Ransomware : Your Feared Information Technology Catastrophe
Ransomware has become a modern cyber pandemic that represents an extinction-level danger for businesses poorly prepared for an assault. Different iterations of ransomware such as Reveton, Fusob, Locky, SamSam and MongoLock cryptoworms have been out in the wild for years and continue to inflict damage. More recent variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, plus frequent unnamed newcomers, not only perform encryption of online files but also infiltrate any configured system backups. Files synchronized to cloud environments can also be corrupted. In a poorly architected data protection solution, it can render automatic recovery hopeless and basically knocks the datacenter back to zero.
Restoring applications and information after a ransomware event becomes a sprint against time as the targeted business fights to stop the spread, eradicate the ransomware, and restore enterprise-critical activity. Since ransomware takes time to move laterally throughout a network, penetrations are frequently sprung during nights and weekends, when penetrations tend to take longer to discover. This compounds the difficulty of rapidly mobilizing and organizing a knowledgeable response team.
Progent has an assortment of help services for protecting Waltham enterprises from crypto-ransomware penetrations. These include team member training to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's AI-based threat protection to identify and disable zero-day modern malware assaults. Progent in addition offers the services of seasoned ransomware recovery engineers with the skills and commitment to re-deploy a compromised network as quickly as possible.
Progent's Ransomware Recovery Services
After a ransomware attack, sending the ransom in cryptocurrency does not ensure that cyber hackers will respond with the codes to decipher any or all of your data. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their files after having sent off the ransom, resulting in increased losses. The gamble is also very costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The fallback is to setup from scratch the critical components of your Information Technology environment. Absent access to complete system backups, this calls for a wide range of IT skills, top notch project management, and the capability to work non-stop until the task is done.
For twenty years, Progent has made available expert IT services for companies across the U.S. and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have earned advanced certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have earned internationally-recognized certifications including CISA, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience with accounting and ERP application software. This breadth of experience provides Progent the ability to quickly ascertain critical systems and organize the surviving components of your computer network system after a ransomware attack and assemble them into an operational system.
Progent's recovery team has powerful project management systems to coordinate the complicated recovery process. Progent knows the urgency of acting swiftly and together with a client's management and Information Technology team members to prioritize tasks and to get key applications back online as fast as possible.
Case Study: A Successful Ransomware Incident Restoration
A business hired Progent after their network was crashed by the Ryuk ransomware virus. Ryuk is generally considered to have been created by North Korean government sponsored criminal gangs, possibly using technology leaked from America's NSA organization. Ryuk seeks specific organizations with little tolerance for disruption and is among the most lucrative examples of ransomware. Major targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing company based in the Chicago metro area and has about 500 workers. The Ryuk intrusion had paralyzed all essential operations and manufacturing processes. The majority of the client's data backups had been online at the beginning of the attack and were encrypted. The client was pursuing financing for paying the ransom demand (more than $200,000) and wishfully thinking for good luck, but ultimately brought in Progent.
Progent worked together with the customer to rapidly determine and assign priority to the mission critical services that had to be recovered to make it possible to resume departmental operations:
Within two days, Progent was able to rebuild Active Directory to its pre-penetration state. Progent then charged ahead with setup and hard drive recovery on critical servers. All Exchange Server ties and configuration information were intact, which accelerated the restore of Exchange. Progent was also able to assemble local OST files (Microsoft Outlook Off-Line Data Files) on user workstations to recover mail data. A recent off-line backup of the client's financials/MRP software made them able to restore these essential applications back servicing users. Although a large amount of work still had to be done to recover totally from the Ryuk attack, critical services were recovered rapidly:
Throughout the following couple of weeks important milestones in the recovery process were made in close collaboration between Progent team members and the client:
Conclusion
A likely business-ending catastrophe was avoided due to results-oriented professionals, a wide array of knowledge, and tight collaboration. Although in analyzing the event afterwards the crypto-ransomware penetration detailed here could have been disabled with modern cyber security systems and best practices, team education, and well designed security procedures for information protection and proper patching controls, the fact remains that government-sponsored cyber criminals from Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a crypto-ransomware penetration, feel confident that Progent's team of professionals has proven experience in ransomware virus defense, mitigation, and data disaster recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting in Waltham
For ransomware recovery consulting services in the Waltham metro area, call Progent at