Ransomware : Your Crippling Information Technology Disaster
Ransomware has become a too-frequent cyber pandemic that represents an enterprise-level threat for businesses of all sizes vulnerable to an assault. Different versions of ransomware such as CrySIS, Fusob, Locky, SamSam and MongoLock cryptoworms have been out in the wild for a long time and still inflict damage. More recent versions of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, plus daily as yet unnamed viruses, not only do encryption of on-line information but also infect many configured system backup. Information synched to cloud environments can also be rendered useless. In a poorly architected data protection solution, this can render automatic recovery useless and basically sets the datacenter back to square one.
Getting back on-line services and information after a ransomware outage becomes a sprint against the clock as the targeted business struggles to stop lateral movement and eradicate the ransomware and to resume mission-critical operations. Due to the fact that crypto-ransomware needs time to spread, attacks are frequently launched on weekends, when successful attacks may take more time to discover. This multiplies the difficulty of promptly assembling and coordinating an experienced mitigation team.
Progent makes available a range of services for securing Huntington Beach businesses from crypto-ransomware penetrations. These include team member training to help recognize and not fall victim to phishing scams, ProSight Active Security Monitoring for remote monitoring and management, in addition to setup and configuration of the latest generation security solutions with AI technology to rapidly discover and quarantine zero-day threats. Progent in addition provides the services of seasoned ransomware recovery professionals with the talent and commitment to rebuild a compromised network as rapidly as possible.
Progent's Ransomware Recovery Services
Soon after a crypto-ransomware attack, even paying the ransom in cryptocurrency does not ensure that merciless criminals will provide the codes to decrypt any or all of your data. Kaspersky ascertained that 17% of ransomware victims never recovered their information even after having paid the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is well above the average ransomware demands, which ZDNET estimated to be in the range of $13,000 for small organizations. The fallback is to piece back together the key components of your IT environment. Absent access to full information backups, this requires a wide complement of skill sets, well-coordinated team management, and the willingness to work non-stop until the recovery project is completed.
For decades, Progent has offered certified expert IT services for companies across the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have earned top industry certifications in important technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security experts have garnered internationally-recognized certifications including CISM, CISSP-ISSAP, CRISC, and GIAC. (Refer to Progent's certifications). Progent also has expertise with financial systems and ERP application software. This breadth of expertise affords Progent the capability to efficiently identify important systems and organize the remaining pieces of your computer network system following a ransomware attack and rebuild them into a functioning system.
Progent's security team deploys best of breed project management applications to coordinate the complicated restoration process. Progent appreciates the importance of acting swiftly and in concert with a client's management and IT staff to assign priority to tasks and to get essential applications back on-line as fast as possible.
Business Case Study: A Successful Crypto-Ransomware Intrusion Recovery
A customer engaged Progent after their organization was attacked by the Ryuk ransomware. Ryuk is believed to have been deployed by Northern Korean state sponsored hackers, suspected of adopting approaches leaked from the U.S. NSA organization. Ryuk goes after specific organizations with little tolerance for operational disruption and is one of the most lucrative incarnations of ransomware viruses. Headline victims include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a small manufacturing company based in Chicago and has around 500 staff members. The Ryuk intrusion had brought down all company operations and manufacturing capabilities. The majority of the client's system backups had been on-line at the beginning of the intrusion and were eventually encrypted. The client was evaluating paying the ransom (exceeding $200K) and hoping for the best, but in the end called Progent.
Progent worked with the customer to rapidly get our arms around and prioritize the essential systems that had to be recovered in order to resume business operations:
In less than 2 days, Progent was able to recover Windows Active Directory to its pre-virus state. Progent then performed reinstallations and hard drive recovery of the most important systems. All Exchange ties and attributes were usable, which accelerated the rebuild of Exchange. Progent was also able to assemble non-encrypted OST data files (Outlook Off-Line Folder Files) on various PCs in order to recover mail messages. A not too old off-line backup of the client's financials/ERP software made it possible to recover these essential services back online for users. Although major work was left to recover fully from the Ryuk event, core systems were restored quickly:
Over the following couple of weeks key milestones in the recovery project were achieved through tight collaboration between Progent engineers and the customer:
Conclusion
A probable company-ending catastrophe was avoided with dedicated experts, a broad range of knowledge, and close collaboration. Although in analyzing the event afterwards the crypto-ransomware virus attack described here should have been blocked with modern cyber security technology and security best practices, user education, and well thought out security procedures for data protection and proper patching controls, the fact remains that government-sponsored cyber criminals from China, North Korea and elsewhere are relentless and are not going away. If you do get hit by a ransomware incursion, feel confident that Progent's team of professionals has extensive experience in ransomware virus blocking, removal, and information systems recovery.
Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Services in Huntington Beach
For ransomware system restoration consulting in the Huntington Beach metro area, phone Progent at