Crypto-Ransomware : Your Crippling Information Technology Disaster
Ransomware has become a too-frequent cyber pandemic that represents an existential threat for businesses of all sizes poorly prepared for an assault. Versions of crypto-ransomware such as CrySIS, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been running rampant for many years and still cause harm. Newer variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, along with frequent as yet unnamed viruses, not only encrypt on-line data but also infect any configured system protection. Data replicated to off-site disaster recovery sites can also be encrypted. In a poorly architected data protection solution, it can render automatic restore operations hopeless and effectively sets the datacenter back to zero.
Getting back online services and information after a ransomware attack becomes a sprint against the clock as the victim tries its best to contain and cleanup the crypto-ransomware and to restore enterprise-critical operations. Because crypto-ransomware requires time to move laterally, penetrations are frequently launched on weekends, when penetrations typically take more time to detect. This multiplies the difficulty of promptly assembling and coordinating a capable mitigation team.
Progent provides a variety of solutions for securing Fresno organizations from crypto-ransomware penetrations. These include user education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to discover and suppress zero-day modern malware assaults. Progent in addition offers the assistance of seasoned crypto-ransomware recovery engineers with the track record and perseverance to restore a compromised environment as quickly as possible.
Progent's Ransomware Recovery Help
Soon after a ransomware event, even paying the ransom in Bitcoin cryptocurrency does not guarantee that distant criminals will return the codes to unencrypt all your data. Kaspersky estimated that 17% of ransomware victims never restored their files after having paid the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is well above the typical ransomware demands, which ZDNET estimated to be approximately $13,000 for small organizations. The alternative is to piece back together the mission-critical parts of your IT environment. Without access to complete data backups, this calls for a wide range of IT skills, well-coordinated project management, and the willingness to work continuously until the recovery project is completed.
For twenty years, Progent has provided expert Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have attained top certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have garnered internationally-recognized industry certifications including CISA, CISSP-ISSAP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has expertise with accounting and ERP applications. This breadth of experience gives Progent the capability to rapidly identify critical systems and integrate the surviving pieces of your network environment after a ransomware penetration and assemble them into a functioning system.
Progent's security team has best of breed project management systems to orchestrate the sophisticated restoration process. Progent appreciates the urgency of acting quickly and in unison with a client's management and Information Technology resources to prioritize tasks and to get critical systems back online as fast as humanly possible.
Business Case Study: A Successful Ransomware Penetration Recovery
A small business sought out Progent after their organization was crashed by the Ryuk crypto-ransomware. Ryuk is generally considered to have been created by North Korean government sponsored hackers, possibly using algorithms exposed from America's National Security Agency. Ryuk goes after specific businesses with little ability to sustain disruption and is one of the most profitable examples of ransomware. Headline targets include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturer based in Chicago and has about 500 staff members. The Ryuk penetration had paralyzed all essential operations and manufacturing processes. The majority of the client's system backups had been directly accessible at the time of the attack and were encrypted. The client was pursuing financing for paying the ransom (more than $200,000) and hoping for the best, but in the end engaged Progent.
Progent worked hand in hand the customer to rapidly understand and prioritize the most important areas that had to be recovered in order to resume departmental operations:
Within two days, Progent was able to restore Active Directory to its pre-attack state. Progent then performed reinstallations and storage recovery of the most important applications. All Microsoft Exchange Server data and attributes were usable, which facilitated the rebuild of Exchange. Progent was able to find non-encrypted OST files (Outlook Off-Line Data Files) on staff workstations in order to recover email information. A not too old offline backup of the customer's accounting/ERP software made them able to restore these essential services back online. Although a large amount of work still had to be done to recover completely from the Ryuk virus, critical systems were returned to operations quickly:
During the next few weeks key milestones in the recovery project were completed through close cooperation between Progent engineers and the client:
Conclusion
A potential company-ending catastrophe was avoided by results-oriented professionals, a broad array of subject matter expertise, and tight teamwork. Although upon completion of forensics the ransomware virus penetration described here could have been identified and prevented with modern security solutions and recognized best practices, team training, and appropriate incident response procedures for data protection and keeping systems up to date with security patches, the reality is that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and will continue. If you do get hit by a ransomware attack, remember that Progent's roster of professionals has substantial experience in ransomware virus blocking, cleanup, and data disaster recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Fresno
For ransomware cleanup services in the Fresno area, phone Progent at