Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become a too-frequent cyber pandemic that poses an extinction-level threat for businesses of all sizes unprepared for an assault. Different iterations of ransomware like the CryptoLocker, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been out in the wild for many years and still inflict havoc. Modern versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, plus daily as yet unnamed viruses, not only encrypt online data files but also infect any available system backup. Data synched to cloud environments can also be rendered useless. In a vulnerable data protection solution, it can render any restoration useless and effectively knocks the datacenter back to zero.
Recovering services and data following a ransomware outage becomes a race against time as the victim tries its best to stop the spread, cleanup the crypto-ransomware, and restore enterprise-critical activity. Since ransomware takes time to replicate across a network, assaults are often launched during nights and weekends, when successful penetrations are likely to take longer to notice. This compounds the difficulty of rapidly mobilizing and orchestrating a qualified response team.
Progent offers a range of solutions for protecting Columbus businesses from ransomware events. Among these are team education to help identify and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat defense to detect and disable day-zero malware assaults. Progent also offers the services of expert crypto-ransomware recovery consultants with the talent and commitment to restore a breached network as soon as possible.
Progent's Ransomware Recovery Help
After a crypto-ransomware invasion, paying the ransom in cryptocurrency does not guarantee that criminal gangs will provide the codes to decrypt any of your files. Kaspersky determined that 17% of crypto-ransomware victims never restored their information after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions. The fallback is to piece back together the essential elements of your IT environment. Without access to complete data backups, this calls for a wide range of skills, top notch project management, and the ability to work non-stop until the job is completed.
For twenty years, Progent has made available certified expert IT services for companies across the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have attained top industry certifications in important technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally-recognized industry certifications including CISM, CISSP, CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has expertise with accounting and ERP software solutions. This breadth of experience affords Progent the ability to efficiently ascertain necessary systems and integrate the remaining pieces of your computer network environment following a crypto-ransomware attack and assemble them into a functioning network.
Progent's security team uses powerful project management tools to orchestrate the complicated restoration process. Progent appreciates the importance of working rapidly and together with a customer's management and Information Technology staff to assign priority to tasks and to get the most important applications back on-line as fast as humanly possible.
Client Story: A Successful Ransomware Penetration Restoration
A customer escalated to Progent after their network system was brought down by the Ryuk crypto-ransomware. Ryuk is generally considered to have been deployed by North Korean state hackers, suspected of using techniques exposed from the U.S. National Security Agency. Ryuk attacks specific businesses with little or no ability to sustain disruption and is one of the most profitable examples of ransomware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing company based in Chicago with around 500 staff members. The Ryuk penetration had shut down all company operations and manufacturing capabilities. The majority of the client's system backups had been online at the time of the intrusion and were eventually encrypted. The client considered paying the ransom demand (exceeding $200K) and praying for the best, but ultimately reached out to Progent.
Progent worked with the customer to rapidly get our arms around and prioritize the essential areas that had to be recovered in order to resume company functions:
Within two days, Progent was able to restore Active Directory services to its pre-penetration state. Progent then assisted with setup and hard drive recovery of the most important systems. All Exchange Server schema and attributes were usable, which accelerated the restore of Exchange. Progent was able to collect local OST data files (Outlook Offline Folder Files) on various desktop computers and laptops to recover email information. A recent off-line backup of the customer's financials/ERP software made them able to restore these essential services back online. Although significant work was left to recover fully from the Ryuk damage, critical systems were recovered rapidly:
During the next couple of weeks critical milestones in the recovery process were achieved in tight collaboration between Progent team members and the customer:
Conclusion
A likely business extinction disaster was avoided with top-tier professionals, a broad spectrum of technical expertise, and close collaboration. Although in analyzing the event afterwards the ransomware virus attack detailed here would have been blocked with up-to-date cyber security technology solutions and ISO/IEC 27001 best practices, user education, and properly executed incident response procedures for backup and applying software patches, the fact is that government-sponsored cybercriminals from Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do get hit by a crypto-ransomware virus, remember that Progent's roster of professionals has a proven track record in ransomware virus blocking, cleanup, and information systems disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Columbus
For ransomware system restoration consulting in the Columbus area, phone Progent at