Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become a modern cyber pandemic that poses an enterprise-level threat for businesses vulnerable to an attack. Multiple generations of crypto-ransomware such as CryptoLocker, Fusob, Locky, SamSam and MongoLock cryptoworms have been running rampant for years and still inflict havoc. Modern variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, as well as additional as yet unnamed malware, not only encrypt on-line files but also infiltrate most accessible system backups. Data synchronized to the cloud can also be rendered useless. In a poorly architected environment, this can make automated recovery useless and effectively knocks the datacenter back to zero.
Restoring programs and data after a ransomware outage becomes a sprint against time as the targeted business fights to contain the damage, remove the ransomware, and resume business-critical operations. Since ransomware requires time to move laterally across a targeted network, attacks are frequently launched on weekends and holidays, when successful attacks in many cases take longer to recognize. This multiplies the difficulty of quickly marshalling and organizing an experienced mitigation team.
Progent provides a range of help services for protecting Sandy Springs businesses from ransomware attacks. These include team member education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat defense to detect and suppress zero-day malware attacks. Progent in addition can provide the services of seasoned crypto-ransomware recovery engineers with the track record and perseverance to rebuild a compromised environment as rapidly as possible.
Progent's Ransomware Recovery Help
Subsequent to a crypto-ransomware invasion, even paying the ransom in cryptocurrency does not provide any assurance that criminal gangs will return the needed keys to decipher any or all of your data. Kaspersky estimated that seventeen percent of crypto-ransomware victims never recovered their data even after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger enterprises, the ransom demand can reach millions. The other path is to re-install the vital elements of your Information Technology environment. Absent access to complete system backups, this requires a wide range of skills, well-coordinated project management, and the ability to work continuously until the recovery project is done.
For twenty years, Progent has provided certified expert IT services for companies across the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned high-level certifications in foundation technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity engineers have earned internationally-renowned certifications including CISM, CISSP-ISSAP, ISACA CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has experience in financial systems and ERP applications. This breadth of experience provides Progent the ability to quickly ascertain critical systems and re-organize the remaining pieces of your Information Technology environment after a ransomware event and configure them into an operational system.
Progent's ransomware group deploys powerful project management tools to orchestrate the complicated recovery process. Progent understands the urgency of acting rapidly and together with a customer's management and Information Technology resources to assign priority to tasks and to get critical services back on line as soon as humanly possible.
Customer Case Study: A Successful Ransomware Incident Recovery
A customer engaged Progent after their network was brought down by the Ryuk crypto-ransomware. Ryuk is generally considered to have been developed by North Korean state cybercriminals, suspected of using strategies exposed from the United States National Security Agency. Ryuk seeks specific organizations with little or no tolerance for disruption and is among the most profitable incarnations of ransomware. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturing business located in the Chicago metro area and has around 500 employees. The Ryuk event had brought down all company operations and manufacturing processes. The majority of the client's backups had been online at the time of the attack and were destroyed. The client was taking steps for paying the ransom (more than $200K) and wishfully thinking for good luck, but ultimately engaged Progent.
Progent worked hand in hand the customer to quickly get our arms around and assign priority to the mission critical applications that needed to be recovered to make it possible to resume departmental operations:
In less than 48 hours, Progent was able to rebuild Active Directory to its pre-virus state. Progent then performed setup and hard drive recovery on mission critical systems. All Exchange Server data and attributes were intact, which facilitated the rebuild of Exchange. Progent was able to collect local OST files (Outlook Email Off-Line Data Files) on user desktop computers in order to recover mail data. A recent offline backup of the client's financials/MRP software made them able to restore these vital services back available to users. Although major work remained to recover totally from the Ryuk attack, critical services were restored quickly:
Throughout the next month critical milestones in the restoration process were achieved in close collaboration between Progent team members and the customer:
Conclusion
A possible business disaster was dodged by dedicated experts, a wide range of technical expertise, and tight teamwork. Although in analyzing the event afterwards the ransomware attack described here would have been blocked with up-to-date security technology solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user training, and properly executed security procedures for backup and applying software patches, the reality remains that government-sponsored cyber criminals from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a ransomware attack, feel confident that Progent's team of professionals has proven experience in crypto-ransomware virus blocking, mitigation, and data disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Expertise in Sandy Springs
For ransomware system recovery expertise in the Sandy Springs metro area, call Progent at