pay the cyber criminals behind the attack if it wasn't for the confidence the Progent experts gave us. The fact that you were able to get our e-mail system and key servers back sooner than seven days was incredible. Every single person I got help from or e-mailed at Progent was laser focused on getting us back online and was working 24 by 7 to bail us out."
Progent worked hand in hand the client to quickly get our arms around and assign priority to the critical services that needed to be recovered to make it possible to resume company functions:
To begin, Progent followed ransomware penetration mitigation industry best practices by stopping the spread and clearing up compromised systems. Progent then began the steps of restoring Microsoft Active Directory, the core of enterprise environments built upon Microsoft technology. Microsoft Exchange Server messaging will not operate without Windows AD, and the businesses' accounting and MRP software leveraged Microsoft SQL Server, which requires Active Directory services for access to the database.
- Active Directory
- Electronic Mail
- Accounting and Manufacturing Software
Within 48 hours, Progent was able to re-build Active Directory to its pre-attack state. Progent then accomplished reinstallations and storage recovery on mission critical applications. All Exchange Server schema and configuration information were usable, which accelerated the restore of Exchange. Progent was also able to collect intact OST files (Outlook Email Off-Line Folder Files) on team PCs to recover mail information. A not too old off-line backup of the customer's financials/ERP systems made it possible to restore these vital programs back available to users. Although significant work needed to be completed to recover completely from the Ryuk damage, critical systems were restored quickly:
"For the most part, the production line operation did not miss a beat and we made all customer shipments."
During the next few weeks critical milestones in the recovery process were accomplished through close cooperation between Progent team members and the client:
- In-house web sites were brought back up without losing any information.
- The MailStore Microsoft Exchange Server containing more than 4 million archived emails was restored to operations and available for users.
- CRM/Customer Orders/Invoicing/AP/Accounts Receivables/Inventory capabilities were 100 percent recovered.
- A new Palo Alto 850 firewall was brought on-line.
- Ninety percent of the user desktops were back into operation.
"A lot of what occurred in the initial days is nearly entirely a haze for me, but we will not soon forget the commitment all of your team accomplished to help get our company back. I've trusted Progent for the past 10 years, possibly more, and each time I needed help Progent has impressed me and delivered as promised. This situation was a life saver."
A likely business-killing catastrophe was dodged due to results-oriented professionals, a wide spectrum of IT skills, and close teamwork. Although in retrospect the crypto-ransomware incident described here should have been blocked with modern security technology solutions and security best practices, staff training, and properly executed security procedures for data protection and keeping systems up to date with security patches, the reality is that government-sponsored cyber criminals from Russia, North Korea and elsewhere are tireless and are not going away. If you do get hit by a crypto-ransomware incident, feel confident that Progent's team of experts has substantial experience in ransomware virus defense, cleanup, and file disaster recovery.
"So, to Darrin, Matt, Aaron, Dan, Jesse, Arnaud, Allen, Tony and Chris (along with others that were contributing), I'm grateful for making it so I could get some sleep after we got past the initial push. All of you did an impressive effort, and if anyone is in the Chicago area, a great meal is my treat!"
To review or download a PDF version of this customer story, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Additional Ransomware Protection Services Available from Progent
Progent can provide companies in Denver a portfolio of online monitoring and security evaluation services to assist you to reduce the threat from ransomware. These services include modern artificial intelligence capability to uncover new strains of crypto-ransomware that are able to evade legacy signature-based security solutions.
For Denver 24x7 CryptoLocker Removal Services, call Progent at 800-462-8800 or go to Contact Progent.
