Crypto-Ransomware : Your Crippling IT Nightmare
Ransomware has become an escalating cyber pandemic that poses an enterprise-level threat for businesses of all sizes unprepared for an attack. Versions of ransomware such as Reveton, Fusob, Locky, Syskey and MongoLock cryptoworms have been out in the wild for a long time and continue to cause damage. More recent variants of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, along with frequent as yet unnamed viruses, not only encrypt on-line data files but also infiltrate many accessible system protection. Information replicated to off-site disaster recovery sites can also be rendered useless. In a vulnerable data protection solution, it can render automatic recovery useless and effectively sets the network back to zero.
Getting back online services and data after a ransomware intrusion becomes a race against time as the targeted organization fights to contain the damage and cleanup the ransomware and to resume mission-critical activity. Due to the fact that ransomware takes time to spread, penetrations are often sprung at night, when attacks tend to take longer to recognize. This compounds the difficulty of quickly marshalling and orchestrating a capable mitigation team.
Progent offers an assortment of help services for protecting Jersey City enterprises from ransomware penetrations. These include staff education to help recognize and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's AI-based cyberthreat protection to discover and quarantine zero-day modern malware attacks. Progent also can provide the assistance of expert ransomware recovery consultants with the talent and commitment to restore a compromised environment as soon as possible.
Progent's Crypto-Ransomware Restoration Services
Soon after a crypto-ransomware attack, sending the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will provide the codes to unencrypt any of your files. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their files after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the typical ransomware demands, which ZDNET estimated to be around $13,000 for smaller organizations. The alternative is to setup from scratch the essential elements of your Information Technology environment. Absent the availability of full information backups, this requires a wide complement of skills, professional project management, and the capability to work 24x7 until the task is over.
For two decades, Progent has offered certified expert Information Technology services for companies across the United States and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have attained high-level certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have garnered internationally-renowned certifications including CISM, CISSP-ISSAP, CRISC, and GIAC. (Refer to Progent's certifications). Progent in addition has experience with accounting and ERP software solutions. This breadth of expertise affords Progent the ability to rapidly understand necessary systems and integrate the surviving pieces of your network system following a ransomware penetration and rebuild them into a functioning system.
Progent's security group uses state-of-the-art project management systems to coordinate the complicated recovery process. Progent knows the urgency of working rapidly and together with a client's management and IT resources to prioritize tasks and to get essential applications back on-line as fast as humanly possible.
Case Study: A Successful Crypto-Ransomware Penetration Response
A customer hired Progent after their organization was crashed by the Ryuk ransomware virus. Ryuk is believed to have been launched by North Korean state sponsored hackers, suspected of using algorithms exposed from America's NSA organization. Ryuk attacks specific companies with limited ability to sustain operational disruption and is one of the most profitable examples of ransomware viruses. Well Known organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturing company located in the Chicago metro area and has around 500 workers. The Ryuk intrusion had paralyzed all essential operations and manufacturing processes. The majority of the client's system backups had been directly accessible at the start of the attack and were destroyed. The client was pursuing financing for paying the ransom (exceeding two hundred thousand dollars) and hoping for good luck, but ultimately called Progent.
Progent worked together with the client to rapidly identify and assign priority to the mission critical areas that had to be addressed to make it possible to continue company operations:
Within two days, Progent was able to recover Windows Active Directory to its pre-virus state. Progent then helped perform setup and hard drive recovery of essential servers. All Exchange Server schema and configuration information were intact, which facilitated the restore of Exchange. Progent was also able to locate intact OST data files (Outlook Email Offline Data Files) on staff workstations and laptops to recover email data. A not too old off-line backup of the businesses accounting software made them able to recover these vital applications back available to users. Although a large amount of work was left to recover fully from the Ryuk event, critical systems were restored rapidly:
Throughout the next couple of weeks critical milestones in the recovery project were made in close collaboration between Progent engineers and the client:
Conclusion
A probable company-ending catastrophe was averted due to results-oriented professionals, a broad array of subject matter expertise, and tight collaboration. Although in post mortem the ransomware penetration detailed here should have been blocked with modern security solutions and security best practices, user and IT administrator training, and properly executed incident response procedures for information backup and proper patching controls, the reality is that government-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a ransomware attack, remember that Progent's roster of experts has substantial experience in ransomware virus defense, removal, and information systems disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting in Jersey City
For ransomware system restoration services in the Jersey City area, phone Progent at