Ransomware : Your Worst Information Technology Nightmare
Crypto-Ransomware has become an escalating cyberplague that presents an extinction-level threat for businesses of all sizes poorly prepared for an attack. Versions of ransomware such as Reveton, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been running rampant for many years and still inflict harm. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, plus daily as yet unnamed malware, not only encrypt online information but also infect any accessible system backups. Files synchronized to the cloud can also be encrypted. In a vulnerable system, this can render automated restore operations hopeless and basically knocks the entire system back to zero.
Getting back on-line programs and data after a ransomware attack becomes a sprint against time as the targeted business struggles to contain the damage and clear the virus and to resume business-critical activity. Due to the fact that crypto-ransomware requires time to replicate, assaults are usually launched on weekends and holidays, when successful penetrations typically take more time to notice. This compounds the difficulty of quickly assembling and orchestrating an experienced mitigation team.
Progent has a variety of services for securing Naples organizations from ransomware penetrations. Among these are team education to help recognize and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based cyberthreat protection to detect and extinguish zero-day modern malware assaults. Progent also can provide the services of expert crypto-ransomware recovery consultants with the skills and perseverance to re-deploy a breached system as rapidly as possible.
Progent's Ransomware Restoration Help
Soon after a crypto-ransomware penetration, even paying the ransom demands in cryptocurrency does not provide any assurance that cyber criminals will return the keys to unencrypt any or all of your files. Kaspersky ascertained that seventeen percent of crypto-ransomware victims never restored their files after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is well above the usual crypto-ransomware demands, which ZDNET determined to be in the range of $13,000 for small organizations. The alternative is to piece back together the essential parts of your IT environment. Without access to complete data backups, this calls for a broad range of IT skills, top notch team management, and the willingness to work 24x7 until the recovery project is finished.
For twenty years, Progent has made available expert Information Technology services for companies across the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have attained top certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have garnered internationally-recognized certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise affords Progent the skills to efficiently determine necessary systems and organize the remaining parts of your network system following a crypto-ransomware event and configure them into a functioning network.
Progent's recovery team deploys powerful project management systems to coordinate the complicated restoration process. Progent understands the urgency of working rapidly and in unison with a client's management and Information Technology resources to prioritize tasks and to put key services back on-line as fast as humanly possible.
Business Case Study: A Successful Ransomware Penetration Recovery
A customer contacted Progent after their network was penetrated by the Ryuk ransomware virus. Ryuk is generally considered to have been developed by Northern Korean government sponsored criminal gangs, suspected of adopting algorithms leaked from America's National Security Agency. Ryuk attacks specific organizations with limited tolerance for operational disruption and is one of the most lucrative versions of ransomware viruses. Well Known victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturer based in Chicago and has about 500 workers. The Ryuk attack had brought down all business operations and manufacturing capabilities. The majority of the client's information backups had been on-line at the beginning of the attack and were eventually encrypted. The client was actively seeking loans for paying the ransom demand (in excess of $200,000) and praying for good luck, but in the end reached out to Progent.
Progent worked together with the client to quickly determine and prioritize the mission critical elements that had to be recovered to make it possible to restart business functions:
In less than 2 days, Progent was able to rebuild Active Directory to its pre-penetration state. Progent then charged ahead with reinstallations and hard drive recovery on mission critical systems. All Microsoft Exchange Server schema and attributes were intact, which facilitated the rebuild of Exchange. Progent was able to collect non-encrypted OST data files (Outlook Email Off-Line Data Files) on staff workstations to recover mail data. A not too old offline backup of the client's financials/ERP software made it possible to recover these essential applications back servicing users. Although a large amount of work remained to recover completely from the Ryuk event, critical services were restored quickly:
Over the following month critical milestones in the restoration process were made through tight cooperation between Progent team members and the client:
Conclusion
A likely business catastrophe was averted by dedicated professionals, a broad range of IT skills, and tight collaboration. Although in retrospect the ransomware incident detailed here could have been blocked with current security technology and ISO/IEC 27001 best practices, team education, and well thought out security procedures for backup and proper patching controls, the fact is that state-sponsored cybercriminals from Russia, China and elsewhere are relentless and will continue. If you do fall victim to a ransomware penetration, remember that Progent's team of professionals has extensive experience in crypto-ransomware virus blocking, mitigation, and data disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Naples
For ransomware system restoration services in the Naples metro area, call Progent at