Ransomware : Your Feared Information Technology Catastrophe
Crypto-Ransomware has become a modern cyber pandemic that represents an extinction-level threat for businesses of all sizes poorly prepared for an attack. Multiple generations of crypto-ransomware such as CryptoLocker, CryptoWall, Bad Rabbit, NotPetya and MongoLock cryptoworms have been circulating for a long time and continue to cause harm. Newer strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, plus more as yet unnamed viruses, not only do encryption of online data but also infect most available system protection. Data replicated to cloud environments can also be ransomed. In a vulnerable environment, it can make automated recovery useless and basically sets the datacenter back to zero.
Getting back services and data following a ransomware event becomes a race against the clock as the targeted organization tries its best to contain and clear the ransomware and to restore mission-critical activity. Since crypto-ransomware needs time to replicate, penetrations are frequently launched at night, when penetrations typically take longer to recognize. This multiplies the difficulty of rapidly mobilizing and organizing a knowledgeable mitigation team.
Progent offers a range of solutions for securing Birmingham organizations from crypto-ransomware penetrations. Among these are staff training to help recognize and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based threat protection to discover and disable day-zero malware attacks. Progent in addition can provide the assistance of expert crypto-ransomware recovery engineers with the skills and perseverance to restore a compromised environment as rapidly as possible.
Progent's Ransomware Restoration Help
Subsequent to a ransomware penetration, sending the ransom demands in cryptocurrency does not guarantee that merciless criminals will provide the keys to decrypt any of your files. Kaspersky Labs ascertained that 17% of crypto-ransomware victims never restored their information after having paid the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly above the usual ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller businesses. The alternative is to re-install the vital elements of your Information Technology environment. Absent access to full information backups, this calls for a broad range of skill sets, well-coordinated project management, and the capability to work 24x7 until the task is over.
For two decades, Progent has made available expert Information Technology services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have attained high-level industry certifications in important technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security consultants have earned internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has expertise in accounting and ERP applications. This breadth of expertise affords Progent the capability to efficiently understand important systems and organize the remaining parts of your computer network environment after a ransomware penetration and configure them into an operational system.
Progent's ransomware team has top notch project management tools to orchestrate the complicated recovery process. Progent understands the importance of acting rapidly and in unison with a customer's management and IT team members to prioritize tasks and to put essential applications back online as soon as humanly possible.
Customer Story: A Successful Crypto-Ransomware Incident Response
A business sought out Progent after their network was crashed by Ryuk crypto-ransomware. Ryuk is believed to have been deployed by Northern Korean state hackers, suspected of using techniques leaked from the United States National Security Agency. Ryuk seeks specific businesses with little room for operational disruption and is one of the most lucrative iterations of ransomware viruses. Major organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a single-location manufacturing business headquartered in Chicago with around 500 workers. The Ryuk intrusion had shut down all business operations and manufacturing processes. The majority of the client's data protection had been online at the time of the intrusion and were encrypted. The client was taking steps for paying the ransom demand (in excess of $200K) and hoping for the best, but in the end made the decision to use Progent.
Progent worked together with the client to rapidly determine and assign priority to the key services that needed to be addressed to make it possible to continue departmental functions:
In less than two days, Progent was able to re-build Active Directory to its pre-intrusion state. Progent then assisted with reinstallations and hard drive recovery of the most important servers. All Exchange Server ties and attributes were usable, which accelerated the rebuild of Exchange. Progent was also able to locate local OST files (Outlook Offline Folder Files) on team workstations and laptops to recover email information. A not too old off-line backup of the customer's manufacturing software made it possible to restore these required programs back on-line. Although significant work needed to be completed to recover completely from the Ryuk event, critical systems were restored quickly:
Over the following few weeks critical milestones in the restoration project were achieved in tight cooperation between Progent consultants and the customer:
Conclusion
A possible business-killing disaster was averted through the efforts of hard-working professionals, a broad range of IT skills, and close collaboration. Although in post mortem the crypto-ransomware attack described here would have been identified and blocked with modern security solutions and security best practices, team training, and well designed security procedures for information protection and applying software patches, the fact remains that government-sponsored cybercriminals from Russia, China and elsewhere are tireless and are an ongoing threat. If you do get hit by a ransomware attack, feel confident that Progent's roster of professionals has a proven track record in ransomware virus defense, cleanup, and file restoration.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Expertise in Birmingham
For ransomware recovery services in the Birmingham metro area, call Progent at