Ransomware : Your Worst Information Technology Catastrophe
Ransomware has become an escalating cyber pandemic that represents an extinction-level danger for businesses of all sizes unprepared for an assault. Different iterations of ransomware such as Reveton, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been replicating for many years and continue to cause havoc. Modern variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, as well as frequent unnamed newcomers, not only do encryption of on-line data but also infect many accessible system backup. Files synchronized to the cloud can also be corrupted. In a vulnerable data protection solution, it can make automated restore operations useless and effectively sets the entire system back to zero.
Getting back online applications and data after a crypto-ransomware outage becomes a sprint against time as the targeted business struggles to stop lateral movement and eradicate the crypto-ransomware and to restore enterprise-critical activity. Since crypto-ransomware needs time to spread, assaults are often launched on weekends, when successful attacks tend to take more time to discover. This compounds the difficulty of promptly mobilizing and coordinating an experienced response team.
Progent makes available an assortment of services for protecting Morgan Hill organizations from crypto-ransomware events. These include user education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat defense to detect and extinguish zero-day malware attacks. Progent also offers the assistance of seasoned crypto-ransomware recovery engineers with the talent and commitment to restore a breached system as rapidly as possible.
Progent's Crypto-Ransomware Recovery Help
Soon after a ransomware attack, paying the ransom demands in Bitcoin cryptocurrency does not ensure that distant criminals will provide the needed keys to decipher all your files. Kaspersky ascertained that seventeen percent of ransomware victims never restored their information after having paid the ransom, resulting in more losses. The risk is also very costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the average crypto-ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The other path is to re-install the mission-critical elements of your IT environment. Absent access to complete data backups, this requires a broad complement of skills, well-coordinated project management, and the ability to work non-stop until the job is complete.
For decades, Progent has provided certified expert Information Technology services for companies across the US and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have earned advanced certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have earned internationally-renowned certifications including CISM, CISSP-ISSAP, CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise with accounting and ERP application software. This breadth of experience affords Progent the ability to quickly identify important systems and consolidate the surviving pieces of your IT system following a ransomware penetration and configure them into a functioning network.
Progent's ransomware group deploys state-of-the-art project management applications to coordinate the complex recovery process. Progent appreciates the importance of acting rapidly and in unison with a customer's management and Information Technology resources to assign priority to tasks and to get essential systems back on line as soon as humanly possible.
Case Study: A Successful Ransomware Incident Response
A business contacted Progent after their network was crashed by the Ryuk ransomware. Ryuk is generally considered to have been developed by North Korean state sponsored cybercriminals, suspected of using technology exposed from the U.S. National Security Agency. Ryuk targets specific businesses with little or no tolerance for operational disruption and is one of the most lucrative instances of crypto-ransomware. Headline victims include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturer headquartered in Chicago and has around 500 workers. The Ryuk event had frozen all essential operations and manufacturing capabilities. The majority of the client's data backups had been on-line at the beginning of the attack and were encrypted. The client was taking steps for paying the ransom demand (more than $200,000) and wishfully thinking for the best, but in the end engaged Progent.
Progent worked together with the customer to quickly identify and prioritize the critical services that needed to be recovered in order to restart business operations:
Within two days, Progent was able to rebuild Active Directory to its pre-virus state. Progent then completed setup and hard drive recovery of critical applications. All Exchange ties and configuration information were usable, which facilitated the rebuild of Exchange. Progent was also able to find local OST data files (Outlook Offline Data Files) on staff desktop computers in order to recover email information. A not too old offline backup of the client's accounting/ERP software made them able to return these vital services back available to users. Although a lot of work was left to recover totally from the Ryuk damage, the most important systems were returned to operations quickly:
Throughout the following couple of weeks critical milestones in the recovery process were achieved through tight collaboration between Progent team members and the client:
Conclusion
A possible business catastrophe was avoided by top-tier experts, a broad spectrum of IT skills, and close teamwork. Although upon completion of forensics the crypto-ransomware virus incident detailed here should have been disabled with modern security technology solutions and recognized best practices, user and IT administrator education, and properly executed security procedures for data backup and keeping systems up to date with security patches, the reality remains that government-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a ransomware virus, remember that Progent's roster of professionals has substantial experience in crypto-ransomware virus blocking, cleanup, and data recovery.
Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Morgan Hill
For ransomware system recovery consulting services in the Morgan Hill area, phone Progent at