Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become a too-frequent cyber pandemic that represents an enterprise-level threat for organizations vulnerable to an assault. Versions of ransomware such as CryptoLocker, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been running rampant for a long time and continue to inflict havoc. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, along with more as yet unnamed viruses, not only do encryption of online information but also infect most available system protection mechanisms. Information synched to the cloud can also be ransomed. In a poorly designed data protection solution, this can make any restore operations hopeless and effectively sets the entire system back to zero.
Getting back programs and information following a crypto-ransomware event becomes a sprint against time as the victim fights to stop lateral movement and clear the crypto-ransomware and to resume business-critical activity. Since ransomware needs time to spread, penetrations are frequently sprung during weekends and nights, when successful attacks typically take more time to recognize. This multiplies the difficulty of promptly marshalling and orchestrating a capable mitigation team.
Progent makes available a range of help services for securing Tukwila enterprises from ransomware events. These include team member training to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based threat protection to identify and suppress zero-day modern malware attacks. Progent also offers the assistance of expert crypto-ransomware recovery consultants with the track record and perseverance to reconstruct a breached system as urgently as possible.
Progent's Ransomware Recovery Services
Following a crypto-ransomware penetration, paying the ransom demands in Bitcoin cryptocurrency does not provide any assurance that criminal gangs will respond with the codes to unencrypt all your data. Kaspersky Labs determined that 17% of ransomware victims never recovered their files after having sent off the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the usual ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The fallback is to re-install the vital elements of your Information Technology environment. Absent access to essential information backups, this calls for a wide range of IT skills, top notch project management, and the willingness to work non-stop until the job is over.
For twenty years, Progent has offered certified expert IT services for businesses throughout the United States and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have earned advanced industry certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security experts have garnered internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, and GIAC. (Refer to Progent's certifications). Progent also has expertise with accounting and ERP applications. This breadth of expertise affords Progent the capability to efficiently determine critical systems and organize the remaining parts of your IT system after a crypto-ransomware attack and configure them into a functioning network.
Progent's recovery team has powerful project management tools to orchestrate the sophisticated restoration process. Progent appreciates the urgency of acting rapidly and together with a customer's management and Information Technology team members to prioritize tasks and to get the most important systems back on line as fast as possible.
Client Case Study: A Successful Ransomware Penetration Response
A business hired Progent after their network was attacked by the Ryuk crypto-ransomware. Ryuk is believed to have been developed by Northern Korean state hackers, suspected of using technology exposed from the United States NSA organization. Ryuk targets specific businesses with little or no room for disruption and is one of the most lucrative iterations of ransomware. Major organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing company located in Chicago with around 500 staff members. The Ryuk event had frozen all essential operations and manufacturing processes. Most of the client's data protection had been online at the start of the attack and were eventually encrypted. The client was taking steps for paying the ransom demand (more than $200,000) and hoping for good luck, but in the end reached out to Progent.
Progent worked with the client to quickly identify and assign priority to the key elements that had to be recovered to make it possible to resume business operations:
Within 48 hours, Progent was able to rebuild Active Directory services to its pre-penetration state. Progent then initiated reinstallations and storage recovery on mission critical servers. All Microsoft Exchange Server schema and attributes were intact, which greatly helped the rebuild of Exchange. Progent was able to assemble local OST files (Outlook Email Offline Folder Files) on team PCs and laptops in order to recover email data. A recent offline backup of the client's accounting systems made them able to recover these vital services back on-line. Although a lot of work needed to be completed to recover fully from the Ryuk damage, critical services were returned to operations rapidly:
During the following few weeks critical milestones in the restoration process were completed in tight collaboration between Progent team members and the customer:
Conclusion
A possible business-ending catastrophe was evaded through the efforts of top-tier professionals, a broad array of knowledge, and tight teamwork. Although in retrospect the crypto-ransomware virus incident described here would have been prevented with modern cyber security technology and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, staff education, and well designed incident response procedures for data protection and keeping systems up to date with security patches, the fact remains that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a crypto-ransomware virus, remember that Progent's team of experts has proven experience in crypto-ransomware virus defense, cleanup, and file disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Tukwila
For ransomware recovery consulting in the Tukwila metro area, call Progent at