Crypto-Ransomware : Your Feared IT Nightmare
Ransomware has become a too-frequent cyberplague that represents an extinction-level threat for businesses unprepared for an assault. Multiple generations of crypto-ransomware such as Dharma, Fusob, Locky, SamSam and MongoLock cryptoworms have been circulating for a long time and continue to cause damage. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, as well as daily unnamed newcomers, not only perform encryption of on-line files but also infect all available system restores and backups. Data synched to the cloud can also be corrupted. In a poorly designed data protection solution, this can make any restoration useless and effectively knocks the network back to zero.
Getting back online applications and information following a ransomware event becomes a sprint against the clock as the targeted business tries its best to contain the damage, clear the ransomware, and restore enterprise-critical activity. Due to the fact that ransomware takes time to move laterally across a network, attacks are frequently launched at night, when successful penetrations in many cases take more time to discover. This compounds the difficulty of promptly marshalling and orchestrating a knowledgeable response team.
Progent makes available a variety of support services for protecting Grand Rapids enterprises from crypto-ransomware attacks. Among these are user training to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based threat defense to detect and quarantine day-zero malware assaults. Progent in addition can provide the assistance of experienced crypto-ransomware recovery consultants with the skills and commitment to restore a compromised network as urgently as possible.
Progent's Ransomware Restoration Help
Soon after a ransomware penetration, sending the ransom demands in cryptocurrency does not guarantee that merciless criminals will return the keys to unencrypt any or all of your data. Kaspersky determined that 17% of ransomware victims never recovered their data after having paid the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms are often a few hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions. The fallback is to piece back together the critical parts of your Information Technology environment. Absent the availability of complete information backups, this requires a wide range of skill sets, well-coordinated project management, and the capability to work continuously until the job is finished.
For decades, Progent has provided professional IT services for companies throughout the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have attained advanced industry certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have garnered internationally-renowned certifications including CISA, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience in accounting and ERP applications. This breadth of experience provides Progent the capability to rapidly ascertain important systems and re-organize the surviving pieces of your Information Technology system following a ransomware attack and assemble them into a functioning system.
Progent's security group utilizes state-of-the-art project management systems to coordinate the complicated recovery process. Progent knows the importance of acting rapidly and in unison with a client's management and IT resources to prioritize tasks and to get the most important systems back on-line as soon as possible.
Client Story: A Successful Ransomware Penetration Response
A customer escalated to Progent after their network was brought down by Ryuk ransomware virus. Ryuk is generally considered to have been launched by North Korean state sponsored criminal gangs, suspected of using algorithms leaked from the U.S. National Security Agency. Ryuk goes after specific businesses with limited ability to sustain operational disruption and is among the most profitable instances of ransomware. High publicized targets include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturing business headquartered in the Chicago metro area and has around 500 workers. The Ryuk event had frozen all business operations and manufacturing capabilities. Most of the client's system backups had been directly accessible at the time of the attack and were encrypted. The client was actively seeking loans for paying the ransom demand (in excess of $200,000) and praying for the best, but in the end reached out to Progent.
Progent worked with the client to rapidly identify and assign priority to the mission critical areas that had to be recovered in order to restart departmental operations:
In less than 48 hours, Progent was able to re-build Active Directory services to its pre-virus state. Progent then helped perform setup and storage recovery of essential servers. All Exchange Server ties and attributes were usable, which accelerated the rebuild of Exchange. Progent was also able to assemble intact OST files (Outlook Email Off-Line Data Files) on team desktop computers and laptops to recover email messages. A recent off-line backup of the client's accounting/MRP software made it possible to return these essential services back online for users. Although a lot of work needed to be completed to recover completely from the Ryuk virus, critical systems were restored rapidly:
During the following month key milestones in the recovery project were made through close collaboration between Progent team members and the client:
Conclusion
A likely business-ending disaster was avoided with top-tier experts, a broad range of technical expertise, and tight teamwork. Although in analyzing the event afterwards the crypto-ransomware penetration described here could have been identified and prevented with modern cyber security technology solutions and recognized best practices, team education, and well designed incident response procedures for backup and applying software patches, the fact is that government-sponsored hackers from China, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a ransomware incident, remember that Progent's roster of experts has a proven track record in ransomware virus blocking, remediation, and information systems disaster recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Grand Rapids
For ransomware cleanup expertise in the Grand Rapids area, call Progent at