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection solution that utilizes SentinelOne's next generation behavior machine learning tools to defend physical and virtual endpoints against new malware assaults like ransomware and file-less exploits, which routinely escape legacy signature-matching AV tools. ProSight ASM safeguards on-premises and cloud-based resources and provides a single platform to address the complete threat lifecycle including blocking, detection, containment, cleanup, and forensics. Top features include one-click rollback using Windows Volume Shadow Copy Service and real-time system-wide immunization against new threats. Progent is a SentinelOne Partner, dealer, and integrator. Learn more about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection (ESP): Endpoint Security and Exchange Filtering
Progent's ProSight Enhanced Security Protection managed services deliver affordable multi-layer security for physical servers and VMs, desktops, smartphones, and Microsoft Exchange. ProSight ESP utilizes adaptive security and advanced heuristics for round-the-clock monitoring and responding to cyber assaults from all vectors. ProSight ESP offers firewall protection, penetration alarms, endpoint control, and web filtering via leading-edge technologies packaged within a single agent accessible from a unified console. Progent's security and virtualization experts can assist you to plan and implement a ProSight ESP environment that addresses your company's unique needs and that allows you prove compliance with legal and industry data protection regulations. Progent will help you define and implement security policies that ProSight ESP will manage, and Progent will monitor your network and respond to alerts that require urgent action. Progent's consultants can also help your company to set up and verify a backup and disaster recovery system like ProSight Data Protection Services (DPS) so you can get back in business rapidly from a destructive security attack such as ransomware. Find out more about Progent's ProSight Enhanced Security Protection unified physical and virtual endpoint protection and Microsoft Exchange filtering.
- ProSight Data Protection Services: Managed Backup and Disaster Recovery Services
Progent has worked with leading backup/restore technology companies to produce ProSight Data Protection Services (DPS), a family of management outsourcing plans that provide backup-as-a-service. ProSight DPS services automate and monitor your data backup processes and allow transparent backup and fast restoration of important files/folders, apps, system images, and Hyper-V and VMware virtual machines. ProSight DPS lets you avoid data loss resulting from equipment failures, natural calamities, fire, malware like ransomware, user mistakes, ill-intentioned employees, or software glitches. Managed services available in the ProSight Data Protection Services portfolio include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup using Barracuda purpose-built hardware, and ProSight DPS MSP360 Cloud and On-prem Backup. Your Progent consultant can assist you to determine which of these managed backup services are best suited for your IT environment.
- ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
ProSight Email Guard is Progent's spam and virus filtering service that incorporates the technology of top data security vendors to deliver web-based management and world-class protection for all your email traffic. The powerful architecture of Email Guard managed service integrates a Cloud Protection Layer with a local security gateway appliance to offer complete defense against spam, viruses, Dos Attacks, Directory Harvest Attacks (DHAs), and other email-based malware. Email Guard's cloud filter acts as a preliminary barricade and blocks the vast majority of unwanted email from making it to your security perimeter. This decreases your vulnerability to external threats and saves network bandwidth and storage. Email Guard's on-premises gateway appliance provides a deeper layer of inspection for incoming email. For outgoing email, the local security gateway provides AV and anti-spam filtering, policy-based Data Loss Prevention, and email encryption. The onsite gateway can also help Microsoft Exchange Server to monitor and protect internal email that originates and ends inside your security perimeter. For more details, see Email Guard spam and content filtering.
- ProSight WAN Watch: Infrastructure Remote Monitoring and Management
Progent's ProSight WAN Watch is a network infrastructure management service that makes it easy and inexpensive for smaller businesses to map out, track, reconfigure and debug their networking appliances such as routers, firewalls, and wireless controllers plus servers, printers, endpoints and other networked devices. Incorporating cutting-edge Remote Monitoring and Management technology, WAN Watch makes sure that infrastructure topology diagrams are always current, copies and manages the configuration information of almost all devices connected to your network, monitors performance, and sends notices when issues are detected. By automating time-consuming network management processes, ProSight WAN Watch can cut hours off ordinary chores such as making network diagrams, expanding your network, locating appliances that require important updates, or resolving performance issues. Learn more details about ProSight WAN Watch network infrastructure management services.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progent's server and desktop monitoring managed service that uses advanced remote monitoring and management techniques to keep your network running efficiently by checking the health of critical assets that drive your business network. When ProSight LAN Watch uncovers a problem, an alarm is transmitted automatically to your designated IT personnel and your Progent engineering consultant so that all potential issues can be addressed before they can disrupt productivity. Learn more details about ProSight LAN Watch server and desktop remote monitoring consulting.
- ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
With Progent's ProSight Virtual Hosting service, a small or mid-size business can have its key servers and applications hosted in a protected Tier III data center on a fast virtual host configured and managed by Progent's IT support experts. With Progent's ProSight Virtual Hosting service model, the customer retains ownership of the data, the operating system software, and the apps. Since the environment is virtualized, it can be ported easily to an alternate hosting solution without a lengthy and difficult reinstallation process. With ProSight Virtual Hosting, you are not locked into a single hosting service. Learn more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
Progent's ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to capture, update, retrieve and safeguard data about your IT infrastructure, procedures, applications, and services. You can instantly find passwords or IP addresses and be warned about impending expirations of SSL certificates or domains. By updating and managing your IT infrastructure documentation, you can save up to 50% of time spent searching for critical information about your IT network. ProSight IT Asset Management includes a common location for holding and collaborating on all documents related to managing your network infrastructure such as recommended procedures and self-service instructions. ProSight IT Asset Management also offers a high level of automation for collecting and relating IT data. Whether you're making improvements, performing regular maintenance, or responding to a crisis, ProSight IT Asset Management gets you the data you require when you need it. Learn more about ProSight IT Asset Management service.
- Progent Active Protection Against Ransomware: AI-based Ransomware Detection and Remediation
Progent's Active Defense Against Ransomware is an endpoint protection (EPP) managed service that incorporates cutting edge behavior-based machine learning tools to defend endpoints and physical and virtual servers against modern malware assaults such as ransomware and file-less exploits, which easily get by legacy signature-based AV products. Progent ASM services safeguard on-premises and cloud-based resources and provides a single platform to address the complete threat lifecycle including protection, identification, mitigation, cleanup, and forensics. Top features include single-click rollback using Windows Volume Shadow Copy Service (VSS) and automatic system-wide immunization against new attacks. Find out more about Progent's ransomware protection and recovery services.
- Outsourced/Co-managed Help Desk: Support Desk Managed Services
Progent's Call Desk services permit your IT team to offload Help Desk services to Progent or split activity for Help Desk services transparently between your internal support team and Progent's extensive pool of IT service technicians, engineers and subject matter experts (SMEs). Progent's Shared Help Desk Service offers a seamless supplement to your core network support group. User access to the Service Desk, delivery of technical assistance, escalation, ticket generation and updates, efficiency metrics, and maintenance of the support database are consistent regardless of whether incidents are resolved by your core support group, by Progent, or both. Learn more about Progent's outsourced/co-managed Call Center services.
- Progent's Patch Management: Software/Firmware Update Management Services
Progent's support services for software and firmware patch management provide businesses of any size a flexible and affordable solution for evaluating, testing, scheduling, applying, and documenting updates to your dynamic information system. Besides optimizing the protection and functionality of your IT environment, Progent's patch management services allow your IT team to concentrate on line-of-business projects and activities that deliver the highest business value from your network. Learn more about Progent's patch management support services.
- ProSight Duo Two-Factor Authentication: Access Security, Endpoint Remediation, and Secure Single Sign-on (SSO)
Progent's Duo MFA managed services utilize Cisco's Duo cloud technology to defend against stolen passwords by using two-factor authentication (2FA). Duo supports one-tap identity verification on Apple iOS, Google Android, and other out-of-band devices. Using 2FA, whenever you log into a secured online account and enter your password you are asked to confirm your identity on a device that only you have and that is accessed using a different network channel. A wide range of out-of-band devices can be used for this added form of ID validation including a smartphone or wearable, a hardware token, a landline phone, etc. You may designate multiple verification devices. For details about ProSight Duo two-factor identity validation services, visit Cisco Duo MFA two-factor authentication services.
- ProSight Reporting: Real-time and In-depth Reporting for Ticketing and Network Monitoring Platforms
ProSight Reporting is a growing line of real-time and in-depth reporting plug-ins created to work with the industry's leading ticketing and remote network monitoring programs including ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting incorporates Microsoft Graph and utilizes color coding to highlight and contextualize key issues such as spotty support follow-up or endpoints with missing patches. By identifying ticketing or network health problems clearly and in near-real time, ProSight Reporting enhances network value, lowers management hassle, and saves money. For more information, visit ProSight Reporting for ticketing and network monitoring applications.