Ransomware Prevention and Remediation Solutions Lower Manhattan

Ransomware : Your Worst IT Nightmare
Ransomware has become an escalating cyber pandemic that poses an existential threat for organizations poorly prepared for an attack. Multiple generations of ransomware such as Dharma, WannaCry, Locky, SamSam and MongoLock cryptoworms have been circulating for years and continue to inflict harm. More recent strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, plus additional as yet unnamed newcomers, not only do encryption of on-line data but also infiltrate all accessible system protection. Information synched to cloud environments can also be rendered useless. In a poorly architected system, this can render automatic restore operations hopeless and effectively knocks the network back to square one.

Getting back online services and data after a ransomware event becomes a race against the clock as the targeted business struggles to stop the spread and eradicate the ransomware and to resume business-critical operations. Due to the fact that ransomware needs time to replicate, attacks are usually launched on weekends and holidays, when successful penetrations in many cases take longer to identify. This compounds the difficulty of quickly assembling and coordinating a capable mitigation team.

Progent provides a variety of solutions for securing Lower Manhattan enterprises from crypto-ransomware penetrations. These include user education to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to deployment of the latest generation security appliances with AI technology to automatically discover and suppress day-zero threats. Progent also provides the services of seasoned ransomware recovery professionals with the track record and perseverance to reconstruct a compromised system as rapidly as possible.

Progent's Ransomware Restoration Support Services
Subsequent to a crypto-ransomware attack, even paying the ransom in cryptocurrency does not provide any assurance that cyber criminals will provide the codes to decrypt any of your data. Kaspersky ascertained that 17% of ransomware victims never recovered their files after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is well above the average ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller organizations. The alternative is to setup from scratch the critical elements of your IT environment. Without the availability of complete information backups, this requires a broad range of skill sets, top notch team management, and the capability to work non-stop until the job is complete.

For decades, Progent has made available professional Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have been awarded advanced industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned internationally-renowned industry certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise with accounting and ERP application software. This breadth of expertise gives Progent the capability to rapidly identify necessary systems and re-organize the surviving pieces of your Information Technology system following a crypto-ransomware attack and assemble them into an operational network.

Progent's security team deploys best of breed project management tools to orchestrate the complex restoration process. Progent knows the urgency of acting quickly and in unison with a client's management and IT resources to assign priority to tasks and to get critical systems back online as soon as possible.

Client Story: A Successful Ransomware Virus Response
A client engaged Progent after their organization was penetrated by Ryuk ransomware virus. Ryuk is believed to have been deployed by North Korean state sponsored criminal gangs, possibly adopting technology leaked from America’s NSA organization. Ryuk targets specific companies with little room for disruption and is among the most lucrative incarnations of crypto-ransomware. High publicized victims include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing business based in the Chicago metro area with about 500 employees. The Ryuk intrusion had disabled all essential operations and manufacturing processes. Most of the client's system backups had been online at the beginning of the attack and were destroyed. The client was taking steps for paying the ransom (in excess of $200K) and hoping for the best, but ultimately brought in Progent.

Progent worked together with the client to rapidly understand and assign priority to the critical services that needed to be restored to make it possible to continue company functions:

• Active Directory (AD)
• Microsoft Exchange Email
• Accounting and Manufacturing Software

Within two days, Progent was able to recover Active Directory to its pre-penetration state. Progent then completed setup and storage recovery on mission critical applications. All Exchange Server schema and configuration information were intact, which facilitated the rebuild of Exchange. Progent was also able to find local OST files (Microsoft Outlook Off-Line Folder Files) on staff PCs in order to recover email information. A not too old offline backup of the customer’s accounting/MRP systems made them able to restore these essential services back online. Although a large amount of work remained to recover completely from the Ryuk damage, the most important services were returned to operations quickly:

Throughout the next couple of weeks critical milestones in the recovery project were accomplished in close collaboration between Progent engineers and the customer:

• Self-hosted web sites were brought back up with no loss of information.
• The MailStore Server with over four million archived messages was brought on-line and available for users.
• CRM/Orders/Invoicing/AP/AR/Inventory functions were fully operational.
• A new Palo Alto 850 security appliance was deployed.
• Nearly all of the desktops and laptops were being used by staff.

Conclusion
A possible enterprise-killing disaster was averted through the efforts of dedicated professionals, a broad array of knowledge, and close teamwork. Although in retrospect the ransomware virus incident detailed here would have been prevented with current cyber security systems and ISO/IEC 27001 best practices, user training, and properly executed incident response procedures for information backup and applying software patches, the reality is that state-sponsored cybercriminals from Russia, China and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware incursion, remember that Progent's roster of professionals has proven experience in crypto-ransomware virus blocking, removal, and file restoration.

Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist