Ransomware : Your Crippling IT Catastrophe
Ransomware has become an escalating cyber pandemic that poses an enterprise-level threat for organizations vulnerable to an attack. Multiple generations of ransomware like the Reveton, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been around for many years and still inflict destruction. More recent variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as more unnamed viruses, not only do encryption of on-line data files but also infect most available system protection. Data synchronized to off-site disaster recovery sites can also be corrupted. In a vulnerable data protection solution, it can render any restore operations hopeless and basically knocks the datacenter back to zero.
Getting back online programs and data after a ransomware intrusion becomes a sprint against time as the targeted business fights to stop the spread and cleanup the virus and to restore mission-critical operations. Due to the fact that ransomware takes time to replicate, assaults are frequently sprung during weekends and nights, when penetrations tend to take longer to uncover. This multiplies the difficulty of promptly mobilizing and coordinating an experienced mitigation team.
Progent provides a range of support services for protecting Portland organizations from ransomware events. Among these are team member training to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat protection to detect and quarantine zero-day malware attacks. Progent also can provide the services of veteran ransomware recovery consultants with the skills and commitment to reconstruct a compromised system as urgently as possible.
Progent's Ransomware Restoration Support Services
Soon after a crypto-ransomware event, sending the ransom demands in Bitcoin cryptocurrency does not guarantee that distant criminals will return the keys to decrypt any or all of your information. Kaspersky Labs ascertained that 17% of ransomware victims never restored their data after having sent off the ransom, resulting in increased losses. The gamble is also expensive. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the usual ransomware demands, which ZDNET determined to be approximately $13,000 for smaller businesses. The alternative is to piece back together the critical elements of your IT environment. Without access to full data backups, this calls for a wide complement of skills, well-coordinated project management, and the willingness to work non-stop until the job is complete.
For two decades, Progent has made available professional Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have attained top certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally-recognized industry certifications including CISA, CISSP-ISSAP, CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of experience provides Progent the ability to quickly ascertain necessary systems and re-organize the surviving parts of your Information Technology system following a crypto-ransomware penetration and configure them into an operational system.
Progent's ransomware team deploys powerful project management systems to coordinate the complex restoration process. Progent understands the importance of acting rapidly and in unison with a customer's management and Information Technology resources to assign priority to tasks and to get critical applications back on line as fast as possible.
Client Story: A Successful Crypto-Ransomware Intrusion Restoration
A client contacted Progent after their network was taken over by the Ryuk ransomware virus. Ryuk is generally considered to have been deployed by Northern Korean state sponsored criminal gangs, suspected of adopting strategies exposed from the U.S. National Security Agency. Ryuk seeks specific companies with little or no tolerance for operational disruption and is one of the most lucrative iterations of ransomware. High publicized victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturer headquartered in Chicago and has about 500 employees. The Ryuk attack had paralyzed all essential operations and manufacturing processes. The majority of the client's information backups had been directly accessible at the time of the attack and were damaged. The client was pursuing financing for paying the ransom (in excess of $200K) and wishfully thinking for the best, but ultimately brought in Progent.
Progent worked with the customer to quickly determine and assign priority to the essential systems that had to be addressed in order to continue departmental operations:
Within 2 days, Progent was able to re-build Windows Active Directory to its pre-attack state. Progent then charged ahead with setup and storage recovery of mission critical systems. All Exchange Server data and attributes were usable, which accelerated the restore of Exchange. Progent was able to locate non-encrypted OST files (Outlook Email Off-Line Data Files) on various desktop computers and laptops in order to recover mail messages. A not too old off-line backup of the businesses accounting software made them able to recover these vital programs back on-line. Although a lot of work was left to recover fully from the Ryuk damage, core services were returned to operations rapidly:
Over the next few weeks important milestones in the restoration project were made through tight cooperation between Progent engineers and the client:
Conclusion
A probable business extinction disaster was evaded by hard-working experts, a wide array of knowledge, and tight teamwork. Although in retrospect the ransomware penetration detailed here could have been stopped with current cyber security solutions and best practices, team training, and appropriate security procedures for information backup and applying software patches, the fact remains that state-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a crypto-ransomware virus, remember that Progent's team of professionals has proven experience in crypto-ransomware virus blocking, removal, and file disaster recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Portland
For ransomware system recovery expertise in the Portland area, call Progent at