Crypto-Ransomware : Your Crippling IT Disaster
Ransomware has become a modern cyberplague that poses an enterprise-level threat for businesses unprepared for an assault. Different versions of ransomware such as CrySIS, Fusob, Locky, Syskey and MongoLock cryptoworms have been running rampant for years and continue to inflict harm. Newer versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, along with daily as yet unnamed newcomers, not only encrypt on-line files but also infiltrate many accessible system backup. Information replicated to off-premises disaster recovery sites can also be corrupted. In a poorly designed environment, it can render automatic restoration useless and basically knocks the datacenter back to square one.
Retrieving programs and data following a ransomware attack becomes a sprint against the clock as the victim fights to contain, clear the virus, and resume mission-critical activity. Due to the fact that ransomware requires time to move laterally throughout a targeted network, assaults are usually sprung on weekends, when penetrations in many cases take more time to detect. This compounds the difficulty of quickly marshalling and orchestrating a capable response team.
Progent provides an assortment of help services for securing Austin businesses from ransomware attacks. Among these are team training to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to identify and suppress zero-day modern malware attacks. Progent also provides the assistance of veteran ransomware recovery consultants with the track record and perseverance to re-deploy a breached network as soon as possible.
Progent's Ransomware Restoration Support Services
Following a ransomware invasion, sending the ransom in cryptocurrency does not ensure that criminal gangs will respond with the needed codes to decrypt any of your data. Kaspersky ascertained that 17% of ransomware victims never recovered their information after having sent off the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom demand can reach millions. The fallback is to re-install the essential parts of your IT environment. Absent the availability of full system backups, this calls for a wide complement of skill sets, professional project management, and the ability to work continuously until the task is complete.
For two decades, Progent has made available professional IT services for businesses throughout the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have been awarded advanced industry certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have earned internationally-renowned industry certifications including CISM, CISSP, CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has expertise with financial systems and ERP software solutions. This breadth of expertise provides Progent the skills to efficiently ascertain important systems and organize the surviving pieces of your network system after a ransomware attack and assemble them into a functioning system.
Progent's security group has state-of-the-art project management systems to coordinate the complex restoration process. Progent knows the importance of acting rapidly and in unison with a client's management and IT resources to assign priority to tasks and to put the most important applications back on line as fast as humanly possible.
Business Case Study: A Successful Crypto-Ransomware Virus Restoration
A business sought out Progent after their company was taken over by Ryuk crypto-ransomware. Ryuk is generally considered to have been developed by North Korean government sponsored criminal gangs, suspected of adopting algorithms leaked from America's National Security Agency. Ryuk attacks specific companies with little tolerance for disruption and is one of the most profitable instances of ransomware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing company located in Chicago with about 500 workers. The Ryuk attack had disabled all essential operations and manufacturing processes. The majority of the client's backups had been on-line at the beginning of the intrusion and were damaged. The client was taking steps for paying the ransom demand (in excess of $200,000) and wishfully thinking for the best, but in the end engaged Progent.
Progent worked hand in hand the client to rapidly get our arms around and assign priority to the essential services that had to be recovered to make it possible to continue company operations:
In less than 2 days, Progent was able to restore Active Directory to its pre-penetration state. Progent then initiated reinstallations and storage recovery on key applications. All Exchange Server data and configuration information were usable, which greatly helped the restore of Exchange. Progent was able to assemble non-encrypted OST files (Microsoft Outlook Offline Data Files) on user PCs and laptops in order to recover email messages. A recent offline backup of the customer's financials/ERP software made it possible to restore these required services back servicing users. Although a lot of work needed to be completed to recover fully from the Ryuk attack, critical services were returned to operations rapidly:
Over the next couple of weeks key milestones in the recovery project were accomplished in close collaboration between Progent consultants and the customer:
Conclusion
A probable business catastrophe was averted with dedicated experts, a wide spectrum of technical expertise, and close collaboration. Although in post mortem the ransomware virus incident described here could have been identified and stopped with advanced cyber security solutions and ISO/IEC 27001 best practices, staff training, and appropriate incident response procedures for backup and keeping systems up to date with security patches, the reality remains that government-sponsored cyber criminals from Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a ransomware attack, remember that Progent's roster of professionals has proven experience in crypto-ransomware virus defense, cleanup, and file recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Austin
For ransomware recovery consulting in the Austin metro area, phone Progent at