Ransomware : Your Feared IT Disaster
Crypto-Ransomware has become a too-frequent cyberplague that presents an enterprise-level danger for organizations poorly prepared for an assault. Different versions of ransomware like the Reveton, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been around for a long time and still inflict destruction. Newer variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus frequent unnamed newcomers, not only encrypt on-line files but also infect many accessible system backups. Information replicated to cloud environments can also be rendered useless. In a poorly architected system, it can make automated restore operations impossible and basically knocks the datacenter back to zero.
Getting back online programs and data following a ransomware event becomes a race against the clock as the victim fights to stop the spread, cleanup the ransomware, and resume business-critical activity. Due to the fact that ransomware needs time to move laterally throughout a network, assaults are often launched during weekends and nights, when penetrations typically take longer to discover. This compounds the difficulty of rapidly mobilizing and organizing an experienced mitigation team.
Progent makes available a range of solutions for protecting Allen enterprises from crypto-ransomware attacks. Among these are staff training to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's AI-based cyberthreat protection to detect and quarantine zero-day modern malware attacks. Progent also offers the services of expert ransomware recovery professionals with the skills and perseverance to reconstruct a breached environment as quickly as possible.
Progent's Crypto-Ransomware Recovery Services
Following a ransomware event, sending the ransom in cryptocurrency does not provide any assurance that cyber hackers will return the keys to decrypt any or all of your files. Kaspersky determined that 17% of ransomware victims never recovered their files even after having sent off the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger organizations, the ransom demand can reach millions. The fallback is to piece back together the critical elements of your IT environment. Without access to full system backups, this calls for a broad complement of skills, top notch project management, and the capability to work non-stop until the job is over.
For two decades, Progent has provided expert Information Technology services for businesses throughout the U.S. and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have attained high-level certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have garnered internationally-recognized certifications including CISM, CISSP-ISSAP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has expertise in financial management and ERP applications. This breadth of expertise gives Progent the capability to efficiently identify important systems and re-organize the remaining parts of your computer network system following a crypto-ransomware penetration and configure them into an operational system.
Progent's security team deploys state-of-the-art project management systems to orchestrate the sophisticated recovery process. Progent understands the urgency of acting swiftly and in unison with a customer's management and Information Technology team members to assign priority to tasks and to get key services back on-line as soon as humanly possible.
Case Study: A Successful Crypto-Ransomware Attack Recovery
A customer engaged Progent after their company was brought down by the Ryuk ransomware virus. Ryuk is believed to have been launched by North Korean state cybercriminals, possibly adopting approaches leaked from the U.S. NSA organization. Ryuk seeks specific businesses with little or no room for disruption and is among the most profitable examples of ransomware. Headline targets include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturing company based in Chicago and has around 500 workers. The Ryuk intrusion had paralyzed all company operations and manufacturing capabilities. The majority of the client's information backups had been on-line at the time of the intrusion and were eventually encrypted. The client was evaluating paying the ransom demand (in excess of two hundred thousand dollars) and hoping for the best, but ultimately engaged Progent.
Progent worked hand in hand the customer to quickly identify and prioritize the most important services that had to be restored in order to continue business operations:
Within 48 hours, Progent was able to restore Active Directory to its pre-penetration state. Progent then accomplished reinstallations and storage recovery on critical applications. All Microsoft Exchange Server data and configuration information were usable, which facilitated the restore of Exchange. Progent was able to assemble local OST data files (Microsoft Outlook Off-Line Folder Files) on team workstations in order to recover mail information. A recent off-line backup of the client's financials/MRP systems made them able to return these essential services back servicing users. Although a large amount of work was left to recover fully from the Ryuk event, the most important services were restored quickly:
Throughout the next month key milestones in the recovery project were accomplished through close collaboration between Progent engineers and the client:
Conclusion
A potential business-ending catastrophe was dodged with dedicated professionals, a wide range of knowledge, and close teamwork. Although in post mortem the ransomware attack detailed here would have been shut down with advanced cyber security solutions and ISO/IEC 27001 best practices, user education, and appropriate security procedures for data backup and keeping systems up to date with security patches, the fact is that government-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a crypto-ransomware incursion, remember that Progent's roster of professionals has substantial experience in crypto-ransomware virus defense, removal, and information systems disaster recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Expertise in Allen
For ransomware recovery consulting in the Allen area, phone Progent at