Ransomware : Your Crippling Information Technology Catastrophe
Ransomware has become a too-frequent cyber pandemic that poses an enterprise-level threat for businesses vulnerable to an attack. Different versions of ransomware like the CrySIS, WannaCry, Locky, SamSam and MongoLock cryptoworms have been out in the wild for years and still cause destruction. Newer strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, along with frequent as yet unnamed malware, not only do encryption of online files but also infiltrate all available system protection. Information replicated to the cloud can also be ransomed. In a poorly designed environment, this can render automatic recovery useless and effectively knocks the entire system back to square one.
Getting back applications and data after a ransomware outage becomes a sprint against the clock as the targeted organization tries its best to contain and remove the crypto-ransomware and to restore enterprise-critical operations. Because crypto-ransomware needs time to spread, assaults are frequently sprung on weekends, when successful attacks in many cases take more time to identify. This compounds the difficulty of quickly assembling and orchestrating a qualified response team.
Progent offers a range of support services for securing Thousand Oaks businesses from crypto-ransomware attacks. These include user education to become familiar with and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat protection to identify and disable day-zero malware assaults. Progent in addition can provide the services of experienced ransomware recovery professionals with the skills and commitment to re-deploy a compromised network as soon as possible.
Progent's Ransomware Recovery Support Services
After a ransomware event, even paying the ransom in Bitcoin cryptocurrency does not guarantee that cyber hackers will respond with the keys to unencrypt any of your information. Kaspersky determined that seventeen percent of ransomware victims never restored their files even after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is greatly higher than the average ransomware demands, which ZDNET estimated to be around $13,000 for smaller businesses. The fallback is to piece back together the mission-critical elements of your IT environment. Without access to complete system backups, this requires a wide complement of skills, top notch team management, and the willingness to work 24x7 until the job is finished.
For twenty years, Progent has offered professional IT services for companies throughout the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have attained advanced certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security consultants have garnered internationally-recognized industry certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise in financial management and ERP applications. This breadth of experience affords Progent the skills to quickly determine important systems and organize the surviving parts of your computer network system following a ransomware event and assemble them into an operational system.
Progent's security team uses top notch project management tools to coordinate the sophisticated recovery process. Progent understands the importance of working rapidly and in unison with a client's management and Information Technology team members to assign priority to tasks and to get critical systems back on line as fast as possible.
Client Case Study: A Successful Ransomware Virus Recovery
A business contacted Progent after their network system was attacked by Ryuk crypto-ransomware. Ryuk is thought to have been created by Northern Korean state sponsored hackers, possibly adopting approaches exposed from the U.S. NSA organization. Ryuk goes after specific businesses with limited room for operational disruption and is one of the most profitable instances of ransomware viruses. Headline victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturer located in Chicago and has around 500 workers. The Ryuk penetration had shut down all company operations and manufacturing processes. The majority of the client's backups had been on-line at the beginning of the attack and were destroyed. The client considered paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for the best, but in the end made the decision to use Progent.
Progent worked together with the client to rapidly get our arms around and prioritize the essential applications that had to be restored in order to continue departmental functions:
Within 2 days, Progent was able to rebuild Active Directory to its pre-attack state. Progent then accomplished reinstallations and storage recovery of essential servers. All Exchange schema and attributes were intact, which greatly helped the restore of Exchange. Progent was able to locate intact OST data files (Outlook Email Offline Data Files) on team PCs to recover mail data. A recent offline backup of the customer's accounting systems made them able to restore these required services back on-line. Although significant work needed to be completed to recover totally from the Ryuk virus, core systems were returned to operations quickly:
Throughout the next few weeks critical milestones in the recovery process were made in close collaboration between Progent engineers and the customer:
Conclusion
A likely business disaster was dodged by dedicated experts, a wide spectrum of knowledge, and tight teamwork. Although in hindsight the ransomware virus incident detailed here could have been shut down with modern cyber security technology and recognized best practices, user and IT administrator education, and well designed incident response procedures for backup and applying software patches, the reality is that state-sponsored hackers from Russia, China and elsewhere are tireless and represent an ongoing threat. If you do get hit by a crypto-ransomware penetration, remember that Progent's team of professionals has a proven track record in crypto-ransomware virus blocking, remediation, and data recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Thousand Oaks
For ransomware cleanup services in the Thousand Oaks metro area, phone Progent at