Ransomware : Your Crippling IT Nightmare
Crypto-Ransomware has become a modern cyberplague that presents an enterprise-level threat for businesses of all sizes unprepared for an attack. Different versions of crypto-ransomware like the CryptoLocker, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been out in the wild for many years and continue to cause harm. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, plus more as yet unnamed malware, not only encrypt on-line critical data but also infiltrate most configured system backup. Files replicated to off-premises disaster recovery sites can also be ransomed. In a poorly designed system, it can render automatic recovery hopeless and basically knocks the datacenter back to square one.
Getting back applications and information following a ransomware outage becomes a race against the clock as the targeted business tries its best to stop the spread, eradicate the crypto-ransomware, and restore enterprise-critical activity. Due to the fact that crypto-ransomware requires time to replicate throughout a targeted network, assaults are frequently sprung during nights and weekends, when successful penetrations are likely to take more time to detect. This compounds the difficulty of rapidly assembling and orchestrating an experienced response team.
Progent provides a variety of help services for securing Boston enterprises from ransomware penetrations. Among these are staff training to become familiar with and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based threat defense to identify and suppress day-zero modern malware assaults. Progent also can provide the services of experienced ransomware recovery consultants with the track record and commitment to rebuild a breached environment as quickly as possible.
Progent's Crypto-Ransomware Recovery Support Services
Subsequent to a ransomware penetration, paying the ransom in cryptocurrency does not provide any assurance that merciless criminals will respond with the keys to decipher any of your data. Kaspersky Labs determined that 17% of ransomware victims never recovered their data even after having sent off the ransom, resulting in increased losses. The gamble is also very costly. Ryuk ransoms are often a few hundred thousand dollars. For larger enterprises, the ransom can be in the millions of dollars. The fallback is to piece back together the vital parts of your Information Technology environment. Absent access to complete system backups, this requires a broad complement of IT skills, professional project management, and the capability to work non-stop until the task is complete.
For decades, Progent has made available professional Information Technology services for companies throughout the US and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have attained advanced industry certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity engineers have earned internationally-recognized industry certifications including CISM, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has experience with accounting and ERP applications. This breadth of expertise provides Progent the ability to efficiently understand important systems and integrate the remaining pieces of your network environment after a crypto-ransomware event and configure them into a functioning system.
Progent's recovery team uses state-of-the-art project management tools to coordinate the complicated restoration process. Progent appreciates the urgency of working quickly and together with a customer's management and IT resources to prioritize tasks and to get essential systems back on line as soon as possible.
Client Case Study: A Successful Ransomware Virus Response
A small business hired Progent after their company was penetrated by Ryuk ransomware. Ryuk is believed to have been created by North Korean government sponsored criminal gangs, possibly adopting technology exposed from America's National Security Agency. Ryuk seeks specific businesses with little ability to sustain operational disruption and is among the most lucrative incarnations of ransomware. Headline victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturing company headquartered in the Chicago metro area and has around 500 staff members. The Ryuk attack had brought down all business operations and manufacturing capabilities. Most of the client's backups had been directly accessible at the time of the intrusion and were eventually encrypted. The client was taking steps for paying the ransom demand (more than $200K) and wishfully thinking for the best, but ultimately engaged Progent.
Progent worked together with the client to rapidly understand and prioritize the critical areas that needed to be addressed to make it possible to resume company functions:
Within two days, Progent was able to rebuild Active Directory to its pre-penetration state. Progent then initiated setup and hard drive recovery of critical servers. All Exchange data and configuration information were usable, which greatly helped the restore of Exchange. Progent was also able to find local OST data files (Outlook Email Offline Folder Files) on team desktop computers to recover mail messages. A not too old off-line backup of the businesses financials/MRP systems made it possible to restore these required services back available to users. Although major work needed to be completed to recover fully from the Ryuk attack, essential services were returned to operations quickly:
Throughout the following month critical milestones in the restoration project were made in close cooperation between Progent team members and the client:
Conclusion
A potential business extinction disaster was dodged due to top-tier experts, a wide spectrum of technical expertise, and close teamwork. Although in post mortem the crypto-ransomware penetration detailed here would have been identified and blocked with modern cyber security technology solutions and recognized best practices, user training, and well thought out incident response procedures for information protection and keeping systems up to date with security patches, the fact remains that state-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incursion, feel confident that Progent's roster of professionals has a proven track record in ransomware virus blocking, mitigation, and file disaster recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Boston
For ransomware system restoration consulting services in the Boston area, call Progent at