Crypto-Ransomware : Your Worst Information Technology Nightmare
Crypto-Ransomware has become a modern cyber pandemic that poses an existential danger for businesses poorly prepared for an assault. Versions of ransomware such as Dharma, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been around for years and still inflict harm. Newer versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, plus more as yet unnamed viruses, not only encrypt on-line data files but also infiltrate all configured system protection mechanisms. Files synched to off-premises disaster recovery sites can also be rendered useless. In a poorly designed data protection solution, it can make automated restoration impossible and effectively sets the datacenter back to zero.
Getting back services and information after a crypto-ransomware intrusion becomes a sprint against the clock as the victim struggles to stop lateral movement, cleanup the virus, and resume mission-critical operations. Since crypto-ransomware takes time to spread throughout a targeted network, penetrations are frequently launched on weekends, when successful attacks typically take more time to recognize. This compounds the difficulty of quickly mobilizing and coordinating an experienced response team.
Progent makes available a variety of solutions for securing Miami Beach organizations from crypto-ransomware events. Among these are staff training to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's behavior-based threat defense to discover and suppress zero-day malware attacks. Progent also provides the services of experienced ransomware recovery engineers with the track record and commitment to re-deploy a compromised network as quickly as possible.
Progent's Ransomware Restoration Help
Following a crypto-ransomware invasion, sending the ransom in cryptocurrency does not ensure that criminal gangs will provide the needed keys to unencrypt any of your files. Kaspersky Labs estimated that seventeen percent of crypto-ransomware victims never recovered their data after having paid the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms are often several hundred thousand dollars. For larger organizations, the ransom can reach millions of dollars. The alternative is to setup from scratch the critical components of your Information Technology environment. Without the availability of essential system backups, this requires a broad complement of skill sets, professional team management, and the capability to work non-stop until the task is finished.
For twenty years, Progent has provided professional IT services for companies across the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes consultants who have been awarded top industry certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security specialists have earned internationally-renowned industry certifications including CISM, CISSP-ISSAP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has expertise with accounting and ERP applications. This breadth of expertise gives Progent the capability to knowledgably identify critical systems and organize the surviving pieces of your computer network environment after a ransomware attack and assemble them into a functioning network.
Progent's security group uses state-of-the-art project management systems to orchestrate the complex restoration process. Progent knows the importance of working rapidly and in unison with a customer's management and IT staff to prioritize tasks and to put key systems back on-line as fast as humanly possible.
Customer Story: A Successful Crypto-Ransomware Penetration Response
A client contacted Progent after their network system was penetrated by Ryuk crypto-ransomware. Ryuk is generally considered to have been launched by North Korean state sponsored criminal gangs, possibly adopting techniques leaked from the U.S. NSA organization. Ryuk seeks specific companies with little or no tolerance for disruption and is one of the most lucrative instances of ransomware malware. High publicized organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing company based in the Chicago metro area with about 500 staff members. The Ryuk intrusion had disabled all business operations and manufacturing processes. Most of the client's backups had been online at the beginning of the intrusion and were damaged. The client was pursuing financing for paying the ransom demand (exceeding $200,000) and wishfully thinking for the best, but ultimately brought in Progent.
Progent worked hand in hand the client to rapidly understand and assign priority to the key systems that had to be addressed to make it possible to continue company operations:
Within 48 hours, Progent was able to recover Windows Active Directory to its pre-virus state. Progent then accomplished reinstallations and storage recovery on critical systems. All Exchange schema and configuration information were intact, which facilitated the rebuild of Exchange. Progent was able to locate non-encrypted OST data files (Outlook Off-Line Folder Files) on staff desktop computers in order to recover email information. A not too old off-line backup of the customer's financials/MRP systems made it possible to restore these required applications back online. Although a large amount of work was left to recover completely from the Ryuk virus, essential systems were recovered quickly:
Throughout the following month critical milestones in the restoration process were completed in tight cooperation between Progent team members and the client:
Conclusion
A potential business-killing catastrophe was dodged through the efforts of hard-working experts, a wide array of knowledge, and close collaboration. Although in hindsight the crypto-ransomware virus attack described here could have been identified and prevented with up-to-date security technology solutions and security best practices, user education, and appropriate incident response procedures for information protection and keeping systems up to date with security patches, the fact remains that state-sponsored cyber criminals from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a ransomware incident, feel confident that Progent's team of professionals has proven experience in ransomware virus blocking, cleanup, and information systems disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Miami Beach
For ransomware system recovery services in the Miami Beach metro area, phone Progent at