Crypto-Ransomware : Your Worst IT Nightmare
Ransomware has become a too-frequent cyberplague that represents an enterprise-level threat for businesses of all sizes vulnerable to an attack. Multiple generations of ransomware such as CrySIS, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been around for a long time and continue to inflict damage. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus frequent unnamed malware, not only encrypt on-line data files but also infect most configured system restores and backups. Information synchronized to cloud environments can also be corrupted. In a poorly architected data protection solution, it can make automatic restoration hopeless and basically sets the network back to zero.
Getting back on-line programs and information after a crypto-ransomware attack becomes a race against the clock as the victim tries its best to stop the spread and eradicate the ransomware and to resume business-critical activity. Due to the fact that crypto-ransomware requires time to spread, assaults are frequently launched on weekends, when successful penetrations may take more time to recognize. This multiplies the difficulty of promptly marshalling and coordinating a knowledgeable mitigation team.
Progent provides a variety of help services for protecting Tukwila organizations from crypto-ransomware events. These include staff education to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's AI-based threat defense to discover and quarantine day-zero modern malware assaults. Progent also offers the assistance of veteran crypto-ransomware recovery professionals with the talent and perseverance to rebuild a breached network as soon as possible.
Progent's Ransomware Restoration Support Services
After a ransomware attack, paying the ransom in Bitcoin cryptocurrency does not guarantee that criminal gangs will return the needed codes to unencrypt any or all of your data. Kaspersky Labs estimated that 17% of crypto-ransomware victims never restored their data even after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is well above the average ransomware demands, which ZDNET determined to be in the range of $13,000 for small organizations. The alternative is to piece back together the critical elements of your Information Technology environment. Without access to essential data backups, this requires a wide complement of IT skills, professional project management, and the willingness to work non-stop until the task is finished.
For twenty years, Progent has provided expert Information Technology services for businesses throughout the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded top industry certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security specialists have garnered internationally-recognized industry certifications including CISM, CISSP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has experience in accounting and ERP software solutions. This breadth of expertise gives Progent the capability to efficiently determine necessary systems and organize the remaining pieces of your IT environment following a ransomware event and configure them into an operational network.
Progent's ransomware team of experts deploys top notch project management systems to coordinate the complicated restoration process. Progent knows the urgency of working rapidly and in concert with a customer's management and Information Technology staff to prioritize tasks and to get the most important services back on line as soon as humanly possible.
Case Study: A Successful Ransomware Virus Recovery
A client contacted Progent after their network was brought down by Ryuk ransomware virus. Ryuk is thought to have been created by North Korean government sponsored cybercriminals, suspected of using strategies leaked from the United States National Security Agency. Ryuk goes after specific companies with little or no room for disruption and is one of the most profitable iterations of ransomware viruses. Well Known organizations include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing business located in Chicago and has around 500 employees. The Ryuk attack had paralyzed all essential operations and manufacturing capabilities. The majority of the client's information backups had been on-line at the time of the intrusion and were damaged. The client was actively seeking loans for paying the ransom demand (exceeding $200,000) and wishfully thinking for good luck, but ultimately made the decision to use Progent.
Progent worked hand in hand the client to quickly identify and prioritize the mission critical elements that needed to be recovered in order to resume departmental operations:
In less than two days, Progent was able to restore Windows Active Directory to its pre-intrusion state. Progent then completed rebuilding and hard drive recovery on needed systems. All Microsoft Exchange Server schema and attributes were usable, which greatly helped the restore of Exchange. Progent was also able to assemble intact OST data files (Outlook Off-Line Data Files) on team workstations and laptops in order to recover email data. A recent off-line backup of the customer's financials/ERP software made them able to restore these required programs back on-line. Although a large amount of work was left to recover totally from the Ryuk attack, core services were restored rapidly:
During the next few weeks key milestones in the recovery project were achieved through close cooperation between Progent team members and the client:
Conclusion
A possible enterprise-killing disaster was evaded by hard-working professionals, a broad spectrum of IT skills, and close collaboration. Although in analyzing the event afterwards the ransomware virus attack described here would have been shut down with up-to-date security systems and ISO/IEC 27001 best practices, staff education, and properly executed incident response procedures for information backup and keeping systems up to date with security patches, the fact is that government-sponsored cyber criminals from Russia, China and elsewhere are relentless and will continue. If you do fall victim to a crypto-ransomware incursion, remember that Progent's roster of professionals has a proven track record in crypto-ransomware virus blocking, remediation, and information systems restoration.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer story, click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Tukwila
For ransomware system recovery expertise in the Tukwila area, phone Progent at