Ransomware : Your Crippling IT Nightmare
Ransomware has become a modern cyberplague that poses an existential danger for businesses unprepared for an assault. Multiple generations of crypto-ransomware such as Dharma, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been around for many years and continue to cause destruction. Modern versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, plus frequent as yet unnamed viruses, not only do encryption of on-line files but also infect all available system restores and backups. Files synchronized to cloud environments can also be ransomed. In a poorly designed data protection solution, this can render automated restore operations useless and effectively sets the entire system back to square one.
Retrieving programs and data following a crypto-ransomware intrusion becomes a sprint against time as the targeted business tries its best to contain the damage and cleanup the crypto-ransomware and to resume enterprise-critical activity. Due to the fact that ransomware requires time to replicate, attacks are frequently launched during weekends and nights, when successful penetrations are likely to take longer to identify. This compounds the difficulty of promptly assembling and organizing a qualified mitigation team.
Progent provides a range of help services for protecting Sorocaba businesses from ransomware attacks. Among these are staff training to help identify and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based threat defense to discover and extinguish zero-day modern malware attacks. Progent also provides the services of seasoned ransomware recovery professionals with the skills and commitment to restore a breached system as rapidly as possible.
Progent's Ransomware Recovery Services
Soon after a crypto-ransomware attack, sending the ransom in Bitcoin cryptocurrency does not provide any assurance that criminal gangs will return the codes to unencrypt all your data. Kaspersky Labs ascertained that seventeen percent of ransomware victims never recovered their data after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the average ransomware demands, which ZDNET determined to be in the range of $13,000 for small organizations. The alternative is to piece back together the key parts of your IT environment. Absent access to full data backups, this requires a wide complement of skill sets, top notch team management, and the ability to work 24x7 until the job is over.
For twenty years, Progent has offered expert Information Technology services for companies across the United States and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have attained advanced certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security specialists have earned internationally-renowned industry certifications including CISM, CISSP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has experience in financial systems and ERP applications. This breadth of expertise affords Progent the ability to efficiently determine important systems and consolidate the remaining parts of your Information Technology system following a ransomware penetration and configure them into an operational network.
Progent's recovery team has best of breed project management systems to orchestrate the complicated restoration process. Progent knows the urgency of acting quickly and in concert with a customer's management and IT resources to assign priority to tasks and to put essential services back on-line as fast as humanly possible.
Customer Case Study: A Successful Ransomware Attack Response
A business sought out Progent after their organization was penetrated by Ryuk ransomware. Ryuk is thought to have been launched by Northern Korean state cybercriminals, suspected of adopting strategies exposed from the U.S. National Security Agency. Ryuk attacks specific companies with little room for disruption and is one of the most profitable incarnations of crypto-ransomware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturing company based in the Chicago metro area with around 500 staff members. The Ryuk intrusion had paralyzed all company operations and manufacturing capabilities. Most of the client's information backups had been directly accessible at the time of the intrusion and were eventually encrypted. The client was actively seeking loans for paying the ransom demand (in excess of $200,000) and wishfully thinking for good luck, but in the end reached out to Progent.
Progent worked with the client to quickly get our arms around and assign priority to the key services that needed to be addressed to make it possible to resume business operations:
Within two days, Progent was able to rebuild Active Directory services to its pre-virus state. Progent then performed reinstallations and storage recovery on mission critical servers. All Exchange ties and configuration information were usable, which greatly helped the restore of Exchange. Progent was able to locate intact OST files (Microsoft Outlook Offline Data Files) on staff workstations and laptops to recover mail information. A recent off-line backup of the client's financials/ERP software made it possible to recover these essential services back online. Although major work remained to recover fully from the Ryuk damage, essential services were returned to operations quickly:
During the next month key milestones in the restoration project were made through tight collaboration between Progent engineers and the client:
Conclusion
A possible company-ending disaster was averted due to hard-working professionals, a wide array of subject matter expertise, and close collaboration. Although in analyzing the event afterwards the ransomware penetration described here should have been identified and prevented with current cyber security solutions and ISO/IEC 27001 best practices, user training, and properly executed incident response procedures for data backup and keeping systems up to date with security patches, the fact remains that state-sponsored hackers from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a ransomware incursion, remember that Progent's roster of professionals has substantial experience in ransomware virus defense, removal, and file restoration.
Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Sorocaba
For ransomware cleanup consulting services in the Sorocaba metro area, phone Progent at