Crypto-Ransomware : Your Feared Information Technology Catastrophe
Ransomware has become a too-frequent cyber pandemic that represents an existential threat for businesses of all sizes unprepared for an assault. Multiple generations of ransomware like the Reveton, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for a long time and continue to inflict havoc. More recent versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus additional unnamed viruses, not only perform encryption of on-line information but also infect any configured system protection. Information synched to the cloud can also be ransomed. In a vulnerable system, it can render automated restore operations hopeless and effectively sets the datacenter back to square one.
Getting back online services and information following a ransomware event becomes a sprint against the clock as the victim struggles to contain, remove the virus, and restore enterprise-critical activity. Because ransomware requires time to spread throughout a targeted network, assaults are often launched on weekends, when successful attacks may take longer to detect. This compounds the difficulty of rapidly marshalling and organizing a qualified response team.
Progent has a variety of support services for securing Lower Manhattan enterprises from crypto-ransomware events. These include user training to become familiar with and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based cyberthreat defense to discover and suppress day-zero malware attacks. Progent in addition offers the assistance of experienced ransomware recovery consultants with the talent and perseverance to re-deploy a breached system as urgently as possible.
Progent's Ransomware Recovery Help
After a ransomware event, even paying the ransom demands in cryptocurrency does not guarantee that cyber criminals will respond with the keys to decrypt any of your information. Kaspersky Labs determined that seventeen percent of ransomware victims never recovered their information even after having paid the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms are often a few hundred thousand dollars. For larger enterprises, the ransom can be in the millions. The other path is to piece back together the key elements of your IT environment. Absent access to complete data backups, this calls for a broad complement of IT skills, top notch team management, and the willingness to work continuously until the job is finished.
For decades, Progent has offered professional Information Technology services for companies throughout the United States and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have been awarded top certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security consultants have garnered internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience in accounting and ERP applications. This breadth of experience affords Progent the ability to efficiently ascertain necessary systems and consolidate the surviving parts of your IT environment following a ransomware event and assemble them into an operational system.
Progent's security group deploys best of breed project management tools to coordinate the complex recovery process. Progent appreciates the urgency of acting swiftly and in unison with a client's management and IT staff to assign priority to tasks and to put essential services back on line as soon as possible.
Client Story: A Successful Ransomware Intrusion Restoration
A customer engaged Progent after their organization was taken over by the Ryuk ransomware. Ryuk is believed to have been launched by North Korean government sponsored hackers, possibly adopting techniques exposed from the United States National Security Agency. Ryuk targets specific organizations with little room for operational disruption and is one of the most profitable iterations of ransomware. Headline victims include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturer based in the Chicago metro area with about 500 workers. The Ryuk event had frozen all company operations and manufacturing processes. Most of the client's data backups had been directly accessible at the start of the attack and were encrypted. The client was taking steps for paying the ransom (exceeding $200K) and wishfully thinking for the best, but ultimately called Progent.
Progent worked hand in hand the client to rapidly identify and assign priority to the critical systems that needed to be addressed in order to resume business operations:
In less than 2 days, Progent was able to rebuild Active Directory services to its pre-intrusion state. Progent then initiated setup and hard drive recovery on the most important systems. All Exchange ties and attributes were usable, which greatly helped the restore of Exchange. Progent was able to find intact OST data files (Outlook Offline Folder Files) on staff workstations and laptops in order to recover email information. A recent offline backup of the customer's accounting/MRP systems made it possible to recover these required programs back available to users. Although a lot of work needed to be completed to recover completely from the Ryuk virus, core services were returned to operations quickly:
Over the next month critical milestones in the restoration process were made in tight collaboration between Progent team members and the client:
Conclusion
A potential company-ending disaster was averted due to top-tier professionals, a wide spectrum of technical expertise, and tight teamwork. Although in retrospect the ransomware attack detailed here would have been prevented with modern security technology and ISO/IEC 27001 best practices, team education, and well thought out security procedures for information protection and keeping systems up to date with security patches, the reality is that government-sponsored hackers from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware incident, feel confident that Progent's roster of professionals has proven experience in ransomware virus defense, mitigation, and information systems restoration.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Lower Manhattan
For ransomware system restoration consulting in the Lower Manhattan area, phone Progent at