Ransomware : Your Worst Information Technology Catastrophe
Ransomware has become an escalating cyberplague that represents an enterprise-level danger for businesses of all sizes poorly prepared for an attack. Different versions of ransomware like the CrySIS, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been out in the wild for many years and still inflict destruction. Modern variants of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, plus additional as yet unnamed newcomers, not only do encryption of on-line critical data but also infiltrate most accessible system restores and backups. Files synched to the cloud can also be corrupted. In a vulnerable data protection solution, it can render automated recovery impossible and basically sets the entire system back to zero.
Getting back programs and information after a crypto-ransomware attack becomes a race against the clock as the targeted business tries its best to stop the spread and eradicate the ransomware and to resume business-critical activity. Due to the fact that ransomware takes time to spread, penetrations are frequently sprung on weekends and holidays, when successful attacks tend to take more time to discover. This multiplies the difficulty of rapidly mobilizing and orchestrating a qualified response team.
Progent has an assortment of help services for securing Jersey City organizations from ransomware attacks. Among these are staff training to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat defense to discover and suppress day-zero modern malware assaults. Progent in addition provides the assistance of seasoned crypto-ransomware recovery engineers with the track record and perseverance to rebuild a breached environment as urgently as possible.
Progent's Crypto-Ransomware Recovery Support Services
After a ransomware event, even paying the ransom in Bitcoin cryptocurrency does not ensure that distant criminals will provide the codes to decipher any or all of your information. Kaspersky Labs estimated that 17% of ransomware victims never recovered their files even after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is well above the usual crypto-ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The other path is to setup from scratch the critical parts of your IT environment. Absent access to full system backups, this requires a wide complement of skill sets, professional team management, and the ability to work continuously until the recovery project is complete.
For twenty years, Progent has made available certified expert Information Technology services for businesses throughout the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have earned high-level certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have earned internationally-renowned certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has experience in accounting and ERP application software. This breadth of experience provides Progent the skills to quickly understand necessary systems and integrate the surviving pieces of your Information Technology environment following a ransomware event and assemble them into a functioning network.
Progent's recovery group has powerful project management applications to orchestrate the complicated recovery process. Progent knows the urgency of acting quickly and in unison with a client's management and Information Technology team members to prioritize tasks and to get key services back online as fast as possible.
Customer Case Study: A Successful Ransomware Penetration Response
A small business sought out Progent after their network was brought down by the Ryuk ransomware virus. Ryuk is generally considered to have been created by Northern Korean government sponsored hackers, suspected of using strategies exposed from the U.S. National Security Agency. Ryuk goes after specific companies with little room for operational disruption and is one of the most lucrative instances of ransomware malware. High publicized victims include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a single-location manufacturer based in Chicago with around 500 staff members. The Ryuk penetration had paralyzed all essential operations and manufacturing capabilities. Most of the client's data protection had been online at the start of the intrusion and were eventually encrypted. The client was evaluating paying the ransom demand (in excess of two hundred thousand dollars) and hoping for the best, but ultimately utilized Progent.
Progent worked together with the customer to rapidly determine and assign priority to the essential areas that needed to be recovered in order to restart business operations:
In less than two days, Progent was able to recover Active Directory to its pre-virus state. Progent then initiated reinstallations and hard drive recovery on essential servers. All Exchange ties and configuration information were usable, which accelerated the rebuild of Exchange. Progent was able to locate intact OST files (Outlook Email Off-Line Data Files) on staff desktop computers in order to recover email messages. A not too old off-line backup of the customer's accounting/MRP systems made them able to recover these required applications back on-line. Although a lot of work remained to recover fully from the Ryuk attack, core services were restored quickly:
Throughout the next few weeks key milestones in the restoration process were accomplished in tight cooperation between Progent engineers and the customer:
Conclusion
A likely business-ending catastrophe was avoided due to top-tier professionals, a wide array of knowledge, and close collaboration. Although upon completion of forensics the ransomware penetration detailed here would have been disabled with up-to-date cyber security systems and security best practices, user and IT administrator education, and properly executed incident response procedures for data backup and applying software patches, the fact is that government-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a crypto-ransomware incident, remember that Progent's roster of professionals has proven experience in ransomware virus blocking, mitigation, and information systems disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting Services in Jersey City
For ransomware system restoration consulting in the Jersey City metro area, call Progent at