Ransomware : Your Crippling Information Technology Catastrophe
Ransomware has become a modern cyberplague that presents an enterprise-level danger for businesses of all sizes unprepared for an assault. Multiple generations of crypto-ransomware like the Dharma, Fusob, Locky, Syskey and MongoLock cryptoworms have been circulating for a long time and still inflict havoc. Modern variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, along with daily unnamed newcomers, not only encrypt on-line data but also infiltrate all accessible system restores and backups. Information synched to the cloud can also be encrypted. In a poorly designed data protection solution, this can make automatic restoration impossible and basically knocks the entire system back to square one.
Recovering applications and information after a ransomware outage becomes a sprint against the clock as the targeted business struggles to contain the damage, cleanup the crypto-ransomware, and resume enterprise-critical operations. Due to the fact that ransomware needs time to replicate throughout a targeted network, assaults are usually sprung at night, when successful penetrations in many cases take longer to discover. This multiplies the difficulty of quickly mobilizing and coordinating an experienced mitigation team.
Progent provides an assortment of support services for securing Tucson enterprises from ransomware events. These include staff education to help recognize and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's AI-based threat defense to discover and disable day-zero malware attacks. Progent also can provide the services of seasoned crypto-ransomware recovery consultants with the skills and commitment to rebuild a breached network as soon as possible.
Progent's Ransomware Recovery Services
Soon after a crypto-ransomware event, even paying the ransom demands in cryptocurrency does not provide any assurance that cyber criminals will provide the keys to decipher any or all of your files. Kaspersky ascertained that seventeen percent of ransomware victims never restored their files after having sent off the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom demand can reach millions of dollars. The fallback is to piece back together the key elements of your IT environment. Absent access to essential system backups, this calls for a broad complement of IT skills, professional project management, and the willingness to work 24x7 until the job is over.
For two decades, Progent has provided expert Information Technology services for businesses across the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes professionals who have attained high-level industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have garnered internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise in accounting and ERP software solutions. This breadth of expertise gives Progent the ability to rapidly understand critical systems and organize the remaining components of your network system after a ransomware attack and rebuild them into an operational system.
Progent's security group utilizes best of breed project management systems to coordinate the complicated restoration process. Progent appreciates the urgency of working swiftly and in unison with a customer's management and Information Technology resources to prioritize tasks and to put critical services back on-line as soon as possible.
Customer Case Study: A Successful Ransomware Attack Response
A client hired Progent after their company was attacked by Ryuk ransomware virus. Ryuk is believed to have been deployed by North Korean government sponsored hackers, suspected of using approaches leaked from the United States National Security Agency. Ryuk targets specific organizations with limited tolerance for operational disruption and is among the most profitable iterations of ransomware viruses. High publicized targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturing business headquartered in the Chicago metro area and has around 500 workers. The Ryuk penetration had disabled all company operations and manufacturing processes. Most of the client's data backups had been on-line at the time of the intrusion and were eventually encrypted. The client was actively seeking loans for paying the ransom (more than $200K) and wishfully thinking for the best, but in the end called Progent.
Progent worked together with the customer to rapidly understand and assign priority to the key elements that had to be restored in order to restart business functions:
In less than two days, Progent was able to re-build Windows Active Directory to its pre-virus state. Progent then performed rebuilding and storage recovery of needed servers. All Microsoft Exchange Server schema and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to locate non-encrypted OST data files (Microsoft Outlook Off-Line Data Files) on team PCs to recover email data. A recent off-line backup of the businesses manufacturing systems made them able to return these essential programs back online for users. Although significant work needed to be completed to recover completely from the Ryuk damage, critical services were returned to operations quickly:
Over the following couple of weeks critical milestones in the restoration project were achieved in tight cooperation between Progent consultants and the customer:
Conclusion
A probable business-ending disaster was averted with top-tier experts, a broad array of subject matter expertise, and tight teamwork. Although in retrospect the crypto-ransomware virus incident described here should have been stopped with modern cyber security technology and recognized best practices, user education, and properly executed incident response procedures for data protection and proper patching controls, the reality is that state-sponsored cyber criminals from Russia, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a ransomware penetration, remember that Progent's roster of experts has extensive experience in ransomware virus defense, removal, and information systems disaster recovery.
Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting Services in Tucson
For ransomware system restoration consulting in the Tucson area, call Progent at