Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become an escalating cyber pandemic that presents an existential threat for organizations unprepared for an attack. Multiple generations of ransomware like the CrySIS, WannaCry, Locky, SamSam and MongoLock cryptoworms have been replicating for a long time and continue to inflict harm. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with frequent as yet unnamed viruses, not only encrypt on-line files but also infiltrate many accessible system protection. Data synchronized to cloud environments can also be corrupted. In a vulnerable data protection solution, it can make any restore operations useless and effectively sets the datacenter back to square one.
Retrieving services and data after a ransomware event becomes a race against the clock as the victim struggles to contain and eradicate the crypto-ransomware and to resume enterprise-critical activity. Due to the fact that crypto-ransomware requires time to move laterally, assaults are usually launched on weekends, when attacks are likely to take longer to recognize. This multiplies the difficulty of quickly marshalling and organizing a knowledgeable response team.
Progent provides a range of services for protecting Liverpool organizations from ransomware events. These include staff training to help recognize and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat defense to discover and quarantine zero-day modern malware assaults. Progent also provides the services of expert ransomware recovery consultants with the track record and commitment to restore a breached system as rapidly as possible.
Progent's Ransomware Restoration Services
After a ransomware event, paying the ransom demands in Bitcoin cryptocurrency does not provide any assurance that cyber criminals will return the needed keys to decrypt any or all of your information. Kaspersky Labs ascertained that 17% of ransomware victims never restored their information after having paid the ransom, resulting in increased losses. The gamble is also expensive. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is well above the average crypto-ransomware demands, which ZDNET determined to be approximately $13,000 for small organizations. The fallback is to piece back together the vital components of your IT environment. Without the availability of complete information backups, this requires a broad complement of IT skills, well-coordinated team management, and the capability to work 24x7 until the task is done.
For decades, Progent has offered expert Information Technology services for companies throughout the US and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned high-level industry certifications in key technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned internationally-renowned industry certifications including CISA, CISSP-ISSAP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has experience with accounting and ERP application software. This breadth of expertise provides Progent the capability to efficiently identify critical systems and consolidate the surviving components of your network system following a ransomware event and configure them into an operational system.
Progent's security team deploys powerful project management systems to coordinate the complicated restoration process. Progent knows the importance of acting swiftly and together with a client's management and Information Technology team members to assign priority to tasks and to get the most important systems back online as fast as possible.
Client Story: A Successful Crypto-Ransomware Incident Response
A customer contacted Progent after their network was taken over by Ryuk ransomware. Ryuk is generally considered to have been deployed by Northern Korean government sponsored cybercriminals, suspected of using approaches exposed from America's NSA organization. Ryuk goes after specific organizations with little tolerance for operational disruption and is one of the most lucrative iterations of ransomware. Major targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturing business located in Chicago and has about 500 staff members. The Ryuk event had shut down all business operations and manufacturing capabilities. Most of the client's data backups had been on-line at the beginning of the attack and were destroyed. The client was pursuing financing for paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for the best, but ultimately called Progent.
Progent worked with the customer to rapidly understand and assign priority to the mission critical areas that had to be recovered to make it possible to resume departmental functions:
In less than 2 days, Progent was able to restore Active Directory services to its pre-intrusion state. Progent then accomplished reinstallations and hard drive recovery of needed applications. All Microsoft Exchange Server schema and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was also able to find local OST files (Microsoft Outlook Off-Line Folder Files) on various desktop computers in order to recover email messages. A recent offline backup of the customer's manufacturing systems made it possible to return these essential applications back online for users. Although significant work remained to recover completely from the Ryuk virus, core services were returned to operations rapidly:
During the next few weeks key milestones in the recovery project were made through tight collaboration between Progent team members and the customer:
Conclusion
A likely business-killing catastrophe was dodged by hard-working experts, a wide range of subject matter expertise, and tight collaboration. Although in post mortem the ransomware penetration described here could have been blocked with modern cyber security solutions and NIST Cybersecurity Framework best practices, user and IT administrator education, and properly executed security procedures for backup and applying software patches, the fact is that state-sponsored cybercriminals from China, Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do get hit by a crypto-ransomware virus, feel confident that Progent's roster of professionals has substantial experience in ransomware virus blocking, remediation, and file recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer story, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Liverpool
For ransomware recovery consulting services in the Liverpool metro area, phone Progent at