Ransomware : Your Crippling Information Technology Catastrophe
Crypto-Ransomware has become an escalating cyberplague that represents an existential danger for businesses of all sizes poorly prepared for an attack. Multiple generations of ransomware such as Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been circulating for many years and continue to cause havoc. More recent versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, as well as frequent as yet unnamed viruses, not only encrypt online data files but also infect most available system restores and backups. Files replicated to off-site disaster recovery sites can also be encrypted. In a poorly architected data protection solution, it can make any restoration impossible and effectively sets the entire system back to square one.
Getting back applications and data following a ransomware outage becomes a race against time as the targeted organization struggles to stop lateral movement and eradicate the ransomware and to restore mission-critical operations. Since crypto-ransomware takes time to spread, attacks are often sprung during weekends and nights, when successful attacks tend to take longer to uncover. This compounds the difficulty of promptly marshalling and coordinating a qualified response team.
Progent provides a variety of services for securing Cincinnati businesses from ransomware events. Among these are staff training to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat protection to identify and extinguish zero-day modern malware assaults. Progent in addition offers the services of seasoned crypto-ransomware recovery consultants with the skills and perseverance to reconstruct a breached environment as soon as possible.
Progent's Crypto-Ransomware Recovery Support Services
After a ransomware attack, sending the ransom demands in Bitcoin cryptocurrency does not provide any assurance that cyber criminals will respond with the keys to decipher all your files. Kaspersky Labs estimated that 17% of crypto-ransomware victims never restored their information after having sent off the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is significantly above the typical ransomware demands, which ZDNET determined to be approximately $13,000 for small businesses. The other path is to re-install the mission-critical components of your IT environment. Absent the availability of essential data backups, this requires a broad complement of skill sets, top notch team management, and the capability to work 24x7 until the task is done.
For twenty years, Progent has offered professional IT services for businesses across the US and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have attained high-level industry certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security experts have garnered internationally-renowned industry certifications including CISM, CISSP, CRISC, and GIAC. (See Progent's certifications). Progent in addition has expertise in financial management and ERP application software. This breadth of experience gives Progent the ability to quickly identify critical systems and integrate the surviving parts of your IT environment following a ransomware attack and assemble them into an operational network.
Progent's recovery team of experts uses powerful project management tools to orchestrate the complex recovery process. Progent understands the urgency of working rapidly and in unison with a client's management and Information Technology team members to prioritize tasks and to get key applications back on line as fast as humanly possible.
Case Study: A Successful Ransomware Penetration Restoration
A client hired Progent after their network was taken over by Ryuk ransomware. Ryuk is believed to have been developed by Northern Korean state cybercriminals, suspected of using techniques exposed from the United States National Security Agency. Ryuk targets specific businesses with little or no tolerance for operational disruption and is one of the most profitable versions of ransomware viruses. Well Known victims include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturing company located in Chicago and has about 500 employees. The Ryuk penetration had paralyzed all company operations and manufacturing capabilities. Most of the client's backups had been on-line at the time of the intrusion and were eventually encrypted. The client was taking steps for paying the ransom demand (exceeding $200,000) and wishfully thinking for the best, but ultimately reached out to Progent.
Progent worked with the client to rapidly identify and assign priority to the essential services that had to be restored in order to resume company operations:
In less than two days, Progent was able to rebuild Active Directory to its pre-virus state. Progent then helped perform setup and hard drive recovery on essential servers. All Microsoft Exchange Server schema and configuration information were usable, which accelerated the rebuild of Exchange. Progent was also able to collect local OST files (Microsoft Outlook Off-Line Folder Files) on user PCs and laptops to recover email data. A not too old off-line backup of the client's accounting/MRP software made them able to recover these essential applications back online. Although a large amount of work needed to be completed to recover completely from the Ryuk event, critical systems were returned to operations quickly:
Over the next couple of weeks key milestones in the recovery process were achieved through close collaboration between Progent engineers and the client:
A likely business-killing catastrophe was evaded due to hard-working experts, a wide array of IT skills, and close teamwork. Although in retrospect the crypto-ransomware virus attack detailed here should have been identified and disabled with modern security solutions and NIST Cybersecurity Framework best practices, team education, and well thought out incident response procedures for data backup and proper patching controls, the reality remains that government-sponsored cybercriminals from China, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a ransomware attack, remember that Progent's roster of experts has proven experience in ransomware virus defense, remediation, and data recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Cincinnati
For ransomware system recovery expertise in the Cincinnati area, call Progent at