Ransomware : Your Worst IT Nightmare
Crypto-Ransomware has become a too-frequent cyber pandemic that represents an existential danger for organizations unprepared for an assault. Versions of ransomware such as Dharma, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been running rampant for years and continue to cause havoc. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, as well as more as yet unnamed newcomers, not only encrypt online data but also infect any accessible system protection mechanisms. Information synchronized to cloud environments can also be rendered useless. In a poorly architected system, it can render automated restoration hopeless and basically knocks the entire system back to zero.
Getting back programs and data following a ransomware intrusion becomes a sprint against the clock as the victim struggles to stop lateral movement, remove the ransomware, and restore mission-critical activity. Due to the fact that crypto-ransomware requires time to spread throughout a network, assaults are often sprung on weekends and holidays, when penetrations in many cases take longer to recognize. This multiplies the difficulty of quickly assembling and organizing an experienced response team.
Progent has an assortment of support services for protecting Raleigh enterprises from crypto-ransomware penetrations. These include team member education to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to detect and quarantine zero-day modern malware assaults. Progent in addition can provide the services of veteran ransomware recovery professionals with the track record and commitment to reconstruct a breached environment as rapidly as possible.
Progent's Ransomware Recovery Help
Soon after a crypto-ransomware invasion, even paying the ransom demands in cryptocurrency does not guarantee that cyber criminals will provide the needed keys to unencrypt any or all of your data. Kaspersky ascertained that 17% of ransomware victims never recovered their data after having paid the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The fallback is to re-install the mission-critical parts of your IT environment. Without access to complete information backups, this calls for a wide range of skills, professional project management, and the ability to work continuously until the task is done.
For decades, Progent has made available expert Information Technology services for businesses across the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have earned high-level industry certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-renowned certifications including CISA, CISSP-ISSAP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has experience in financial systems and ERP applications. This breadth of expertise gives Progent the skills to knowledgably understand necessary systems and consolidate the remaining components of your computer network environment after a ransomware attack and assemble them into an operational system.
Progent's security team utilizes best of breed project management applications to coordinate the complex recovery process. Progent understands the importance of acting swiftly and in unison with a client's management and IT resources to prioritize tasks and to put the most important systems back online as soon as possible.
Case Study: A Successful Ransomware Virus Response
A customer contacted Progent after their network system was crashed by the Ryuk ransomware. Ryuk is believed to have been developed by North Korean government sponsored cybercriminals, suspected of adopting technology leaked from the United States National Security Agency. Ryuk goes after specific companies with limited room for operational disruption and is one of the most lucrative iterations of crypto-ransomware. Well Known victims include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturing business based in the Chicago metro area with around 500 workers. The Ryuk event had shut down all business operations and manufacturing capabilities. Most of the client's backups had been online at the time of the attack and were damaged. The client was actively seeking loans for paying the ransom demand (in excess of $200,000) and hoping for the best, but in the end engaged Progent.
Progent worked hand in hand the client to rapidly understand and assign priority to the essential systems that needed to be recovered to make it possible to restart departmental operations:
Within two days, Progent was able to restore Windows Active Directory to its pre-virus state. Progent then assisted with rebuilding and hard drive recovery of mission critical applications. All Exchange data and configuration information were usable, which facilitated the restore of Exchange. Progent was also able to find local OST files (Outlook Off-Line Data Files) on staff PCs to recover email data. A not too old offline backup of the customer's manufacturing systems made it possible to restore these required applications back on-line. Although a lot of work remained to recover fully from the Ryuk event, core services were returned to operations rapidly:
During the next couple of weeks important milestones in the recovery project were accomplished in tight cooperation between Progent team members and the client:
Conclusion
A likely business-ending disaster was averted due to top-tier professionals, a broad range of technical expertise, and tight teamwork. Although in post mortem the crypto-ransomware penetration described here would have been prevented with advanced cyber security solutions and recognized best practices, user and IT administrator education, and appropriate security procedures for information protection and proper patching controls, the fact is that government-sponsored cybercriminals from Russia, China and elsewhere are relentless and are an ongoing threat. If you do get hit by a crypto-ransomware attack, feel confident that Progent's team of professionals has substantial experience in crypto-ransomware virus defense, remediation, and data disaster recovery.
Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Expertise in Raleigh
For ransomware recovery services in the Raleigh metro area, phone Progent at