Crypto-Ransomware : Your Crippling Information Technology Catastrophe
Ransomware has become an escalating cyber pandemic that presents an enterprise-level danger for businesses vulnerable to an attack. Different iterations of ransomware like the CrySIS, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been circulating for many years and still inflict harm. More recent variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, plus additional as yet unnamed viruses, not only encrypt online data but also infiltrate any accessible system backups. Files synched to the cloud can also be corrupted. In a vulnerable data protection solution, it can render any restore operations impossible and basically sets the entire system back to zero.
Retrieving services and data following a ransomware attack becomes a race against time as the targeted business tries its best to contain and clear the crypto-ransomware and to restore business-critical activity. Because ransomware takes time to move laterally, penetrations are frequently sprung at night, when successful attacks tend to take longer to recognize. This multiplies the difficulty of promptly assembling and organizing an experienced response team.
Progent makes available a variety of support services for securing Miami Beach organizations from ransomware penetrations. Among these are user training to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based threat defense to detect and disable zero-day malware assaults. Progent in addition can provide the assistance of veteran crypto-ransomware recovery consultants with the talent and commitment to rebuild a compromised network as soon as possible.
Progent's Ransomware Restoration Help
After a ransomware event, sending the ransom in cryptocurrency does not provide any assurance that cyber criminals will return the needed codes to decrypt any of your data. Kaspersky Labs determined that seventeen percent of ransomware victims never recovered their information after having sent off the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the typical ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller businesses. The fallback is to piece back together the mission-critical elements of your Information Technology environment. Absent the availability of full information backups, this calls for a broad complement of IT skills, professional project management, and the ability to work 24x7 until the task is finished.
For decades, Progent has provided professional Information Technology services for companies across the United States and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have attained top certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security specialists have garnered internationally-recognized industry certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of experience gives Progent the ability to rapidly determine important systems and organize the remaining pieces of your IT environment after a ransomware event and assemble them into an operational network.
Progent's security team uses top notch project management tools to orchestrate the sophisticated recovery process. Progent understands the importance of working swiftly and in unison with a customer's management and Information Technology staff to assign priority to tasks and to get key applications back on-line as fast as possible.
Customer Case Study: A Successful Ransomware Intrusion Response
A client sought out Progent after their network system was brought down by the Ryuk crypto-ransomware. Ryuk is believed to have been launched by North Korean state hackers, suspected of using approaches exposed from the U.S. National Security Agency. Ryuk attacks specific businesses with little or no room for operational disruption and is one of the most profitable instances of ransomware. Well Known organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturing company located in the Chicago metro area and has around 500 workers. The Ryuk event had disabled all business operations and manufacturing capabilities. The majority of the client's backups had been directly accessible at the beginning of the intrusion and were damaged. The client was pursuing financing for paying the ransom demand (in excess of $200K) and wishfully thinking for the best, but ultimately utilized Progent.
Progent worked hand in hand the customer to rapidly assess and prioritize the key applications that had to be recovered in order to resume departmental operations:
Within 48 hours, Progent was able to rebuild Active Directory to its pre-attack state. Progent then initiated rebuilding and hard drive recovery on key applications. All Exchange Server schema and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to locate local OST data files (Microsoft Outlook Offline Data Files) on various PCs in order to recover mail information. A recent offline backup of the client's financials/MRP software made them able to recover these essential applications back online. Although significant work was left to recover fully from the Ryuk attack, essential systems were returned to operations quickly:
Over the next month critical milestones in the recovery process were accomplished through close collaboration between Progent team members and the customer:
Conclusion
A likely business-killing disaster was dodged by hard-working professionals, a broad range of technical expertise, and close teamwork. Although in hindsight the ransomware virus penetration detailed here should have been stopped with modern cyber security technology and ISO/IEC 27001 best practices, user and IT administrator education, and properly executed security procedures for data protection and proper patching controls, the reality is that government-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware incursion, remember that Progent's team of professionals has substantial experience in crypto-ransomware virus defense, cleanup, and file recovery.
Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Expertise in Miami Beach
For ransomware system restoration services in the Miami Beach area, phone Progent at