Ransomware : Your Worst Information Technology Catastrophe
Ransomware has become a too-frequent cyber pandemic that presents an enterprise-level threat for businesses poorly prepared for an attack. Different iterations of ransomware like the CryptoLocker, Fusob, Locky, Syskey and MongoLock cryptoworms have been out in the wild for a long time and still cause harm. Modern versions of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, plus more unnamed viruses, not only perform encryption of on-line data files but also infect most available system backup. Information replicated to off-premises disaster recovery sites can also be rendered useless. In a vulnerable environment, it can make automated restoration impossible and basically knocks the entire system back to zero.
Retrieving services and information after a ransomware event becomes a sprint against the clock as the targeted business tries its best to stop the spread, eradicate the virus, and resume enterprise-critical activity. Because ransomware needs time to move laterally throughout a network, penetrations are usually sprung during nights and weekends, when attacks in many cases take longer to identify. This multiplies the difficulty of promptly marshalling and organizing an experienced response team.
Progent offers a range of help services for protecting Naples businesses from ransomware attacks. These include team education to help identify and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based cyberthreat protection to detect and suppress zero-day modern malware attacks. Progent also offers the services of experienced ransomware recovery consultants with the track record and commitment to rebuild a compromised environment as urgently as possible.
Progent's Crypto-Ransomware Recovery Support Services
Soon after a crypto-ransomware penetration, paying the ransom demands in cryptocurrency does not guarantee that criminal gangs will return the codes to decrypt all your information. Kaspersky ascertained that 17% of ransomware victims never restored their information even after having sent off the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom can reach millions. The fallback is to piece back together the mission-critical components of your Information Technology environment. Absent the availability of full data backups, this requires a wide complement of skills, well-coordinated team management, and the capability to work 24x7 until the recovery project is done.
For twenty years, Progent has offered certified expert Information Technology services for businesses across the US and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have earned top industry certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity engineers have earned internationally-renowned certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience in financial systems and ERP software solutions. This breadth of experience provides Progent the capability to knowledgably determine necessary systems and consolidate the surviving components of your IT environment following a crypto-ransomware penetration and configure them into an operational system.
Progent's ransomware team uses best of breed project management applications to coordinate the complicated restoration process. Progent knows the importance of acting swiftly and in concert with a client's management and IT staff to assign priority to tasks and to get essential services back on-line as fast as humanly possible.
Customer Story: A Successful Ransomware Incident Restoration
A business sought out Progent after their network system was attacked by Ryuk ransomware. Ryuk is generally considered to have been launched by North Korean state sponsored criminal gangs, suspected of using approaches leaked from the U.S. National Security Agency. Ryuk targets specific companies with little ability to sustain disruption and is among the most lucrative versions of ransomware viruses. Headline organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturing business headquartered in the Chicago metro area with around 500 employees. The Ryuk event had frozen all company operations and manufacturing capabilities. The majority of the client's data backups had been on-line at the start of the attack and were encrypted. The client was actively seeking loans for paying the ransom demand (in excess of $200,000) and praying for good luck, but in the end brought in Progent.
Progent worked with the client to quickly identify and prioritize the most important areas that needed to be recovered to make it possible to restart business functions:
Within 2 days, Progent was able to rebuild Windows Active Directory to its pre-penetration state. Progent then charged ahead with rebuilding and storage recovery on needed applications. All Exchange ties and configuration information were intact, which accelerated the rebuild of Exchange. Progent was able to find local OST data files (Outlook Email Offline Folder Files) on various workstations and laptops to recover mail information. A not too old off-line backup of the client's financials/ERP software made them able to return these vital services back online for users. Although a lot of work remained to recover completely from the Ryuk event, essential services were recovered quickly:
Throughout the next month critical milestones in the recovery project were completed through close cooperation between Progent consultants and the client:
Conclusion
A potential enterprise-killing disaster was avoided with top-tier experts, a broad array of subject matter expertise, and close collaboration. Although in analyzing the event afterwards the crypto-ransomware virus penetration described here would have been disabled with up-to-date cyber security systems and recognized best practices, user training, and properly executed security procedures for information backup and keeping systems up to date with security patches, the fact is that government-sponsored cyber criminals from China, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a crypto-ransomware incident, remember that Progent's team of experts has proven experience in ransomware virus blocking, removal, and information systems disaster recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Naples
For ransomware cleanup consulting in the Naples metro area, call Progent at