Ransomware Protection and Recovery Solutions Miami Beach

Crypto-Ransomware : Your Feared IT Catastrophe
Crypto-Ransomware has become a modern cyber pandemic that presents an enterprise-level danger for organizations vulnerable to an assault. Versions of ransomware like the CryptoLocker, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been out in the wild for many years and still cause havoc. More recent variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, as well as frequent as yet unnamed newcomers, not only encrypt on-line files but also infiltrate any configured system backups. Files synchronized to the cloud can also be encrypted. In a poorly designed data protection solution, this can make automated recovery useless and effectively sets the entire system back to square one.

Getting back programs and information after a crypto-ransomware event becomes a race against time as the victim struggles to stop lateral movement and remove the ransomware and to resume enterprise-critical operations. Since ransomware needs time to replicate, attacks are frequently launched at night, when successful attacks are likely to take more time to recognize. This multiplies the difficulty of rapidly mobilizing and organizing a capable response team.

Progent offers a range of solutions for protecting Miami Beach enterprises from ransomware attacks. These include team member training to help recognize and avoid phishing scams, ProSight Active Security Monitoring (ASM) for remote monitoring and management, along with installation of the latest generation security solutions with artificial intelligence capabilities to automatically discover and extinguish zero-day threats. Progent also offers the services of experienced ransomware recovery professionals with the talent and perseverance to reconstruct a compromised environment as urgently as possible.

Progent's Crypto-Ransomware Restoration Services
Soon after a crypto-ransomware event, even paying the ransom in cryptocurrency does not provide any assurance that cyber criminals will return the keys to decipher any of your information. Kaspersky Labs ascertained that seventeen percent of ransomware victims never recovered their data after having paid the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is greatly above the typical ransomware demands, which ZDNET estimated to be around $13,000 for small businesses. The alternative is to piece back together the essential parts of your IT environment. Without the availability of complete data backups, this calls for a wide complement of skills, top notch team management, and the ability to work 24x7 until the recovery project is completed.

For decades, Progent has provided professional Information Technology services for businesses throughout the US and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have been awarded top certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security specialists have garnered internationally-recognized certifications including CISM, CISSP-ISSAP, CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise in financial management and ERP application software. This breadth of expertise gives Progent the ability to rapidly identify critical systems and consolidate the remaining parts of your Information Technology system following a ransomware event and assemble them into a functioning network.

Progent's recovery team of experts uses best of breed project management systems to orchestrate the sophisticated recovery process. Progent understands the urgency of working rapidly and together with a customer’s management and Information Technology team members to prioritize tasks and to put the most important systems back on line as fast as humanly possible.

Client Case Study: A Successful Crypto-Ransomware Attack Restoration
A small business sought out Progent after their network was brought down by Ryuk ransomware. Ryuk is generally considered to have been launched by Northern Korean state criminal gangs, suspected of using technology exposed from the United States National Security Agency. Ryuk seeks specific organizations with little or no room for operational disruption and is one of the most lucrative versions of ransomware. Major targets include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturer based in the Chicago metro area with around 500 workers. The Ryuk event had shut down all business operations and manufacturing processes. The majority of the client's data protection had been online at the start of the intrusion and were encrypted. The client considered paying the ransom demand (more than two hundred thousand dollars) and praying for the best, but in the end engaged Progent.

Progent worked hand in hand the client to rapidly understand and assign priority to the key applications that had to be addressed to make it possible to restart business operations:

• Active Directory (AD)
• Exchange Server
• Accounting/MRP

Within two days, Progent was able to restore Active Directory to its pre-intrusion state. Progent then helped perform rebuilding and storage recovery of the most important systems. All Exchange Server schema and attributes were intact, which accelerated the restore of Exchange. Progent was also able to locate local OST files (Outlook Offline Data Files) on various workstations in order to recover email messages. A recent offline backup of the businesses financials/ERP software made it possible to recover these vital services back online. Although a large amount of work needed to be completed to recover totally from the Ryuk event, core services were returned to operations rapidly:

Throughout the following month critical milestones in the restoration process were accomplished through tight collaboration between Progent engineers and the client:

• In-house web applications were brought back up with no loss of data.
• The MailStore Exchange Server with over 4 million archived emails was brought on-line and accessible to users.
• CRM/Customer Orders/Invoicing/Accounts Payable/AR/Inventory Control modules were 100 percent operational.
• A new Palo Alto Networks 850 firewall was brought on-line.
• Most of the user PCs were operational.

Conclusion
A possible company-ending disaster was evaded by dedicated experts, a broad spectrum of IT skills, and close collaboration. Although in hindsight the ransomware virus attack detailed here could have been identified and stopped with modern cyber security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, team education, and well thought out security procedures for backup and keeping systems up to date with security patches, the fact remains that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are tireless and will continue. If you do get hit by a crypto-ransomware incident, remember that Progent's roster of experts has proven experience in ransomware virus defense, cleanup, and file disaster recovery.

Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist