Ransomware : Your Feared IT Disaster
Ransomware has become an escalating cyberplague that poses an extinction-level threat for businesses unprepared for an attack. Different versions of crypto-ransomware like the Reveton, Fusob, Locky, SamSam and MongoLock cryptoworms have been circulating for years and still inflict damage. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, along with more as yet unnamed viruses, not only perform encryption of online data but also infiltrate most configured system backup. Data synchronized to off-premises disaster recovery sites can also be ransomed. In a poorly architected data protection solution, this can render automatic recovery useless and effectively sets the entire system back to square one.
Getting back applications and data after a ransomware outage becomes a race against time as the targeted business tries its best to contain the damage, eradicate the ransomware, and resume business-critical operations. Due to the fact that ransomware needs time to move laterally across a network, penetrations are frequently sprung during weekends and nights, when successful attacks typically take longer to identify. This multiplies the difficulty of rapidly assembling and orchestrating a qualified response team.
Progent makes available a variety of solutions for securing Huntington Beach organizations from crypto-ransomware penetrations. Among these are user training to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based cyberthreat defense to identify and quarantine zero-day malware attacks. Progent in addition provides the assistance of expert ransomware recovery professionals with the talent and perseverance to re-deploy a compromised environment as rapidly as possible.
Progent's Ransomware Restoration Services
Subsequent to a crypto-ransomware penetration, even paying the ransom in cryptocurrency does not ensure that cyber criminals will provide the needed codes to decipher all your data. Kaspersky determined that 17% of crypto-ransomware victims never restored their files even after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms are often several hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions of dollars. The other path is to setup from scratch the mission-critical elements of your Information Technology environment. Absent the availability of complete system backups, this calls for a wide complement of skills, professional team management, and the ability to work continuously until the task is complete.
For decades, Progent has provided expert IT services for companies across the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have attained advanced certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have earned internationally-renowned industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has experience with financial management and ERP applications. This breadth of experience gives Progent the capability to quickly ascertain important systems and re-organize the remaining parts of your network environment following a crypto-ransomware attack and rebuild them into an operational system.
Progent's recovery team of experts uses state-of-the-art project management tools to orchestrate the complicated recovery process. Progent understands the importance of working rapidly and in unison with a customer's management and Information Technology team members to assign priority to tasks and to put essential applications back on line as fast as possible.
Client Case Study: A Successful Crypto-Ransomware Incident Response
A customer contacted Progent after their network system was penetrated by Ryuk crypto-ransomware. Ryuk is believed to have been developed by North Korean state cybercriminals, possibly using technology exposed from the United States National Security Agency. Ryuk goes after specific businesses with limited room for disruption and is among the most lucrative instances of ransomware. High publicized organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturing business based in the Chicago metro area and has around 500 employees. The Ryuk attack had disabled all essential operations and manufacturing processes. Most of the client's system backups had been on-line at the time of the attack and were eventually encrypted. The client considered paying the ransom demand (more than two hundred thousand dollars) and hoping for good luck, but ultimately brought in Progent.
Progent worked hand in hand the client to quickly understand and prioritize the critical services that needed to be restored in order to restart company functions:
Within two days, Progent was able to rebuild Active Directory to its pre-penetration state. Progent then accomplished setup and hard drive recovery on critical systems. All Exchange ties and configuration information were usable, which accelerated the rebuild of Exchange. Progent was also able to locate intact OST data files (Microsoft Outlook Offline Folder Files) on team PCs to recover mail data. A recent offline backup of the client's accounting systems made it possible to restore these essential applications back online for users. Although a lot of work remained to recover fully from the Ryuk virus, critical services were returned to operations quickly:
During the following couple of weeks critical milestones in the restoration project were made through close collaboration between Progent consultants and the customer:
Conclusion
A probable business extinction catastrophe was evaded through the efforts of hard-working experts, a wide range of IT skills, and tight teamwork. Although in post mortem the ransomware virus incident described here would have been prevented with modern security technology and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, staff education, and appropriate incident response procedures for information protection and proper patching controls, the reality is that state-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and will continue. If you do fall victim to a ransomware attack, feel confident that Progent's team of professionals has substantial experience in crypto-ransomware virus blocking, mitigation, and information systems disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Huntington Beach
For ransomware system recovery consulting services in the Huntington Beach metro area, phone Progent at