Ransomware : Your Worst Information Technology Disaster
Crypto-Ransomware has become an escalating cyber pandemic that poses an existential danger for businesses of all sizes unprepared for an assault. Different versions of ransomware such as Reveton, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been circulating for many years and still inflict destruction. More recent variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, as well as daily unnamed viruses, not only do encryption of on-line information but also infect most accessible system protection mechanisms. Information synchronized to cloud environments can also be rendered useless. In a vulnerable environment, this can make automatic restore operations hopeless and effectively sets the network back to zero.
Recovering services and data following a ransomware outage becomes a race against time as the victim struggles to stop the spread and eradicate the crypto-ransomware and to restore business-critical operations. Since crypto-ransomware needs time to move laterally, assaults are often launched on weekends, when successful penetrations typically take more time to uncover. This multiplies the difficulty of promptly mobilizing and coordinating an experienced mitigation team.
Progent offers a range of support services for securing Huntington Beach enterprises from ransomware penetrations. Among these are staff training to help identify and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat protection to discover and disable day-zero modern malware attacks. Progent in addition can provide the services of seasoned ransomware recovery engineers with the talent and commitment to restore a compromised network as urgently as possible.
Progent's Ransomware Restoration Services
Soon after a crypto-ransomware attack, even paying the ransom in Bitcoin cryptocurrency does not provide any assurance that cyber hackers will respond with the needed keys to unencrypt all your information. Kaspersky Labs determined that seventeen percent of ransomware victims never restored their data after having paid the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the average crypto-ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller businesses. The alternative is to re-install the mission-critical elements of your Information Technology environment. Absent access to essential system backups, this calls for a broad complement of skill sets, well-coordinated project management, and the capability to work continuously until the recovery project is complete.
For twenty years, Progent has offered certified expert IT services for businesses across the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have earned advanced certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have garnered internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent also has expertise in financial systems and ERP applications. This breadth of expertise provides Progent the skills to efficiently understand necessary systems and integrate the remaining parts of your IT system following a ransomware event and configure them into an operational network.
Progent's security group has best of breed project management tools to coordinate the complicated restoration process. Progent appreciates the urgency of working swiftly and in unison with a client's management and Information Technology resources to assign priority to tasks and to put essential systems back online as soon as humanly possible.
Customer Story: A Successful Ransomware Attack Restoration
A small business escalated to Progent after their network was attacked by the Ryuk ransomware virus. Ryuk is believed to have been created by Northern Korean state sponsored criminal gangs, suspected of adopting algorithms leaked from America's National Security Agency. Ryuk seeks specific organizations with limited room for disruption and is one of the most lucrative examples of crypto-ransomware. Well Known targets include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturer headquartered in the Chicago metro area with around 500 employees. The Ryuk event had shut down all essential operations and manufacturing capabilities. The majority of the client's information backups had been on-line at the start of the attack and were destroyed. The client considered paying the ransom demand (more than $200,000) and hoping for the best, but ultimately reached out to Progent.
Progent worked with the customer to rapidly determine and assign priority to the essential areas that needed to be recovered to make it possible to resume company functions:
In less than two days, Progent was able to restore Windows Active Directory to its pre-intrusion state. Progent then helped perform setup and storage recovery of critical applications. All Microsoft Exchange Server ties and configuration information were usable, which accelerated the restore of Exchange. Progent was able to assemble intact OST data files (Outlook Email Offline Data Files) on team workstations to recover mail information. A recent off-line backup of the businesses accounting/MRP systems made it possible to recover these required applications back servicing users. Although a lot of work was left to recover fully from the Ryuk damage, the most important services were returned to operations rapidly:
During the following couple of weeks key milestones in the recovery process were completed in close collaboration between Progent consultants and the customer:
Conclusion
A likely business extinction disaster was dodged due to results-oriented experts, a wide range of technical expertise, and tight teamwork. Although in analyzing the event afterwards the ransomware virus penetration described here would have been blocked with modern cyber security technology solutions and security best practices, user training, and properly executed security procedures for information backup and proper patching controls, the fact remains that state-sponsored cybercriminals from China, North Korea and elsewhere are relentless and will continue. If you do fall victim to a ransomware incursion, feel confident that Progent's roster of experts has a proven track record in ransomware virus defense, cleanup, and file recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Huntington Beach
For ransomware system recovery consulting in the Huntington Beach area, call Progent at