Crypto-Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become a modern cyberplague that poses an enterprise-level danger for businesses vulnerable to an assault. Versions of ransomware such as CrySIS, CryptoWall, Locky, SamSam and MongoLock cryptoworms have been circulating for a long time and continue to inflict harm. More recent versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, along with frequent unnamed malware, not only perform encryption of on-line information but also infect many configured system backup. Files synchronized to off-premises disaster recovery sites can also be ransomed. In a poorly architected system, it can render any restoration impossible and basically sets the network back to zero.
Getting back on-line programs and data after a crypto-ransomware outage becomes a race against the clock as the targeted business fights to contain the damage, cleanup the virus, and resume mission-critical operations. Due to the fact that ransomware requires time to replicate across a targeted network, attacks are frequently sprung during weekends and nights, when successful attacks tend to take longer to identify. This compounds the difficulty of quickly mobilizing and coordinating a knowledgeable mitigation team.
Progent offers an assortment of services for protecting Ribeirão Preto organizations from ransomware events. These include staff education to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat protection to detect and disable zero-day malware attacks. Progent also offers the services of expert crypto-ransomware recovery engineers with the track record and commitment to rebuild a compromised environment as urgently as possible.
Progent's Ransomware Restoration Services
After a ransomware invasion, sending the ransom demands in cryptocurrency does not guarantee that cyber criminals will provide the needed codes to decipher all your information. Kaspersky determined that 17% of ransomware victims never recovered their information after having sent off the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms are often a few hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions. The other path is to setup from scratch the essential elements of your IT environment. Absent the availability of essential system backups, this requires a wide range of IT skills, top notch project management, and the capability to work continuously until the task is finished.
For two decades, Progent has provided professional IT services for companies throughout the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have earned high-level industry certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally-recognized industry certifications including CISM, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has expertise in financial systems and ERP software solutions. This breadth of expertise provides Progent the ability to knowledgably understand necessary systems and organize the remaining parts of your computer network system after a crypto-ransomware attack and configure them into an operational network.
Progent's security team of experts has top notch project management tools to coordinate the sophisticated recovery process. Progent understands the urgency of acting rapidly and in unison with a client's management and IT team members to assign priority to tasks and to put critical systems back on line as fast as humanly possible.
Client Story: A Successful Crypto-Ransomware Incident Restoration
A business hired Progent after their organization was crashed by the Ryuk ransomware. Ryuk is thought to have been deployed by North Korean state hackers, possibly using approaches leaked from America's National Security Agency. Ryuk seeks specific organizations with limited room for disruption and is one of the most lucrative examples of ransomware malware. Headline targets include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturer based in Chicago and has about 500 employees. The Ryuk event had shut down all essential operations and manufacturing capabilities. The majority of the client's system backups had been directly accessible at the start of the attack and were damaged. The client was evaluating paying the ransom demand (more than $200K) and wishfully thinking for good luck, but ultimately called Progent.
Progent worked together with the customer to quickly identify and assign priority to the critical areas that needed to be restored in order to restart company functions:
In less than 2 days, Progent was able to rebuild Windows Active Directory to its pre-virus state. Progent then completed rebuilding and hard drive recovery of key systems. All Exchange Server ties and attributes were usable, which greatly helped the restore of Exchange. Progent was also able to collect intact OST data files (Outlook Offline Folder Files) on user workstations in order to recover mail information. A not too old offline backup of the customer's manufacturing software made them able to recover these vital programs back online. Although major work still had to be done to recover completely from the Ryuk event, critical services were returned to operations quickly:
Over the next few weeks critical milestones in the recovery project were accomplished in close cooperation between Progent consultants and the customer:
Conclusion
A possible business disaster was dodged through the efforts of results-oriented experts, a broad array of technical expertise, and tight collaboration. Although in post mortem the ransomware virus penetration described here should have been blocked with current security technology and security best practices, staff training, and well thought out incident response procedures for data protection and proper patching controls, the reality is that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do get hit by a ransomware attack, feel confident that Progent's roster of experts has substantial experience in crypto-ransomware virus blocking, mitigation, and data recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Ribeirão Preto
For ransomware cleanup services in the Ribeirão Preto metro area, phone Progent at