Crypto-Ransomware : Your Feared Information Technology Catastrophe
Crypto-Ransomware has become a too-frequent cyberplague that poses an extinction-level threat for businesses of all sizes vulnerable to an assault. Different versions of crypto-ransomware such as CryptoLocker, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been out in the wild for many years and still inflict destruction. More recent versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus more as yet unnamed newcomers, not only perform encryption of online files but also infect most available system protection mechanisms. Information synchronized to cloud environments can also be ransomed. In a poorly architected environment, it can make automatic restoration hopeless and basically knocks the datacenter back to zero.
Getting back programs and information after a ransomware intrusion becomes a sprint against time as the targeted organization tries its best to contain, cleanup the virus, and resume business-critical operations. Due to the fact that ransomware needs time to spread throughout a network, attacks are frequently launched during weekends and nights, when attacks are likely to take longer to recognize. This compounds the difficulty of rapidly assembling and coordinating an experienced response team.
Progent makes available an assortment of services for protecting Huntington Beach organizations from ransomware attacks. Among these are user education to help recognize and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat defense to identify and suppress zero-day modern malware assaults. Progent in addition provides the assistance of experienced ransomware recovery professionals with the skills and commitment to re-deploy a breached system as quickly as possible.
Progent's Ransomware Restoration Support Services
Subsequent to a ransomware penetration, even paying the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will provide the keys to decipher all your data. Kaspersky Labs estimated that seventeen percent of crypto-ransomware victims never recovered their data after having paid the ransom, resulting in more losses. The risk is also very costly. Ryuk ransoms are often several hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The other path is to piece back together the critical elements of your IT environment. Absent the availability of complete system backups, this requires a wide complement of IT skills, professional team management, and the ability to work non-stop until the job is finished.
For twenty years, Progent has provided certified expert Information Technology services for companies across the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have attained top certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security specialists have earned internationally-renowned industry certifications including CISM, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience with accounting and ERP software solutions. This breadth of experience provides Progent the capability to rapidly determine important systems and consolidate the remaining parts of your computer network environment after a crypto-ransomware event and rebuild them into an operational system.
Progent's recovery group utilizes best of breed project management applications to coordinate the complex recovery process. Progent understands the urgency of acting rapidly and together with a customer's management and Information Technology team members to prioritize tasks and to get critical services back on line as soon as humanly possible.
Case Study: A Successful Ransomware Attack Restoration
A client escalated to Progent after their company was penetrated by Ryuk ransomware. Ryuk is generally considered to have been launched by North Korean government sponsored hackers, possibly using algorithms leaked from the U.S. NSA organization. Ryuk goes after specific organizations with limited room for operational disruption and is one of the most profitable incarnations of ransomware viruses. Well Known organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturer based in Chicago and has around 500 staff members. The Ryuk intrusion had brought down all business operations and manufacturing capabilities. Most of the client's data backups had been on-line at the time of the intrusion and were destroyed. The client considered paying the ransom demand (exceeding two hundred thousand dollars) and wishfully thinking for good luck, but in the end utilized Progent.
Progent worked together with the customer to rapidly identify and prioritize the critical applications that had to be restored to make it possible to resume company operations:
Within two days, Progent was able to restore Windows Active Directory to its pre-intrusion state. Progent then charged ahead with rebuilding and hard drive recovery on mission critical applications. All Exchange schema and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was able to locate local OST data files (Microsoft Outlook Off-Line Folder Files) on team workstations and laptops in order to recover mail information. A recent offline backup of the client's financials/MRP systems made them able to restore these essential services back online for users. Although a lot of work remained to recover totally from the Ryuk attack, essential systems were recovered quickly:
Throughout the following couple of weeks key milestones in the recovery project were achieved in close cooperation between Progent consultants and the client:
Conclusion
A probable business catastrophe was averted with results-oriented professionals, a wide range of technical expertise, and close collaboration. Although in post mortem the ransomware virus incident described here could have been identified and blocked with advanced cyber security solutions and ISO/IEC 27001 best practices, team education, and well designed incident response procedures for data protection and proper patching controls, the fact is that state-sponsored cybercriminals from Russia, North Korea and elsewhere are relentless and are not going away. If you do get hit by a ransomware attack, remember that Progent's team of professionals has substantial experience in ransomware virus defense, remediation, and file restoration.
Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Expertise in Huntington Beach
For ransomware system restoration consulting in the Huntington Beach area, call Progent at