Ransomware : Your Feared IT Disaster
Crypto-Ransomware has become a modern cyber pandemic that presents an extinction-level threat for businesses poorly prepared for an assault. Different versions of crypto-ransomware such as CryptoLocker, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been circulating for years and continue to cause harm. More recent versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, as well as additional as yet unnamed viruses, not only encrypt online data but also infiltrate all available system backup. Information synchronized to off-site disaster recovery sites can also be encrypted. In a poorly architected environment, it can make any restore operations hopeless and effectively knocks the entire system back to zero.
Restoring programs and information after a ransomware intrusion becomes a sprint against the clock as the targeted organization tries its best to contain and eradicate the ransomware and to restore mission-critical activity. Due to the fact that ransomware requires time to spread, assaults are often sprung on weekends and holidays, when attacks typically take longer to recognize. This multiplies the difficulty of quickly mobilizing and orchestrating a qualified response team.
Progent provides an assortment of solutions for protecting Thousand Oaks businesses from ransomware penetrations. Among these are staff education to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based cyberthreat defense to identify and suppress day-zero modern malware assaults. Progent in addition offers the services of expert ransomware recovery consultants with the talent and commitment to restore a compromised system as quickly as possible.
Progent's Ransomware Recovery Support Services
Soon after a ransomware attack, sending the ransom in Bitcoin cryptocurrency does not provide any assurance that cyber criminals will provide the needed codes to decrypt all your files. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their files even after having paid the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the usual ransomware demands, which ZDNET estimated to be in the range of $13,000 for small businesses. The other path is to re-install the vital components of your Information Technology environment. Absent access to essential data backups, this requires a broad range of skills, top notch team management, and the capability to work non-stop until the task is completed.
For decades, Progent has made available expert IT services for companies throughout the United States and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes professionals who have been awarded advanced industry certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security specialists have earned internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent in addition has expertise with financial management and ERP software solutions. This breadth of expertise provides Progent the skills to rapidly understand important systems and organize the surviving parts of your computer network system after a crypto-ransomware attack and assemble them into an operational system.
Progent's ransomware team utilizes state-of-the-art project management systems to coordinate the complicated recovery process. Progent understands the urgency of working swiftly and in concert with a client's management and Information Technology team members to prioritize tasks and to put critical services back on line as soon as humanly possible.
Client Case Study: A Successful Crypto-Ransomware Penetration Response
A client contacted Progent after their network was attacked by Ryuk crypto-ransomware. Ryuk is thought to have been deployed by Northern Korean state sponsored hackers, possibly using technology leaked from the U.S. National Security Agency. Ryuk goes after specific companies with little or no ability to sustain disruption and is one of the most profitable iterations of ransomware. Major targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing company located in the Chicago metro area with about 500 staff members. The Ryuk event had disabled all essential operations and manufacturing capabilities. The majority of the client's data protection had been directly accessible at the beginning of the intrusion and were encrypted. The client was actively seeking loans for paying the ransom demand (in excess of $200,000) and hoping for the best, but ultimately brought in Progent.
Progent worked hand in hand the customer to rapidly understand and assign priority to the essential systems that needed to be recovered in order to continue departmental operations:
Within 48 hours, Progent was able to re-build Active Directory services to its pre-penetration state. Progent then accomplished rebuilding and storage recovery on needed applications. All Microsoft Exchange Server schema and attributes were usable, which accelerated the rebuild of Exchange. Progent was also able to find non-encrypted OST data files (Outlook Email Offline Data Files) on team workstations to recover mail messages. A not too old offline backup of the client's accounting software made them able to recover these essential services back available to users. Although a lot of work remained to recover totally from the Ryuk virus, essential systems were restored rapidly:
Over the following month critical milestones in the recovery project were accomplished through close collaboration between Progent consultants and the customer:
Conclusion
A likely business disaster was evaded through the efforts of top-tier experts, a wide array of subject matter expertise, and tight teamwork. Although upon completion of forensics the ransomware virus attack detailed here could have been identified and blocked with modern security systems and recognized best practices, user education, and well thought out security procedures for data backup and applying software patches, the reality remains that state-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a ransomware attack, remember that Progent's team of experts has proven experience in crypto-ransomware virus blocking, removal, and information systems restoration.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Thousand Oaks
For ransomware cleanup services in the Thousand Oaks metro area, phone Progent at