Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become a modern cyberplague that presents an extinction-level danger for businesses poorly prepared for an attack. Different iterations of ransomware like the CryptoLocker, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been around for a long time and continue to cause damage. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, as well as additional unnamed newcomers, not only encrypt on-line critical data but also infect any available system backups. Data synched to the cloud can also be encrypted. In a poorly architected data protection solution, it can make automated recovery impossible and effectively sets the entire system back to zero.
Getting back online services and data after a ransomware attack becomes a race against time as the targeted business fights to contain and cleanup the ransomware and to restore mission-critical activity. Because ransomware needs time to move laterally, penetrations are usually launched on weekends, when attacks in many cases take longer to uncover. This compounds the difficulty of promptly mobilizing and orchestrating a qualified response team.
Progent offers an assortment of support services for securing Sandy Springs enterprises from crypto-ransomware attacks. Among these are team training to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based cyberthreat defense to identify and disable zero-day modern malware assaults. Progent also can provide the services of seasoned crypto-ransomware recovery professionals with the skills and commitment to reconstruct a compromised system as rapidly as possible.
Progent's Crypto-Ransomware Restoration Services
Following a ransomware attack, paying the ransom in cryptocurrency does not ensure that criminal gangs will respond with the needed codes to decrypt any or all of your files. Kaspersky Labs ascertained that seventeen percent of crypto-ransomware victims never restored their information after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is well higher than the average ransomware demands, which ZDNET estimated to be approximately $13,000 for small businesses. The fallback is to re-install the essential parts of your Information Technology environment. Without the availability of complete system backups, this requires a broad range of skill sets, well-coordinated project management, and the capability to work 24x7 until the task is completed.
For twenty years, Progent has offered expert Information Technology services for companies across the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes consultants who have been awarded top certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security engineers have garnered internationally-renowned industry certifications including CISM, CISSP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has experience in accounting and ERP applications. This breadth of expertise provides Progent the capability to rapidly identify critical systems and consolidate the remaining parts of your network environment following a ransomware attack and configure them into an operational system.
Progent's ransomware team of experts has top notch project management tools to coordinate the complicated restoration process. Progent knows the urgency of working swiftly and in unison with a customer's management and IT resources to prioritize tasks and to put critical services back on-line as fast as possible.
Customer Case Study: A Successful Ransomware Penetration Response
A small business escalated to Progent after their network system was penetrated by the Ryuk ransomware virus. Ryuk is believed to have been developed by Northern Korean government sponsored hackers, possibly adopting techniques exposed from the United States NSA organization. Ryuk attacks specific organizations with little ability to sustain operational disruption and is among the most profitable iterations of ransomware malware. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing company based in the Chicago metro area and has around 500 staff members. The Ryuk attack had disabled all company operations and manufacturing capabilities. The majority of the client's information backups had been online at the start of the attack and were encrypted. The client was pursuing financing for paying the ransom (more than $200K) and wishfully thinking for good luck, but ultimately made the decision to use Progent.
Progent worked with the client to quickly assess and prioritize the mission critical elements that needed to be recovered in order to restart company functions:
In less than 2 days, Progent was able to restore Active Directory services to its pre-penetration state. Progent then initiated rebuilding and hard drive recovery of essential applications. All Exchange Server schema and configuration information were intact, which facilitated the restore of Exchange. Progent was able to collect intact OST data files (Microsoft Outlook Offline Data Files) on user PCs in order to recover mail data. A recent off-line backup of the client's manufacturing software made them able to return these essential programs back online for users. Although major work remained to recover fully from the Ryuk damage, core systems were returned to operations quickly:
Over the following few weeks key milestones in the recovery project were achieved in close collaboration between Progent engineers and the client:
Conclusion
A likely enterprise-killing disaster was evaded with hard-working professionals, a wide array of IT skills, and close teamwork. Although upon completion of forensics the ransomware virus incident described here should have been prevented with advanced security technology and ISO/IEC 27001 best practices, staff education, and appropriate incident response procedures for data backup and applying software patches, the reality remains that government-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a ransomware virus, feel confident that Progent's team of professionals has extensive experience in ransomware virus blocking, removal, and file disaster recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting Services in Sandy Springs
For ransomware recovery consulting services in the Sandy Springs area, phone Progent at