Crypto-Ransomware : Your Worst IT Nightmare
Ransomware has become a too-frequent cyber pandemic that represents an existential danger for businesses unprepared for an attack. Different versions of crypto-ransomware such as Reveton, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been out in the wild for a long time and still cause harm. Newer variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, as well as frequent as yet unnamed malware, not only do encryption of on-line information but also infect most accessible system restores and backups. Information synchronized to cloud environments can also be encrypted. In a poorly architected environment, this can render automatic restore operations hopeless and basically knocks the datacenter back to zero.
Retrieving applications and data after a ransomware outage becomes a race against the clock as the targeted organization tries its best to contain the damage and clear the crypto-ransomware and to resume mission-critical activity. Since ransomware needs time to replicate, penetrations are frequently launched during weekends and nights, when penetrations typically take more time to discover. This compounds the difficulty of quickly assembling and coordinating a knowledgeable response team.
Progent provides an assortment of help services for securing Jersey City businesses from crypto-ransomware attacks. These include user education to help recognize and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat protection to detect and quarantine zero-day malware attacks. Progent in addition offers the services of experienced ransomware recovery engineers with the talent and commitment to re-deploy a compromised network as quickly as possible.
Progent's Crypto-Ransomware Restoration Help
Subsequent to a crypto-ransomware penetration, sending the ransom in cryptocurrency does not guarantee that merciless criminals will provide the codes to decipher any or all of your data. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their data after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is greatly above the average ransomware demands, which ZDNET estimated to be around $13,000 for smaller businesses. The fallback is to piece back together the mission-critical elements of your IT environment. Without access to essential system backups, this calls for a wide complement of skill sets, well-coordinated team management, and the willingness to work 24x7 until the job is over.
For decades, Progent has offered certified expert Information Technology services for companies throughout the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have attained advanced industry certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have earned internationally-renowned industry certifications including CISM, CISSP, CRISC, and GIAC. (Refer to Progent's certifications). Progent also has experience in financial management and ERP applications. This breadth of expertise provides Progent the skills to knowledgably identify important systems and organize the surviving pieces of your network system after a ransomware attack and assemble them into a functioning network.
Progent's ransomware team of experts deploys best of breed project management systems to orchestrate the complicated recovery process. Progent appreciates the importance of working quickly and in concert with a client's management and Information Technology team members to assign priority to tasks and to get key applications back on line as soon as humanly possible.
Case Study: A Successful Ransomware Intrusion Response
A small business sought out Progent after their company was crashed by Ryuk ransomware. Ryuk is thought to have been created by Northern Korean state cybercriminals, possibly adopting techniques exposed from the U.S. National Security Agency. Ryuk attacks specific companies with little or no room for disruption and is among the most lucrative iterations of ransomware viruses. Headline organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturer headquartered in the Chicago metro area with about 500 employees. The Ryuk penetration had frozen all essential operations and manufacturing processes. The majority of the client's system backups had been on-line at the start of the attack and were eventually encrypted. The client was pursuing financing for paying the ransom (more than $200,000) and praying for the best, but ultimately brought in Progent.
Progent worked with the client to quickly identify and assign priority to the essential areas that needed to be addressed to make it possible to restart company operations:
Within two days, Progent was able to re-build Active Directory services to its pre-attack state. Progent then completed reinstallations and hard drive recovery of key servers. All Exchange ties and attributes were usable, which facilitated the restore of Exchange. Progent was also able to locate local OST files (Outlook Email Offline Data Files) on staff workstations to recover email data. A recent offline backup of the customer's accounting/MRP software made them able to return these essential applications back available to users. Although significant work remained to recover completely from the Ryuk attack, core services were returned to operations rapidly:
Throughout the next month key milestones in the recovery project were completed in tight cooperation between Progent team members and the client:
Conclusion
A potential business extinction catastrophe was averted due to hard-working professionals, a wide array of technical expertise, and tight collaboration. Although in post mortem the ransomware virus penetration described here should have been shut down with current security technology and ISO/IEC 27001 best practices, team education, and well thought out incident response procedures for data protection and proper patching controls, the reality remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a crypto-ransomware incident, feel confident that Progent's team of experts has a proven track record in ransomware virus blocking, remediation, and data recovery.
Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Services in Jersey City
For ransomware cleanup consulting services in the Jersey City metro area, phone Progent at