Crypto-Ransomware : Your Feared IT Catastrophe
Crypto-Ransomware has become an escalating cyberplague that poses an enterprise-level threat for businesses vulnerable to an assault. Versions of crypto-ransomware like the Reveton, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been around for many years and continue to inflict damage. More recent variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, as well as more unnamed viruses, not only do encryption of on-line data files but also infect all available system backup. Data replicated to off-site disaster recovery sites can also be corrupted. In a poorly designed environment, this can make automatic recovery impossible and effectively sets the entire system back to square one.
Getting back applications and information following a crypto-ransomware outage becomes a race against the clock as the targeted organization struggles to stop the spread and cleanup the ransomware and to restore mission-critical operations. Because crypto-ransomware requires time to spread, assaults are often launched on weekends and holidays, when penetrations tend to take more time to detect. This multiplies the difficulty of promptly marshalling and coordinating a qualified response team.
Progent has a range of help services for protecting Valencia businesses from ransomware attacks. Among these are team education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based threat protection to discover and extinguish zero-day malware attacks. Progent also provides the services of experienced crypto-ransomware recovery engineers with the talent and commitment to restore a compromised network as quickly as possible.
Progent's Ransomware Restoration Help
Following a crypto-ransomware event, paying the ransom in Bitcoin cryptocurrency does not provide any assurance that criminal gangs will provide the needed keys to decrypt any or all of your files. Kaspersky estimated that 17% of ransomware victims never recovered their files even after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the typical crypto-ransomware demands, which ZDNET estimated to be approximately $13,000 for small businesses. The alternative is to piece back together the key elements of your IT environment. Without the availability of full information backups, this calls for a broad range of IT skills, top notch project management, and the willingness to work non-stop until the task is completed.
For two decades, Progent has made available professional Information Technology services for companies throughout the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes consultants who have attained top industry certifications in foundation technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity engineers have garnered internationally-renowned industry certifications including CISM, CISSP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has experience in accounting and ERP software solutions. This breadth of experience affords Progent the skills to quickly identify necessary systems and consolidate the remaining components of your Information Technology environment following a crypto-ransomware event and rebuild them into a functioning network.
Progent's ransomware group uses powerful project management tools to coordinate the complex recovery process. Progent appreciates the urgency of working rapidly and in concert with a client's management and Information Technology resources to assign priority to tasks and to get the most important services back on-line as fast as humanly possible.
Client Story: A Successful Crypto-Ransomware Attack Response
A small business hired Progent after their organization was attacked by the Ryuk ransomware. Ryuk is believed to have been launched by North Korean state cybercriminals, suspected of using techniques leaked from the United States National Security Agency. Ryuk goes after specific organizations with little or no tolerance for operational disruption and is one of the most profitable versions of ransomware. High publicized victims include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing business based in Chicago with about 500 employees. The Ryuk attack had paralyzed all company operations and manufacturing processes. Most of the client's system backups had been online at the beginning of the attack and were eventually encrypted. The client considered paying the ransom demand (in excess of two hundred thousand dollars) and wishfully thinking for good luck, but in the end utilized Progent.
Progent worked together with the client to quickly get our arms around and prioritize the mission critical services that needed to be addressed to make it possible to restart business operations:
In less than two days, Progent was able to re-build Active Directory services to its pre-attack state. Progent then assisted with setup and hard drive recovery on key applications. All Exchange Server schema and attributes were intact, which accelerated the rebuild of Exchange. Progent was able to assemble intact OST files (Outlook Email Off-Line Data Files) on staff workstations in order to recover mail data. A not too old offline backup of the customer's financials/ERP systems made them able to recover these required programs back on-line. Although significant work was left to recover completely from the Ryuk attack, critical services were recovered rapidly:
During the following month critical milestones in the recovery project were made through close cooperation between Progent engineers and the client:
Conclusion
A probable company-ending catastrophe was dodged due to hard-working professionals, a broad array of IT skills, and tight teamwork. Although in analyzing the event afterwards the crypto-ransomware incident described here could have been identified and blocked with modern security technology and best practices, staff education, and well designed incident response procedures for information backup and applying software patches, the reality is that government-sponsored cyber criminals from Russia, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware incursion, feel confident that Progent's roster of professionals has extensive experience in ransomware virus blocking, mitigation, and information systems restoration.
Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Valencia
For ransomware cleanup consulting in the Valencia metro area, phone Progent at