Crypto-Ransomware : Your Feared Information Technology Nightmare
Crypto-Ransomware has become an escalating cyber pandemic that represents an existential threat for businesses vulnerable to an assault. Multiple generations of ransomware such as CryptoLocker, Fusob, Locky, SamSam and MongoLock cryptoworms have been around for a long time and continue to cause destruction. More recent strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, along with daily unnamed newcomers, not only encrypt online data but also infiltrate most available system backups. Data replicated to off-site disaster recovery sites can also be rendered useless. In a vulnerable system, this can render any recovery impossible and effectively sets the entire system back to zero.
Getting back services and data following a crypto-ransomware attack becomes a race against the clock as the targeted business struggles to stop the spread and cleanup the virus and to restore mission-critical operations. Since crypto-ransomware needs time to replicate, penetrations are usually launched at night, when attacks are likely to take more time to recognize. This compounds the difficulty of rapidly mobilizing and organizing a qualified response team.
Progent has a range of services for protecting Birmingham businesses from ransomware penetrations. These include team training to help identify and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat protection to detect and disable zero-day modern malware assaults. Progent in addition provides the assistance of expert ransomware recovery engineers with the skills and commitment to restore a breached network as quickly as possible.
Progent's Crypto-Ransomware Recovery Services
Following a ransomware attack, even paying the ransom demands in cryptocurrency does not ensure that cyber criminals will provide the codes to decipher any of your data. Kaspersky determined that 17% of ransomware victims never recovered their information after having paid the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is well above the usual ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller businesses. The alternative is to piece back together the mission-critical elements of your IT environment. Absent access to essential system backups, this requires a broad range of skills, top notch team management, and the willingness to work continuously until the task is completed.
For decades, Progent has provided professional IT services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have attained high-level industry certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security engineers have earned internationally-recognized certifications including CISM, CISSP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent in addition has experience with financial systems and ERP application software. This breadth of experience provides Progent the skills to efficiently ascertain necessary systems and integrate the surviving parts of your computer network system following a crypto-ransomware event and configure them into a functioning network.
Progent's security team utilizes powerful project management applications to coordinate the complex recovery process. Progent appreciates the importance of working rapidly and together with a customer's management and IT staff to assign priority to tasks and to put the most important services back online as soon as possible.
Business Case Study: A Successful Crypto-Ransomware Incident Recovery
A client escalated to Progent after their company was crashed by Ryuk ransomware. Ryuk is generally considered to have been launched by Northern Korean government sponsored cybercriminals, suspected of using technology leaked from the United States NSA organization. Ryuk attacks specific organizations with limited room for disruption and is one of the most profitable incarnations of crypto-ransomware. Major victims include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturer based in the Chicago metro area and has about 500 staff members. The Ryuk intrusion had brought down all company operations and manufacturing processes. Most of the client's information backups had been directly accessible at the time of the attack and were damaged. The client was actively seeking loans for paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for the best, but ultimately brought in Progent.
Progent worked hand in hand the customer to rapidly assess and prioritize the critical elements that had to be restored in order to continue business operations:
In less than 48 hours, Progent was able to re-build Windows Active Directory to its pre-intrusion state. Progent then helped perform rebuilding and storage recovery on key applications. All Microsoft Exchange Server data and configuration information were usable, which greatly helped the restore of Exchange. Progent was able to find local OST data files (Outlook Email Off-Line Folder Files) on staff PCs and laptops in order to recover email information. A recent offline backup of the client's manufacturing systems made it possible to restore these required applications back on-line. Although a large amount of work needed to be completed to recover fully from the Ryuk attack, the most important systems were returned to operations quickly:
Throughout the following month critical milestones in the restoration process were accomplished in tight cooperation between Progent team members and the client:
Conclusion
A likely enterprise-killing disaster was dodged through the efforts of top-tier professionals, a wide range of IT skills, and close collaboration. Although in post mortem the crypto-ransomware attack detailed here could have been shut down with current security systems and recognized best practices, user and IT administrator training, and properly executed incident response procedures for backup and keeping systems up to date with security patches, the fact remains that state-sponsored hackers from China, Russia, North Korea and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware attack, feel confident that Progent's roster of experts has a proven track record in ransomware virus blocking, remediation, and information systems recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Birmingham
For ransomware recovery consulting services in the Birmingham area, call Progent at