Crypto-Ransomware : Your Feared IT Nightmare
Crypto-Ransomware has become a modern cyber pandemic that presents an extinction-level threat for businesses of all sizes poorly prepared for an attack. Versions of ransomware like the Dharma, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been around for a long time and continue to inflict damage. Modern versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with daily unnamed viruses, not only encrypt on-line data files but also infect many accessible system backup. Information replicated to the cloud can also be corrupted. In a poorly architected system, it can render any recovery impossible and effectively sets the datacenter back to zero.
Recovering services and information after a ransomware outage becomes a sprint against the clock as the targeted organization fights to contain and clear the crypto-ransomware and to restore mission-critical activity. Due to the fact that ransomware needs time to move laterally, assaults are usually sprung on weekends and holidays, when attacks tend to take more time to identify. This compounds the difficulty of rapidly assembling and orchestrating a knowledgeable mitigation team.
Progent makes available an assortment of solutions for securing Boise enterprises from ransomware attacks. Among these are user training to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based cyberthreat defense to detect and suppress zero-day modern malware attacks. Progent also provides the assistance of experienced ransomware recovery engineers with the talent and commitment to rebuild a breached network as rapidly as possible.
Progent's Ransomware Restoration Help
Following a ransomware attack, even paying the ransom demands in Bitcoin cryptocurrency does not ensure that criminal gangs will provide the codes to unencrypt any of your files. Kaspersky ascertained that 17% of ransomware victims never restored their files even after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the usual crypto-ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The other path is to re-install the vital components of your Information Technology environment. Without access to complete data backups, this requires a wide complement of skills, professional team management, and the ability to work 24x7 until the job is completed.
For two decades, Progent has made available expert Information Technology services for companies across the United States and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have attained advanced industry certifications in leading technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized certifications including CISM, CISSP, CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent in addition has expertise with accounting and ERP software solutions. This breadth of expertise provides Progent the ability to efficiently determine necessary systems and integrate the surviving parts of your network environment after a ransomware event and configure them into an operational network.
Progent's security team of experts utilizes powerful project management tools to coordinate the complex restoration process. Progent appreciates the urgency of working rapidly and in unison with a customer's management and Information Technology resources to prioritize tasks and to put the most important applications back on line as soon as humanly possible.
Customer Case Study: A Successful Ransomware Penetration Restoration
A business escalated to Progent after their network was penetrated by Ryuk crypto-ransomware. Ryuk is generally considered to have been developed by North Korean state criminal gangs, possibly adopting strategies leaked from the U.S. NSA organization. Ryuk targets specific organizations with little or no room for operational disruption and is one of the most profitable iterations of crypto-ransomware. Major targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a single-location manufacturing company headquartered in Chicago and has about 500 employees. The Ryuk attack had brought down all company operations and manufacturing capabilities. Most of the client's backups had been online at the time of the attack and were damaged. The client was evaluating paying the ransom (in excess of $200K) and hoping for the best, but in the end made the decision to use Progent.
Progent worked together with the client to quickly determine and assign priority to the mission critical applications that had to be addressed to make it possible to continue business operations:
Within 48 hours, Progent was able to restore Active Directory services to its pre-attack state. Progent then performed rebuilding and storage recovery of the most important applications. All Microsoft Exchange Server ties and configuration information were intact, which accelerated the restore of Exchange. Progent was able to locate local OST data files (Microsoft Outlook Off-Line Folder Files) on various PCs in order to recover mail information. A not too old offline backup of the customer's accounting/ERP systems made it possible to recover these required services back available to users. Although significant work was left to recover totally from the Ryuk damage, critical systems were restored quickly:
Throughout the next month critical milestones in the recovery process were made through close cooperation between Progent consultants and the customer:
Conclusion
A possible business catastrophe was evaded through the efforts of top-tier professionals, a broad range of knowledge, and tight collaboration. Although upon completion of forensics the ransomware penetration detailed here would have been identified and prevented with up-to-date security systems and recognized best practices, user and IT administrator training, and properly executed incident response procedures for information backup and keeping systems up to date with security patches, the reality is that state-sponsored cybercriminals from Russia, China and elsewhere are relentless and are not going away. If you do get hit by a crypto-ransomware incident, feel confident that Progent's team of experts has extensive experience in crypto-ransomware virus blocking, cleanup, and information systems restoration.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer story, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Expertise in Boise
For ransomware system recovery consulting services in the Boise metro area, phone Progent at