Ransomware : Your Worst Information Technology Catastrophe
Crypto-Ransomware has become a modern cyber pandemic that represents an enterprise-level danger for organizations vulnerable to an assault. Versions of crypto-ransomware such as Dharma, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been running rampant for years and continue to inflict havoc. Modern variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as more unnamed malware, not only encrypt online data files but also infiltrate most configured system protection. Data synched to off-site disaster recovery sites can also be rendered useless. In a poorly architected data protection solution, it can make automated restoration useless and effectively sets the datacenter back to zero.
Getting back online applications and information after a ransomware attack becomes a sprint against time as the targeted organization tries its best to contain the damage and eradicate the crypto-ransomware and to resume mission-critical activity. Due to the fact that ransomware takes time to spread, assaults are frequently sprung at night, when attacks typically take longer to notice. This compounds the difficulty of promptly marshalling and organizing a knowledgeable response team.
Progent makes available a variety of solutions for securing Columbus enterprises from ransomware penetrations. Among these are staff training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to identify and disable zero-day modern malware assaults. Progent in addition can provide the services of seasoned ransomware recovery consultants with the skills and perseverance to restore a breached system as urgently as possible.
Progent's Crypto-Ransomware Recovery Support Services
Following a ransomware event, paying the ransom demands in cryptocurrency does not ensure that cyber criminals will provide the keys to unencrypt any or all of your information. Kaspersky Labs ascertained that seventeen percent of ransomware victims never recovered their information even after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is well above the average ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller businesses. The other path is to re-install the vital elements of your IT environment. Without the availability of full information backups, this calls for a wide complement of skills, top notch team management, and the ability to work continuously until the task is finished.
For twenty years, Progent has provided expert Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have earned high-level industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security consultants have earned internationally-renowned certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has experience in financial systems and ERP applications. This breadth of experience provides Progent the capability to rapidly ascertain critical systems and consolidate the surviving pieces of your network system after a ransomware penetration and assemble them into a functioning network.
Progent's ransomware group has state-of-the-art project management systems to coordinate the complex recovery process. Progent appreciates the importance of working quickly and together with a client's management and Information Technology staff to prioritize tasks and to get critical systems back on line as soon as possible.
Client Story: A Successful Crypto-Ransomware Intrusion Restoration
A customer sought out Progent after their network was brought down by Ryuk crypto-ransomware. Ryuk is thought to have been deployed by Northern Korean state hackers, possibly using algorithms leaked from the United States NSA organization. Ryuk seeks specific companies with little or no room for operational disruption and is one of the most lucrative iterations of crypto-ransomware. High publicized victims include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in the Chicago metro area and has around 500 employees. The Ryuk penetration had paralyzed all business operations and manufacturing processes. Most of the client's backups had been on-line at the time of the intrusion and were destroyed. The client was pursuing financing for paying the ransom demand (exceeding $200,000) and hoping for good luck, but in the end made the decision to use Progent.
Progent worked with the customer to quickly get our arms around and prioritize the most important applications that needed to be restored to make it possible to continue departmental operations:
Within 48 hours, Progent was able to restore Windows Active Directory to its pre-attack state. Progent then performed reinstallations and storage recovery of critical servers. All Exchange Server ties and configuration information were usable, which facilitated the restore of Exchange. Progent was able to assemble intact OST data files (Outlook Offline Folder Files) on user desktop computers to recover mail messages. A not too old off-line backup of the businesses accounting/MRP systems made it possible to return these essential services back online for users. Although major work needed to be completed to recover completely from the Ryuk virus, critical services were recovered rapidly:
Over the following couple of weeks critical milestones in the restoration project were made in close cooperation between Progent team members and the customer:
Conclusion
A likely business-killing catastrophe was evaded with results-oriented experts, a broad spectrum of technical expertise, and tight teamwork. Although upon completion of forensics the ransomware penetration described here should have been blocked with modern security solutions and security best practices, staff education, and well designed incident response procedures for data protection and applying software patches, the fact remains that government-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and are an ongoing threat. If you do fall victim to a ransomware incursion, feel confident that Progent's team of professionals has a proven track record in crypto-ransomware virus blocking, cleanup, and information systems recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Columbus
For ransomware cleanup consulting services in the Columbus area, call Progent at