Ransomware : Your Feared Information Technology Catastrophe
Crypto-Ransomware has become a modern cyber pandemic that represents an existential danger for businesses of all sizes vulnerable to an assault. Multiple generations of crypto-ransomware such as Dharma, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been replicating for years and continue to cause destruction. Newer versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with additional unnamed malware, not only do encryption of on-line data but also infiltrate all configured system protection. Files synched to off-site disaster recovery sites can also be ransomed. In a poorly architected system, it can make automatic restoration useless and effectively knocks the network back to square one.
Retrieving services and information after a ransomware event becomes a sprint against the clock as the targeted business tries its best to stop lateral movement and remove the ransomware and to restore business-critical activity. Because ransomware requires time to move laterally, penetrations are often launched on weekends and holidays, when penetrations typically take longer to identify. This multiplies the difficulty of rapidly marshalling and orchestrating a knowledgeable mitigation team.
Progent makes available a range of help services for protecting Valencia enterprises from ransomware attacks. These include staff education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based cyberthreat defense to identify and quarantine zero-day malware attacks. Progent in addition provides the assistance of veteran ransomware recovery engineers with the skills and commitment to reconstruct a compromised environment as soon as possible.
Progent's Crypto-Ransomware Restoration Help
After a ransomware attack, even paying the ransom demands in Bitcoin cryptocurrency does not guarantee that distant criminals will provide the keys to unencrypt any of your information. Kaspersky ascertained that 17% of ransomware victims never restored their information even after having sent off the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the usual crypto-ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The fallback is to re-install the mission-critical parts of your Information Technology environment. Without the availability of full data backups, this requires a broad complement of IT skills, professional team management, and the ability to work non-stop until the job is over.
For two decades, Progent has made available professional Information Technology services for businesses across the U.S. and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have been awarded advanced certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security specialists have garnered internationally-recognized certifications including CISA, CISSP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent also has expertise in financial management and ERP applications. This breadth of experience gives Progent the ability to rapidly identify necessary systems and organize the remaining components of your Information Technology environment after a ransomware event and rebuild them into a functioning system.
Progent's ransomware team utilizes best of breed project management systems to coordinate the sophisticated recovery process. Progent appreciates the urgency of acting swiftly and in concert with a customer's management and IT team members to assign priority to tasks and to put critical applications back on-line as fast as humanly possible.
Client Story: A Successful Crypto-Ransomware Attack Response
A small business engaged Progent after their organization was attacked by Ryuk ransomware virus. Ryuk is thought to have been deployed by North Korean state criminal gangs, possibly using approaches exposed from America's NSA organization. Ryuk goes after specific organizations with limited room for disruption and is one of the most profitable versions of ransomware viruses. Major victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing company located in Chicago and has around 500 workers. The Ryuk attack had shut down all essential operations and manufacturing processes. The majority of the client's data protection had been on-line at the time of the attack and were damaged. The client considered paying the ransom demand (in excess of two hundred thousand dollars) and praying for the best, but in the end made the decision to use Progent.
Progent worked hand in hand the customer to quickly identify and assign priority to the most important areas that had to be addressed to make it possible to continue company functions:
In less than two days, Progent was able to recover Active Directory to its pre-virus state. Progent then completed setup and hard drive recovery on needed applications. All Exchange Server data and attributes were intact, which greatly helped the rebuild of Exchange. Progent was also able to locate local OST data files (Outlook Email Off-Line Folder Files) on staff desktop computers to recover mail messages. A not too old off-line backup of the customer's accounting/ERP systems made it possible to return these vital applications back servicing users. Although major work remained to recover totally from the Ryuk virus, essential systems were restored rapidly:
Over the next few weeks critical milestones in the restoration process were made through close collaboration between Progent consultants and the customer:
Conclusion
A likely business extinction disaster was avoided through the efforts of top-tier professionals, a wide array of subject matter expertise, and close collaboration. Although in post mortem the ransomware virus incident described here should have been prevented with advanced security systems and recognized best practices, user and IT administrator training, and well designed security procedures for data protection and keeping systems up to date with security patches, the fact is that state-sponsored hackers from Russia, China and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a crypto-ransomware virus, feel confident that Progent's team of experts has proven experience in ransomware virus defense, mitigation, and data disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting in Valencia
For ransomware system recovery consulting services in the Valencia area, call Progent at