Crypto-Ransomware : Your Feared Information Technology Nightmare
Ransomware has become a too-frequent cyberplague that presents an extinction-level threat for organizations vulnerable to an assault. Different versions of crypto-ransomware such as Reveton, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for many years and still cause harm. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with frequent as yet unnamed viruses, not only encrypt on-line data files but also infect all configured system restores and backups. Information synchronized to off-site disaster recovery sites can also be rendered useless. In a vulnerable data protection solution, this can make automatic restoration hopeless and basically sets the entire system back to zero.
Retrieving services and information following a crypto-ransomware attack becomes a race against the clock as the targeted organization tries its best to stop the spread and eradicate the ransomware and to restore enterprise-critical activity. Since crypto-ransomware requires time to spread, penetrations are frequently sprung during nights and weekends, when successful attacks in many cases take longer to notice. This multiplies the difficulty of rapidly mobilizing and organizing a capable response team.
Progent makes available a range of services for securing Fort Lauderdale businesses from ransomware attacks. Among these are user education to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based cyberthreat defense to detect and quarantine day-zero malware assaults. Progent in addition provides the services of expert crypto-ransomware recovery professionals with the talent and commitment to re-deploy a breached environment as rapidly as possible.
Progent's Ransomware Recovery Services
Subsequent to a ransomware penetration, paying the ransom in Bitcoin cryptocurrency does not ensure that criminal gangs will provide the needed codes to unencrypt any or all of your data. Kaspersky estimated that 17% of ransomware victims never recovered their files even after having sent off the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the average crypto-ransomware demands, which ZDNET estimated to be around $13,000 for small businesses. The alternative is to piece back together the essential elements of your Information Technology environment. Absent access to full system backups, this requires a wide complement of IT skills, well-coordinated project management, and the ability to work 24x7 until the task is finished.
For two decades, Progent has provided certified expert Information Technology services for businesses across the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have been awarded high-level certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have garnered internationally-renowned industry certifications including CISM, CISSP, CRISC, and SANS GIAC. (See Progent's certifications). Progent also has experience with financial systems and ERP software solutions. This breadth of experience affords Progent the ability to quickly ascertain critical systems and re-organize the surviving pieces of your IT system following a ransomware attack and assemble them into a functioning network.
Progent's security team deploys best of breed project management tools to orchestrate the complicated recovery process. Progent knows the importance of working quickly and in unison with a customer's management and Information Technology resources to assign priority to tasks and to get critical applications back on line as soon as possible.
Customer Case Study: A Successful Crypto-Ransomware Intrusion Restoration
A small business hired Progent after their organization was penetrated by the Ryuk crypto-ransomware. Ryuk is thought to have been launched by North Korean state sponsored hackers, suspected of using techniques exposed from the U.S. National Security Agency. Ryuk attacks specific companies with little room for operational disruption and is one of the most lucrative instances of ransomware malware. High publicized organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a small manufacturing business located in Chicago with about 500 employees. The Ryuk penetration had paralyzed all business operations and manufacturing capabilities. Most of the client's system backups had been directly accessible at the start of the attack and were destroyed. The client was taking steps for paying the ransom demand (in excess of two hundred thousand dollars) and wishfully thinking for the best, but ultimately brought in Progent.
Progent worked hand in hand the customer to quickly identify and prioritize the key systems that had to be addressed in order to restart departmental functions:
In less than two days, Progent was able to recover Active Directory to its pre-intrusion state. Progent then helped perform reinstallations and hard drive recovery on needed systems. All Exchange schema and attributes were intact, which facilitated the restore of Exchange. Progent was able to assemble local OST data files (Outlook Offline Data Files) on various workstations and laptops in order to recover mail information. A recent off-line backup of the businesses accounting/ERP software made them able to return these essential applications back online. Although major work remained to recover totally from the Ryuk attack, critical services were returned to operations quickly:
During the following couple of weeks critical milestones in the restoration project were completed in close collaboration between Progent consultants and the customer:
Conclusion
A likely enterprise-killing disaster was avoided due to top-tier experts, a wide range of technical expertise, and close teamwork. Although in analyzing the event afterwards the crypto-ransomware virus penetration detailed here could have been shut down with advanced cyber security systems and ISO/IEC 27001 best practices, team education, and well thought out incident response procedures for information protection and applying software patches, the reality is that state-sponsored hackers from Russia, North Korea and elsewhere are tireless and will continue. If you do get hit by a crypto-ransomware incident, remember that Progent's team of professionals has substantial experience in ransomware virus defense, removal, and information systems recovery.
Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Fort Lauderdale
For ransomware cleanup services in the Fort Lauderdale metro area, phone Progent at