Ransomware : Your Crippling IT Catastrophe
Ransomware has become a too-frequent cyber pandemic that represents an enterprise-level danger for businesses vulnerable to an attack. Versions of crypto-ransomware such as Reveton, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been replicating for a long time and continue to inflict havoc. Newer versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, plus daily unnamed viruses, not only encrypt online data files but also infiltrate all configured system backup. Files replicated to off-premises disaster recovery sites can also be rendered useless. In a vulnerable environment, it can render automated restore operations impossible and basically knocks the datacenter back to square one.
Getting back on-line applications and information following a ransomware event becomes a sprint against the clock as the targeted organization tries its best to contain, cleanup the ransomware, and restore mission-critical activity. Since ransomware takes time to move laterally across a network, penetrations are usually launched at night, when successful attacks typically take more time to discover. This multiplies the difficulty of quickly assembling and orchestrating a capable response team.
Progent provides a variety of help services for securing Jersey City businesses from crypto-ransomware attacks. These include staff training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat defense to identify and suppress day-zero malware assaults. Progent also offers the services of expert crypto-ransomware recovery professionals with the skills and commitment to reconstruct a compromised environment as urgently as possible.
Progent's Ransomware Recovery Services
After a ransomware invasion, even paying the ransom demands in cryptocurrency does not guarantee that distant criminals will provide the needed codes to decrypt any or all of your data. Kaspersky estimated that 17% of ransomware victims never restored their files after having paid the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions of dollars. The fallback is to re-install the essential elements of your IT environment. Absent access to complete data backups, this requires a wide range of IT skills, top notch team management, and the ability to work non-stop until the recovery project is done.
For decades, Progent has offered professional IT services for businesses across the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have attained top certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security specialists have earned internationally-recognized industry certifications including CISA, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has experience with financial management and ERP software solutions. This breadth of expertise affords Progent the skills to knowledgably determine important systems and integrate the remaining parts of your network system following a ransomware event and configure them into an operational system.
Progent's recovery team has best of breed project management tools to orchestrate the complex recovery process. Progent appreciates the importance of acting rapidly and in unison with a client's management and Information Technology team members to assign priority to tasks and to put essential applications back on line as soon as humanly possible.
Customer Story: A Successful Crypto-Ransomware Virus Recovery
A business sought out Progent after their network was taken over by the Ryuk ransomware virus. Ryuk is generally considered to have been developed by North Korean government sponsored criminal gangs, possibly using approaches leaked from the United States National Security Agency. Ryuk attacks specific organizations with little or no ability to sustain operational disruption and is among the most profitable instances of ransomware malware. High publicized organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing company based in Chicago with around 500 workers. The Ryuk attack had shut down all essential operations and manufacturing capabilities. Most of the client's system backups had been online at the start of the attack and were damaged. The client was evaluating paying the ransom demand (more than $200K) and wishfully thinking for good luck, but ultimately reached out to Progent.
Progent worked together with the client to quickly understand and assign priority to the mission critical elements that had to be addressed in order to restart departmental functions:
Within 48 hours, Progent was able to restore Active Directory services to its pre-penetration state. Progent then initiated reinstallations and hard drive recovery of needed servers. All Microsoft Exchange Server schema and configuration information were usable, which accelerated the restore of Exchange. Progent was able to locate intact OST files (Microsoft Outlook Off-Line Folder Files) on various desktop computers in order to recover email messages. A not too old off-line backup of the businesses accounting/ERP systems made it possible to return these essential programs back servicing users. Although a lot of work still had to be done to recover totally from the Ryuk virus, core services were restored quickly:
Throughout the following few weeks critical milestones in the recovery process were made through close collaboration between Progent consultants and the customer:
Conclusion
A probable business extinction catastrophe was avoided with results-oriented experts, a broad range of knowledge, and tight collaboration. Although upon completion of forensics the crypto-ransomware incident detailed here could have been disabled with modern cyber security solutions and security best practices, team training, and well designed security procedures for information backup and applying software patches, the fact remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware attack, remember that Progent's roster of experts has substantial experience in ransomware virus blocking, remediation, and file recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Jersey City
For ransomware system recovery consulting in the Jersey City metro area, call Progent at