Crypto-Ransomware : Your Feared Information Technology Nightmare
Ransomware has become a too-frequent cyber pandemic that presents an enterprise-level threat for businesses of all sizes unprepared for an attack. Multiple generations of ransomware like the CryptoLocker, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been replicating for years and still inflict damage. Modern variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with more as yet unnamed viruses, not only do encryption of online files but also infiltrate most configured system protection. Data synched to cloud environments can also be corrupted. In a vulnerable data protection solution, it can make automatic recovery useless and effectively knocks the datacenter back to zero.
Retrieving applications and information after a ransomware event becomes a sprint against time as the targeted organization struggles to stop lateral movement and cleanup the ransomware and to resume mission-critical operations. Due to the fact that ransomware needs time to move laterally, assaults are frequently launched during weekends and nights, when successful penetrations typically take longer to notice. This multiplies the difficulty of rapidly marshalling and organizing a qualified response team.
Progent provides a range of services for securing Austin organizations from ransomware penetrations. Among these are team member training to help recognize and avoid phishing scams, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to setup and configuration of modern security solutions with machine learning capabilities to rapidly detect and disable day-zero cyber threats. Progent also can provide the assistance of veteran crypto-ransomware recovery engineers with the talent and perseverance to re-deploy a compromised system as urgently as possible.
Progent's Crypto-Ransomware Restoration Support Services
After a ransomware penetration, even paying the ransom demands in cryptocurrency does not guarantee that merciless criminals will respond with the codes to decipher any of your information. Kaspersky Labs estimated that 17% of ransomware victims never recovered their data even after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the typical ransomware demands, which ZDNET estimated to be approximately $13,000 for small businesses. The other path is to re-install the mission-critical parts of your IT environment. Absent access to essential information backups, this calls for a wide complement of skill sets, well-coordinated project management, and the capability to work non-stop until the recovery project is finished.
For twenty years, Progent has made available certified expert IT services for businesses across the United States and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded top certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security consultants have garnered internationally-renowned certifications including CISM, CISSP-ISSAP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has expertise in accounting and ERP application software. This breadth of experience affords Progent the capability to knowledgably determine necessary systems and organize the remaining parts of your IT environment following a ransomware penetration and assemble them into an operational network.
Progent's security group uses powerful project management tools to coordinate the complicated restoration process. Progent understands the importance of acting rapidly and in concert with a customer’s management and Information Technology staff to prioritize tasks and to get key services back on line as fast as humanly possible.
Case Study: A Successful Ransomware Penetration Response
A customer engaged Progent after their network was attacked by Ryuk crypto-ransomware. Ryuk is generally considered to have been created by North Korean government sponsored hackers, suspected of adopting strategies leaked from America’s NSA organization. Ryuk goes after specific organizations with limited ability to sustain operational disruption and is among the most lucrative examples of ransomware. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing company headquartered in Chicago and has around 500 employees. The Ryuk intrusion had brought down all essential operations and manufacturing capabilities. The majority of the client's backups had been directly accessible at the time of the intrusion and were destroyed. The client was evaluating paying the ransom demand (exceeding $200,000) and wishfully thinking for the best, but ultimately brought in Progent.
Progent worked together with the customer to quickly assess and assign priority to the mission critical applications that had to be restored in order to restart departmental operations:
In less than 2 days, Progent was able to re-build Active Directory services to its pre-intrusion state. Progent then completed setup and hard drive recovery of needed applications. All Microsoft Exchange Server ties and configuration information were usable, which greatly helped the restore of Exchange. Progent was able to assemble local OST files (Microsoft Outlook Offline Folder Files) on various workstations in order to recover mail information. A not too old offline backup of the client's accounting/MRP systems made it possible to return these vital programs back online for users. Although a lot of work needed to be completed to recover fully from the Ryuk damage, core systems were recovered rapidly:
During the following few weeks important milestones in the restoration process were made in close collaboration between Progent engineers and the customer:
Conclusion
A potential enterprise-killing catastrophe was dodged by dedicated experts, a broad range of knowledge, and tight collaboration. Although upon completion of forensics the ransomware penetration described here could have been blocked with advanced cyber security technology and security best practices, user and IT administrator education, and well designed security procedures for data protection and applying software patches, the reality remains that state-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do get hit by a ransomware incursion, remember that Progent's roster of experts has substantial experience in crypto-ransomware virus blocking, cleanup, and file disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Services in Austin
For ransomware system restoration consulting services in the Austin area, call Progent at