Ransomware : Your Feared Information Technology Catastrophe
Ransomware has become an escalating cyberplague that represents an enterprise-level threat for businesses of all sizes vulnerable to an assault. Different versions of ransomware such as CrySIS, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for many years and continue to inflict destruction. Modern versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as frequent as yet unnamed newcomers, not only do encryption of on-line data but also infect any accessible system backups. Files synchronized to cloud environments can also be encrypted. In a vulnerable data protection solution, this can render automated restoration hopeless and effectively knocks the datacenter back to zero.
Getting back on-line applications and information following a ransomware attack becomes a race against time as the victim struggles to contain the damage and remove the crypto-ransomware and to resume enterprise-critical activity. Because ransomware takes time to move laterally, assaults are often sprung on weekends, when attacks in many cases take more time to notice. This multiplies the difficulty of quickly mobilizing and organizing a knowledgeable response team.
Progent has an assortment of support services for protecting Tucson enterprises from ransomware events. Among these are team education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based cyberthreat protection to detect and quarantine zero-day malware assaults. Progent also offers the services of experienced ransomware recovery professionals with the talent and commitment to rebuild a compromised system as quickly as possible.
Progent's Ransomware Recovery Help
Subsequent to a ransomware penetration, sending the ransom in cryptocurrency does not provide any assurance that cyber criminals will return the keys to decrypt any of your information. Kaspersky Labs estimated that 17% of crypto-ransomware victims never restored their information after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly above the usual ransomware demands, which ZDNET estimated to be in the range of $13,000 for small organizations. The other path is to re-install the essential parts of your Information Technology environment. Absent the availability of essential information backups, this calls for a broad range of skill sets, well-coordinated project management, and the willingness to work 24x7 until the task is completed.
For twenty years, Progent has offered professional IT services for businesses throughout the US and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have been awarded advanced industry certifications in leading technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security consultants have earned internationally-renowned industry certifications including CISM, CISSP, CRISC, and GIAC. (See Progent's certifications). Progent in addition has expertise with financial management and ERP applications. This breadth of experience affords Progent the ability to efficiently identify necessary systems and organize the remaining pieces of your computer network environment after a crypto-ransomware penetration and assemble them into an operational network.
Progent's security group utilizes state-of-the-art project management tools to orchestrate the sophisticated restoration process. Progent understands the urgency of working rapidly and in unison with a customer's management and IT staff to prioritize tasks and to get essential services back online as fast as possible.
Business Case Study: A Successful Ransomware Intrusion Restoration
A client hired Progent after their company was crashed by the Ryuk ransomware virus. Ryuk is believed to have been launched by Northern Korean state cybercriminals, suspected of adopting algorithms exposed from the U.S. National Security Agency. Ryuk seeks specific organizations with limited ability to sustain disruption and is one of the most profitable examples of ransomware. High publicized organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturing business based in the Chicago metro area and has around 500 staff members. The Ryuk penetration had shut down all business operations and manufacturing processes. Most of the client's data backups had been online at the start of the attack and were damaged. The client was evaluating paying the ransom demand (exceeding $200,000) and wishfully thinking for good luck, but in the end made the decision to use Progent.
Progent worked with the customer to quickly understand and assign priority to the mission critical elements that needed to be addressed in order to restart business functions:
Within 2 days, Progent was able to re-build Active Directory services to its pre-virus state. Progent then helped perform setup and hard drive recovery on essential systems. All Exchange data and attributes were usable, which greatly helped the restore of Exchange. Progent was also able to locate intact OST data files (Outlook Offline Folder Files) on user PCs to recover email data. A not too old off-line backup of the customer's financials/MRP software made it possible to return these required programs back online for users. Although a lot of work was left to recover completely from the Ryuk damage, essential systems were restored quickly:
During the following few weeks key milestones in the restoration process were achieved in close cooperation between Progent team members and the client:
A potential enterprise-killing catastrophe was dodged by results-oriented professionals, a broad spectrum of subject matter expertise, and tight collaboration. Although in retrospect the crypto-ransomware virus attack described here would have been disabled with current security solutions and NIST Cybersecurity Framework best practices, user and IT administrator training, and well designed security procedures for data protection and keeping systems up to date with security patches, the fact is that state-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a ransomware penetration, feel confident that Progent's roster of experts has proven experience in crypto-ransomware virus defense, mitigation, and file disaster recovery.
Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Expertise in Tucson
For ransomware system restoration consulting in the Tucson metro area, call Progent at