Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become an escalating cyberplague that poses an existential threat for businesses unprepared for an assault. Different iterations of ransomware like the CrySIS, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been running rampant for years and continue to inflict damage. Newer variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, along with frequent unnamed malware, not only perform encryption of on-line information but also infiltrate all configured system protection mechanisms. Information synched to cloud environments can also be ransomed. In a poorly architected system, this can make any recovery hopeless and effectively sets the entire system back to zero.
Recovering applications and information after a ransomware outage becomes a race against the clock as the targeted business struggles to stop lateral movement, clear the ransomware, and restore mission-critical activity. Since ransomware takes time to move laterally across a targeted network, penetrations are usually launched during weekends and nights, when penetrations in many cases take longer to uncover. This compounds the difficulty of rapidly assembling and organizing a capable response team.
Progent offers a variety of services for securing Birmingham businesses from ransomware events. These include team member training to become familiar with and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat defense to detect and suppress zero-day malware assaults. Progent in addition offers the services of expert ransomware recovery consultants with the track record and commitment to reconstruct a compromised network as soon as possible.
Progent's Ransomware Recovery Support Services
Following a crypto-ransomware attack, even paying the ransom in cryptocurrency does not ensure that distant criminals will return the codes to decipher any or all of your data. Kaspersky estimated that 17% of ransomware victims never restored their data even after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms are often a few hundred thousand dollars. For larger organizations, the ransom can reach millions. The alternative is to setup from scratch the vital elements of your IT environment. Without access to full data backups, this calls for a broad complement of IT skills, professional project management, and the willingness to work 24x7 until the job is completed.
For decades, Progent has offered professional IT services for companies across the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have attained top certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security engineers have garnered internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise in accounting and ERP software solutions. This breadth of expertise provides Progent the skills to rapidly determine necessary systems and integrate the remaining parts of your network system after a ransomware attack and configure them into a functioning network.
Progent's security team of experts deploys top notch project management systems to orchestrate the complicated restoration process. Progent knows the urgency of acting swiftly and in concert with a customer's management and IT staff to prioritize tasks and to put the most important systems back on-line as fast as humanly possible.
Customer Story: A Successful Crypto-Ransomware Intrusion Response
A client engaged Progent after their company was taken over by Ryuk ransomware. Ryuk is generally considered to have been created by North Korean state criminal gangs, possibly using algorithms exposed from the U.S. National Security Agency. Ryuk attacks specific companies with limited ability to sustain operational disruption and is one of the most lucrative examples of ransomware viruses. Headline organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing business headquartered in the Chicago metro area and has around 500 workers. The Ryuk intrusion had disabled all company operations and manufacturing capabilities. Most of the client's backups had been on-line at the start of the intrusion and were destroyed. The client was evaluating paying the ransom demand (more than $200,000) and praying for good luck, but in the end engaged Progent.
Progent worked together with the customer to rapidly get our arms around and assign priority to the most important applications that needed to be recovered in order to resume departmental operations:
Within two days, Progent was able to rebuild Windows Active Directory to its pre-intrusion state. Progent then charged ahead with setup and storage recovery on the most important servers. All Exchange ties and configuration information were usable, which facilitated the rebuild of Exchange. Progent was also able to locate intact OST files (Microsoft Outlook Offline Folder Files) on team desktop computers in order to recover mail information. A not too old off-line backup of the client's manufacturing software made them able to restore these essential programs back online. Although significant work was left to recover totally from the Ryuk virus, core systems were recovered quickly:
During the next month critical milestones in the recovery project were achieved in close collaboration between Progent team members and the customer:
Conclusion
A potential business catastrophe was averted through the efforts of dedicated experts, a broad spectrum of technical expertise, and close collaboration. Although in analyzing the event afterwards the ransomware attack detailed here could have been stopped with modern security technology solutions and best practices, staff training, and well designed incident response procedures for information backup and proper patching controls, the fact is that government-sponsored cybercriminals from Russia, China and elsewhere are relentless and are not going away. If you do fall victim to a ransomware penetration, feel confident that Progent's team of professionals has extensive experience in ransomware virus blocking, remediation, and file disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Expertise in Birmingham
For ransomware system recovery consulting in the Birmingham area, call Progent at