Crypto-Ransomware : Your Crippling IT Disaster
Ransomware has become a modern cyberplague that represents an existential danger for businesses poorly prepared for an attack. Versions of crypto-ransomware such as CryptoLocker, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been running rampant for many years and continue to cause harm. Newer variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, plus additional as yet unnamed viruses, not only encrypt on-line critical data but also infect any configured system protection mechanisms. Information replicated to off-site disaster recovery sites can also be corrupted. In a vulnerable system, it can render any restore operations useless and basically knocks the network back to zero.
Getting back online services and information after a ransomware outage becomes a race against time as the targeted business tries its best to contain the damage and clear the ransomware and to resume enterprise-critical operations. Due to the fact that ransomware takes time to move laterally, assaults are often launched on weekends and holidays, when successful attacks are likely to take more time to notice. This multiplies the difficulty of quickly marshalling and organizing an experienced mitigation team.
Progent provides a variety of help services for securing Jersey City businesses from ransomware attacks. Among these are user education to become familiar with and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to deployment of next-generation security solutions with AI capabilities to automatically detect and quarantine new cyber attacks. Progent also offers the services of experienced crypto-ransomware recovery professionals with the track record and perseverance to reconstruct a compromised environment as quickly as possible.
Progent's Ransomware Restoration Support Services
Soon after a ransomware penetration, even paying the ransom in Bitcoin cryptocurrency does not ensure that merciless criminals will return the codes to decrypt all your information. Kaspersky Labs estimated that 17% of crypto-ransomware victims never recovered their information after having paid the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is well higher than the usual crypto-ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller organizations. The alternative is to piece back together the vital elements of your IT environment. Absent access to essential data backups, this requires a broad range of skill sets, professional team management, and the capability to work continuously until the job is completed.
For twenty years, Progent has made available expert Information Technology services for businesses across the US and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned top industry certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security experts have earned internationally-recognized certifications including CISM, CISSP, CRISC, and GIAC. (Visit Progent's certifications). Progent also has experience with accounting and ERP applications. This breadth of expertise gives Progent the ability to knowledgably understand important systems and integrate the remaining components of your network environment following a ransomware penetration and configure them into an operational system.
Progent's recovery team of experts uses state-of-the-art project management applications to orchestrate the complex recovery process. Progent appreciates the urgency of acting swiftly and together with a customer’s management and IT team members to assign priority to tasks and to get key services back on line as fast as humanly possible.
Client Case Study: A Successful Crypto-Ransomware Incident Restoration
A small business contacted Progent after their network system was brought down by Ryuk ransomware. Ryuk is generally considered to have been created by Northern Korean state sponsored hackers, suspected of using algorithms leaked from America’s NSA organization. Ryuk targets specific businesses with limited ability to sustain disruption and is among the most profitable iterations of crypto-ransomware. High publicized targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing company headquartered in the Chicago metro area with about 500 workers. The Ryuk event had frozen all business operations and manufacturing processes. The majority of the client's backups had been on-line at the time of the intrusion and were encrypted. The client was evaluating paying the ransom (exceeding $200,000) and wishfully thinking for good luck, but ultimately brought in Progent.
Progent worked together with the client to rapidly determine and assign priority to the essential applications that needed to be addressed to make it possible to resume company functions:
Within 2 days, Progent was able to recover Active Directory services to its pre-virus state. Progent then completed rebuilding and hard drive recovery on essential applications. All Exchange schema and attributes were usable, which facilitated the rebuild of Exchange. Progent was able to collect local OST files (Outlook Offline Folder Files) on user workstations in order to recover mail information. A recent off-line backup of the client's manufacturing systems made it possible to return these essential services back on-line. Although major work needed to be completed to recover totally from the Ryuk attack, essential systems were recovered quickly:
Over the following month important milestones in the recovery process were accomplished through close cooperation between Progent engineers and the client:
Conclusion
A potential business extinction disaster was avoided with results-oriented professionals, a broad spectrum of technical expertise, and tight collaboration. Although in post mortem the crypto-ransomware penetration described here could have been blocked with modern security technology solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator education, and properly executed security procedures for data protection and proper patching controls, the fact is that state-sponsored cyber criminals from Russia, China and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a crypto-ransomware attack, feel confident that Progent's team of experts has substantial experience in ransomware virus blocking, cleanup, and file disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Jersey City
For ransomware recovery consulting services in the Jersey City metro area, call Progent at