Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become a too-frequent cyberplague that represents an enterprise-level danger for organizations vulnerable to an assault. Versions of crypto-ransomware such as CrySIS, WannaCry, Locky, SamSam and MongoLock cryptoworms have been out in the wild for a long time and continue to inflict destruction. More recent variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, plus additional unnamed newcomers, not only do encryption of on-line files but also infect most accessible system protection mechanisms. Files synched to the cloud can also be corrupted. In a vulnerable system, it can render any restore operations hopeless and basically knocks the network back to square one.
Getting back on-line programs and data after a crypto-ransomware outage becomes a race against the clock as the targeted business tries its best to contain the damage and remove the crypto-ransomware and to restore mission-critical activity. Because ransomware takes time to spread, attacks are often launched at night, when attacks tend to take more time to detect. This multiplies the difficulty of rapidly marshalling and coordinating a knowledgeable mitigation team.
Progent offers an assortment of support services for securing Tucson organizations from crypto-ransomware events. Among these are team member education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based threat protection to identify and extinguish zero-day malware assaults. Progent in addition offers the services of expert crypto-ransomware recovery engineers with the talent and perseverance to rebuild a breached environment as rapidly as possible.
Progent's Crypto-Ransomware Restoration Support Services
Soon after a crypto-ransomware attack, sending the ransom demands in cryptocurrency does not ensure that merciless criminals will return the needed codes to decrypt any or all of your information. Kaspersky ascertained that seventeen percent of ransomware victims never restored their data even after having sent off the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the usual crypto-ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller organizations. The other path is to setup from scratch the vital components of your Information Technology environment. Absent the availability of full system backups, this requires a broad complement of IT skills, well-coordinated project management, and the capability to work 24x7 until the job is complete.
For decades, Progent has made available professional IT services for companies throughout the United States and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have attained high-level certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have earned internationally-recognized industry certifications including CISA, CISSP, CRISC, and GIAC. (See Progent's certifications). Progent also has experience with financial systems and ERP software solutions. This breadth of experience gives Progent the capability to rapidly identify important systems and integrate the remaining components of your Information Technology environment following a ransomware attack and assemble them into a functioning network.
Progent's security team utilizes best of breed project management applications to orchestrate the complicated recovery process. Progent appreciates the urgency of acting swiftly and together with a customer's management and Information Technology resources to assign priority to tasks and to put the most important services back on-line as soon as humanly possible.
Customer Story: A Successful Ransomware Incident Recovery
A customer engaged Progent after their company was penetrated by the Ryuk ransomware virus. Ryuk is thought to have been developed by North Korean state sponsored criminal gangs, possibly adopting techniques leaked from America's National Security Agency. Ryuk attacks specific organizations with little or no room for disruption and is among the most profitable iterations of crypto-ransomware. High publicized organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing company based in the Chicago metro area with about 500 workers. The Ryuk event had paralyzed all essential operations and manufacturing processes. Most of the client's system backups had been directly accessible at the beginning of the attack and were eventually encrypted. The client was evaluating paying the ransom (more than $200,000) and praying for good luck, but in the end called Progent.
Progent worked together with the customer to quickly understand and prioritize the key applications that had to be addressed in order to continue departmental functions:
Within two days, Progent was able to re-build Active Directory services to its pre-penetration state. Progent then helped perform rebuilding and storage recovery of mission critical applications. All Exchange ties and configuration information were usable, which accelerated the rebuild of Exchange. Progent was able to assemble local OST data files (Outlook Email Off-Line Folder Files) on team PCs and laptops in order to recover mail messages. A recent off-line backup of the client's financials/MRP software made them able to recover these essential programs back on-line. Although a lot of work needed to be completed to recover completely from the Ryuk attack, the most important services were recovered rapidly:
Throughout the next couple of weeks key milestones in the recovery process were completed in tight collaboration between Progent team members and the customer:
Conclusion
A likely business-ending catastrophe was avoided due to dedicated experts, a broad array of subject matter expertise, and tight collaboration. Although in post mortem the ransomware attack described here could have been shut down with up-to-date security technology solutions and best practices, user and IT administrator education, and well thought out incident response procedures for information backup and proper patching controls, the reality remains that state-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a crypto-ransomware incursion, feel confident that Progent's roster of professionals has a proven track record in crypto-ransomware virus blocking, remediation, and information systems disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting Services in Tucson
For ransomware cleanup expertise in the Tucson area, call Progent at