Ransomware : Your Worst IT Nightmare
Ransomware has become an escalating cyber pandemic that presents an existential threat for organizations vulnerable to an assault. Multiple generations of ransomware like the Dharma, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for many years and continue to inflict damage. Newer variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as more as yet unnamed newcomers, not only perform encryption of online data files but also infiltrate most available system protection mechanisms. Data synched to cloud environments can also be corrupted. In a vulnerable environment, this can render automated recovery useless and basically knocks the network back to zero.
Getting back online applications and data following a ransomware intrusion becomes a race against the clock as the targeted business tries its best to stop the spread, cleanup the virus, and resume business-critical operations. Because ransomware takes time to replicate throughout a targeted network, attacks are frequently sprung on weekends and holidays, when attacks tend to take more time to detect. This compounds the difficulty of quickly assembling and coordinating a qualified mitigation team.
Progent offers an assortment of support services for securing Valencia enterprises from crypto-ransomware events. Among these are user training to become familiar with and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based threat protection to discover and quarantine zero-day modern malware assaults. Progent also can provide the assistance of experienced ransomware recovery engineers with the track record and perseverance to rebuild a breached network as urgently as possible.
Progent's Crypto-Ransomware Restoration Support Services
After a crypto-ransomware penetration, paying the ransom demands in cryptocurrency does not provide any assurance that merciless criminals will respond with the needed codes to unencrypt any of your information. Kaspersky ascertained that 17% of ransomware victims never restored their files even after having sent off the ransom, resulting in increased losses. The gamble is also expensive. Ryuk ransoms are typically a few hundred thousand dollars. For larger enterprises, the ransom can be in the millions of dollars. The fallback is to setup from scratch the key elements of your IT environment. Absent the availability of full information backups, this calls for a wide complement of skills, top notch project management, and the willingness to work continuously until the job is over.
For decades, Progent has made available expert Information Technology services for companies across the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes consultants who have earned top certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have garnered internationally-renowned certifications including CISM, CISSP, CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience in accounting and ERP application software. This breadth of expertise affords Progent the capability to rapidly determine critical systems and re-organize the remaining pieces of your computer network system after a ransomware penetration and assemble them into a functioning network.
Progent's recovery group has powerful project management tools to orchestrate the complex recovery process. Progent appreciates the importance of working swiftly and in unison with a customer's management and IT team members to prioritize tasks and to put key systems back on-line as fast as possible.
Customer Story: A Successful Crypto-Ransomware Intrusion Response
A business sought out Progent after their network was attacked by Ryuk ransomware. Ryuk is believed to have been developed by North Korean government sponsored hackers, possibly adopting techniques leaked from America's NSA organization. Ryuk goes after specific companies with little tolerance for operational disruption and is among the most lucrative examples of ransomware. Well Known victims include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a regional manufacturer based in Chicago and has around 500 staff members. The Ryuk attack had paralyzed all company operations and manufacturing processes. The majority of the client's system backups had been directly accessible at the beginning of the intrusion and were eventually encrypted. The client was taking steps for paying the ransom (more than two hundred thousand dollars) and wishfully thinking for good luck, but in the end made the decision to use Progent.
Progent worked with the client to rapidly identify and assign priority to the most important systems that had to be recovered in order to resume departmental functions:
In less than two days, Progent was able to re-build Active Directory to its pre-attack state. Progent then completed setup and hard drive recovery of the most important applications. All Microsoft Exchange Server schema and attributes were usable, which facilitated the restore of Exchange. Progent was also able to assemble local OST files (Microsoft Outlook Offline Data Files) on user workstations to recover email information. A not too old offline backup of the customer's financials/ERP systems made them able to recover these essential programs back on-line. Although a large amount of work remained to recover fully from the Ryuk event, core systems were returned to operations rapidly:
Throughout the next few weeks critical milestones in the recovery project were accomplished through tight cooperation between Progent engineers and the customer:
Conclusion
A possible enterprise-killing disaster was avoided by dedicated experts, a wide array of IT skills, and close collaboration. Although in retrospect the ransomware penetration detailed here could have been stopped with modern cyber security technology solutions and best practices, user and IT administrator training, and properly executed incident response procedures for information backup and proper patching controls, the fact remains that government-sponsored cybercriminals from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a ransomware penetration, feel confident that Progent's team of experts has a proven track record in crypto-ransomware virus defense, cleanup, and data disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Valencia
For ransomware recovery consulting services in the Valencia area, phone Progent at