Ransomware : Your Crippling IT Disaster
Ransomware has become a modern cyber pandemic that presents an extinction-level threat for businesses unprepared for an attack. Versions of crypto-ransomware such as Reveton, Fusob, Locky, Syskey and MongoLock cryptoworms have been replicating for a long time and still cause harm. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, along with daily unnamed viruses, not only encrypt online information but also infiltrate all configured system backups. Data synchronized to off-premises disaster recovery sites can also be encrypted. In a vulnerable data protection solution, this can make any restore operations impossible and effectively sets the datacenter back to zero.
Restoring applications and data following a ransomware outage becomes a sprint against time as the targeted business fights to contain the damage, clear the virus, and restore business-critical operations. Because ransomware requires time to move laterally throughout a targeted network, attacks are often launched during nights and weekends, when attacks are likely to take more time to discover. This compounds the difficulty of promptly assembling and coordinating a qualified mitigation team.
Progent provides an assortment of services for protecting Boise enterprises from ransomware events. These include team member training to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to identify and quarantine day-zero malware assaults. Progent also can provide the assistance of experienced crypto-ransomware recovery professionals with the talent and commitment to re-deploy a breached environment as soon as possible.
Progent's Ransomware Restoration Support Services
Subsequent to a crypto-ransomware penetration, sending the ransom in cryptocurrency does not guarantee that cyber hackers will provide the keys to decipher all your data. Kaspersky determined that 17% of ransomware victims never restored their data even after having sent off the ransom, resulting in increased losses. The gamble is also expensive. Ryuk ransoms are often several hundred thousand dollars. For larger organizations, the ransom can reach millions. The fallback is to piece back together the essential components of your Information Technology environment. Without the availability of complete system backups, this calls for a wide complement of skills, professional team management, and the willingness to work continuously until the task is finished.
For two decades, Progent has offered certified expert Information Technology services for businesses throughout the US and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have attained top certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have garnered internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has expertise in financial management and ERP application software. This breadth of experience provides Progent the skills to rapidly determine important systems and consolidate the surviving pieces of your Information Technology environment after a ransomware event and rebuild them into a functioning system.
Progent's security team uses powerful project management systems to orchestrate the complex restoration process. Progent knows the urgency of working rapidly and in concert with a client's management and Information Technology resources to prioritize tasks and to get the most important applications back on line as soon as possible.
Customer Case Study: A Successful Ransomware Intrusion Recovery
A customer engaged Progent after their organization was taken over by Ryuk crypto-ransomware. Ryuk is thought to have been created by North Korean state hackers, suspected of adopting strategies exposed from the U.S. NSA organization. Ryuk targets specific organizations with little tolerance for disruption and is one of the most profitable incarnations of ransomware. Headline victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturing company headquartered in Chicago with around 500 employees. The Ryuk intrusion had brought down all essential operations and manufacturing processes. Most of the client's data protection had been online at the beginning of the attack and were damaged. The client was actively seeking loans for paying the ransom demand (exceeding $200K) and praying for good luck, but ultimately called Progent.
Progent worked hand in hand the customer to rapidly understand and assign priority to the most important applications that had to be restored in order to resume company functions:
Within two days, Progent was able to rebuild Active Directory to its pre-virus state. Progent then helped perform setup and hard drive recovery of critical systems. All Exchange Server ties and attributes were intact, which greatly helped the rebuild of Exchange. Progent was able to assemble intact OST data files (Outlook Email Off-Line Data Files) on team workstations and laptops in order to recover email information. A recent offline backup of the client's accounting/ERP systems made them able to restore these essential programs back available to users. Although major work was left to recover fully from the Ryuk virus, critical systems were returned to operations quickly:
Over the next few weeks critical milestones in the recovery project were achieved through close collaboration between Progent consultants and the customer:
Conclusion
A probable business-killing disaster was avoided due to top-tier professionals, a wide array of subject matter expertise, and close collaboration. Although in retrospect the ransomware attack described here should have been disabled with current security solutions and best practices, user and IT administrator training, and appropriate security procedures for data backup and keeping systems up to date with security patches, the reality remains that state-sponsored cybercriminals from Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a ransomware incursion, remember that Progent's roster of experts has substantial experience in ransomware virus blocking, mitigation, and information systems recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting Services in Boise
For ransomware cleanup consulting in the Boise area, phone Progent at