Ransomware : Your Crippling Information Technology Disaster
Ransomware has become an escalating cyber pandemic that represents an existential danger for businesses of all sizes unprepared for an attack. Different versions of ransomware like the CryptoLocker, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been circulating for years and continue to cause harm. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, plus more unnamed viruses, not only encrypt on-line critical data but also infect most configured system protection mechanisms. Files replicated to cloud environments can also be encrypted. In a poorly architected environment, this can make automated restore operations impossible and effectively sets the datacenter back to zero.
Getting back services and data after a ransomware outage becomes a sprint against time as the targeted business struggles to stop lateral movement, clear the ransomware, and resume mission-critical operations. Because ransomware requires time to spread across a targeted network, penetrations are often launched on weekends and holidays, when successful attacks tend to take longer to identify. This compounds the difficulty of promptly marshalling and organizing a qualified response team.
Progent provides a variety of help services for securing Fresno businesses from crypto-ransomware attacks. Among these are team member education to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat protection to identify and suppress zero-day malware attacks. Progent in addition provides the assistance of experienced crypto-ransomware recovery consultants with the skills and perseverance to rebuild a breached system as urgently as possible.
Progent's Ransomware Recovery Help
Subsequent to a crypto-ransomware penetration, sending the ransom demands in cryptocurrency does not ensure that cyber criminals will return the needed keys to decipher all your data. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their data even after having sent off the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom can be in the millions of dollars. The alternative is to piece back together the key parts of your IT environment. Absent access to complete information backups, this calls for a wide range of skills, professional team management, and the ability to work continuously until the task is over.
For decades, Progent has provided certified expert Information Technology services for businesses across the United States and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have earned advanced certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security consultants have earned internationally-renowned industry certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience in accounting and ERP applications. This breadth of experience provides Progent the skills to rapidly understand necessary systems and organize the remaining parts of your network system following a ransomware event and rebuild them into an operational network.
Progent's security team of experts deploys powerful project management applications to coordinate the complex restoration process. Progent knows the urgency of working rapidly and in unison with a customer's management and IT team members to assign priority to tasks and to put essential services back online as soon as possible.
Business Case Study: A Successful Ransomware Virus Recovery
A customer hired Progent after their organization was penetrated by Ryuk ransomware. Ryuk is generally considered to have been created by North Korean state cybercriminals, suspected of using algorithms exposed from America's NSA organization. Ryuk targets specific businesses with little or no ability to sustain disruption and is among the most lucrative examples of crypto-ransomware. Headline targets include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a regional manufacturer based in the Chicago metro area and has around 500 workers. The Ryuk event had disabled all company operations and manufacturing processes. The majority of the client's backups had been directly accessible at the time of the intrusion and were eventually encrypted. The client was taking steps for paying the ransom demand (in excess of $200,000) and hoping for the best, but ultimately brought in Progent.
Progent worked with the customer to quickly assess and prioritize the key areas that had to be addressed in order to continue departmental functions:
Within two days, Progent was able to re-build Active Directory to its pre-intrusion state. Progent then helped perform rebuilding and hard drive recovery of key systems. All Exchange Server schema and configuration information were usable, which accelerated the restore of Exchange. Progent was also able to find local OST data files (Microsoft Outlook Offline Folder Files) on staff PCs and laptops to recover email information. A not too old off-line backup of the client's financials/MRP software made them able to return these required applications back online for users. Although significant work still had to be done to recover totally from the Ryuk virus, critical services were recovered quickly:
Over the following month critical milestones in the restoration project were achieved in close collaboration between Progent consultants and the customer:
Conclusion
A potential business-killing disaster was avoided due to top-tier professionals, a wide array of knowledge, and tight teamwork. Although in hindsight the ransomware virus incident detailed here could have been identified and disabled with advanced cyber security solutions and security best practices, user education, and appropriate incident response procedures for data protection and applying software patches, the reality remains that government-sponsored hackers from China, North Korea and elsewhere are relentless and represent an ongoing threat. If you do get hit by a ransomware incursion, remember that Progent's team of professionals has proven experience in ransomware virus defense, remediation, and information systems disaster recovery.
Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Expertise in Fresno
For ransomware recovery consulting in the Fresno metro area, call Progent at