Crypto-Ransomware : Your Feared IT Disaster
Ransomware has become a modern cyber pandemic that presents an existential danger for organizations poorly prepared for an attack. Different versions of crypto-ransomware such as Reveton, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been running rampant for many years and continue to inflict destruction. Newer strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus more unnamed newcomers, not only do encryption of on-line data but also infect any accessible system restores and backups. Files replicated to off-site disaster recovery sites can also be encrypted. In a vulnerable data protection solution, this can render automatic restoration impossible and basically knocks the entire system back to square one.
Getting back online programs and data following a ransomware intrusion becomes a race against time as the targeted business fights to stop the spread and eradicate the crypto-ransomware and to restore business-critical activity. Due to the fact that crypto-ransomware takes time to replicate, attacks are often launched during nights and weekends, when successful attacks in many cases take more time to identify. This compounds the difficulty of rapidly marshalling and orchestrating an experienced response team.
Progent makes available a variety of services for protecting Columbus businesses from crypto-ransomware events. These include team training to help identify and avoid phishing scams, ProSight Active Security Monitoring for remote monitoring and management, along with setup and configuration of next-generation security appliances with AI technology to intelligently identify and disable new cyber threats. Progent also provides the services of experienced ransomware recovery professionals with the skills and perseverance to reconstruct a breached environment as urgently as possible.
Progent's Ransomware Restoration Help
Subsequent to a ransomware event, even paying the ransom demands in cryptocurrency does not ensure that criminal gangs will respond with the needed keys to decipher any of your information. Kaspersky Labs ascertained that seventeen percent of crypto-ransomware victims never recovered their files even after having paid the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is well higher than the typical ransomware demands, which ZDNET estimated to be around $13,000 for small businesses. The fallback is to piece back together the key components of your IT environment. Absent the availability of essential system backups, this calls for a broad complement of IT skills, well-coordinated team management, and the willingness to work non-stop until the recovery project is finished.
For decades, Progent has provided certified expert IT services for businesses across the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have earned high-level industry certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have garnered internationally-recognized industry certifications including CISM, CISSP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has experience with accounting and ERP software solutions. This breadth of experience gives Progent the capability to efficiently ascertain necessary systems and re-organize the remaining pieces of your network environment after a ransomware attack and rebuild them into an operational network.
Progent's ransomware team of experts utilizes top notch project management applications to orchestrate the sophisticated recovery process. Progent understands the importance of working rapidly and in unison with a client's management and Information Technology resources to assign priority to tasks and to put essential systems back on-line as soon as humanly possible.
Case Study: A Successful Crypto-Ransomware Attack Restoration
A small business contacted Progent after their company was penetrated by the Ryuk ransomware. Ryuk is thought to have been created by North Korean state hackers, suspected of using approaches leaked from the United States National Security Agency. Ryuk attacks specific companies with little or no tolerance for disruption and is among the most lucrative iterations of ransomware. Major targets include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturer based in the Chicago metro area with around 500 employees. The Ryuk intrusion had paralyzed all essential operations and manufacturing capabilities. Most of the client's backups had been on-line at the beginning of the intrusion and were destroyed. The client was evaluating paying the ransom demand (in excess of $200,000) and hoping for the best, but ultimately reached out to Progent.
Progent worked together with the customer to rapidly get our arms around and prioritize the key applications that needed to be restored in order to restart business functions:
Within 48 hours, Progent was able to restore Windows Active Directory to its pre-penetration state. Progent then charged ahead with reinstallations and storage recovery of critical servers. All Exchange schema and configuration information were intact, which greatly helped the rebuild of Exchange. Progent was able to find local OST files (Outlook Email Off-Line Data Files) on user desktop computers and laptops in order to recover email data. A recent offline backup of the customer’s manufacturing systems made them able to recover these required services back online for users. Although significant work remained to recover fully from the Ryuk attack, core systems were recovered rapidly:
During the following few weeks critical milestones in the recovery process were made through tight cooperation between Progent team members and the customer:
Conclusion
A likely enterprise-killing catastrophe was evaded due to dedicated experts, a broad range of knowledge, and tight collaboration. Although in post mortem the crypto-ransomware virus penetration detailed here would have been shut down with modern security systems and ISO/IEC 27001 best practices, user education, and well thought out security procedures for information protection and applying software patches, the reality is that government-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a ransomware incident, remember that Progent's team of professionals has substantial experience in crypto-ransomware virus defense, mitigation, and information systems recovery.
Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Expertise in Columbus
For ransomware recovery consulting in the Columbus metro area, phone Progent at