Ransomware : Your Crippling IT Nightmare
Ransomware has become a modern cyberplague that poses an existential danger for organizations vulnerable to an assault. Different iterations of ransomware such as Dharma, WannaCry, Locky, Syskey and MongoLock cryptoworms have been out in the wild for many years and still cause damage. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, plus more as yet unnamed newcomers, not only encrypt online information but also infect any accessible system backup. Information synchronized to off-site disaster recovery sites can also be encrypted. In a poorly architected system, this can make any recovery impossible and effectively sets the network back to square one.
Retrieving services and information after a ransomware intrusion becomes a race against the clock as the targeted business tries its best to contain the damage and eradicate the virus and to restore mission-critical operations. Due to the fact that ransomware needs time to replicate, attacks are frequently launched on weekends and holidays, when attacks are likely to take more time to detect. This multiplies the difficulty of quickly assembling and orchestrating a knowledgeable response team.
Progent offers a variety of services for securing Boston enterprises from ransomware penetrations. Among these are user education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to identify and quarantine zero-day modern malware attacks. Progent in addition offers the assistance of expert ransomware recovery consultants with the track record and commitment to reconstruct a compromised system as quickly as possible.
Progent's Crypto-Ransomware Recovery Services
Subsequent to a crypto-ransomware penetration, sending the ransom demands in Bitcoin cryptocurrency does not ensure that cyber criminals will provide the codes to decrypt any or all of your files. Kaspersky Labs estimated that 17% of crypto-ransomware victims never recovered their files after having paid the ransom, resulting in increased losses. The gamble is also very costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the average ransomware demands, which ZDNET estimated to be around $13,000 for small businesses. The fallback is to piece back together the vital components of your IT environment. Without access to essential information backups, this calls for a wide range of skills, professional team management, and the capability to work non-stop until the job is done.
For decades, Progent has provided professional IT services for businesses throughout the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have attained top certifications in important technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have earned internationally-renowned industry certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise with financial management and ERP software solutions. This breadth of experience provides Progent the ability to rapidly understand important systems and re-organize the surviving components of your Information Technology environment after a ransomware attack and rebuild them into a functioning system.
Progent's security group utilizes state-of-the-art project management systems to orchestrate the complicated recovery process. Progent knows the importance of acting swiftly and in unison with a client's management and IT resources to assign priority to tasks and to put key services back online as soon as humanly possible.
Business Case Study: A Successful Ransomware Penetration Recovery
A business hired Progent after their organization was crashed by Ryuk ransomware. Ryuk is generally considered to have been created by Northern Korean government sponsored hackers, suspected of adopting algorithms leaked from the United States NSA organization. Ryuk targets specific businesses with limited ability to sustain operational disruption and is among the most lucrative examples of ransomware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturing business based in the Chicago metro area with around 500 staff members. The Ryuk event had brought down all company operations and manufacturing processes. Most of the client's data backups had been on-line at the start of the intrusion and were destroyed. The client was actively seeking loans for paying the ransom (more than $200,000) and praying for good luck, but ultimately engaged Progent.
Progent worked hand in hand the customer to quickly assess and assign priority to the critical services that needed to be restored in order to continue business functions:
In less than 2 days, Progent was able to recover Active Directory to its pre-intrusion state. Progent then initiated reinstallations and storage recovery on needed servers. All Microsoft Exchange Server ties and configuration information were intact, which accelerated the rebuild of Exchange. Progent was also able to find non-encrypted OST data files (Microsoft Outlook Off-Line Folder Files) on various workstations in order to recover mail messages. A recent offline backup of the businesses accounting/ERP systems made it possible to restore these required services back online for users. Although significant work still had to be done to recover totally from the Ryuk virus, critical services were returned to operations rapidly:
During the next month critical milestones in the recovery process were achieved in close cooperation between Progent engineers and the client:
Conclusion
A likely enterprise-killing disaster was evaded with top-tier experts, a wide array of subject matter expertise, and tight teamwork. Although in hindsight the ransomware incident described here should have been identified and blocked with up-to-date cyber security systems and recognized best practices, user education, and well designed security procedures for data protection and keeping systems up to date with security patches, the reality is that state-sponsored cyber criminals from China, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a crypto-ransomware incident, feel confident that Progent's team of experts has extensive experience in ransomware virus defense, mitigation, and data recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Services in Boston
For ransomware system restoration services in the Boston metro area, call Progent at