Ransomware : Your Crippling IT Nightmare
Crypto-Ransomware has become a too-frequent cyber pandemic that presents an enterprise-level threat for businesses vulnerable to an assault. Different iterations of ransomware like the Dharma, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been running rampant for a long time and continue to inflict destruction. More recent versions of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, plus more as yet unnamed viruses, not only encrypt on-line critical data but also infiltrate many available system backup. Files synched to the cloud can also be rendered useless. In a poorly designed environment, this can render any recovery impossible and effectively knocks the entire system back to zero.
Recovering programs and information following a ransomware event becomes a race against time as the targeted organization tries its best to contain and cleanup the virus and to restore mission-critical operations. Due to the fact that crypto-ransomware takes time to spread, assaults are usually launched during nights and weekends, when successful attacks are likely to take more time to recognize. This multiplies the difficulty of quickly marshalling and orchestrating a qualified response team.
Progent offers a range of help services for securing Salem enterprises from ransomware attacks. Among these are team member education to become familiar with and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based threat defense to detect and suppress day-zero modern malware attacks. Progent also provides the services of expert ransomware recovery consultants with the skills and commitment to restore a compromised system as rapidly as possible.
Progent's Crypto-Ransomware Recovery Support Services
Subsequent to a crypto-ransomware event, even paying the ransom demands in cryptocurrency does not provide any assurance that cyber criminals will provide the needed keys to decipher any or all of your information. Kaspersky determined that 17% of ransomware victims never restored their information after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the average crypto-ransomware demands, which ZDNET estimated to be around $13,000 for smaller organizations. The alternative is to re-install the vital elements of your IT environment. Absent the availability of complete information backups, this calls for a broad range of skills, professional team management, and the capability to work 24x7 until the task is done.
For decades, Progent has provided professional Information Technology services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have earned high-level industry certifications in key technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security specialists have garnered internationally-renowned certifications including CISM, CISSP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent in addition has expertise with financial management and ERP application software. This breadth of expertise gives Progent the ability to quickly determine necessary systems and integrate the surviving components of your IT environment following a ransomware event and rebuild them into an operational system.
Progent's ransomware group utilizes best of breed project management tools to orchestrate the complicated restoration process. Progent understands the urgency of acting rapidly and together with a customer's management and Information Technology team members to prioritize tasks and to put critical applications back on-line as soon as possible.
Business Case Study: A Successful Ransomware Penetration Restoration
A customer contacted Progent after their organization was brought down by the Ryuk crypto-ransomware. Ryuk is generally considered to have been launched by North Korean state cybercriminals, suspected of using technology leaked from the United States National Security Agency. Ryuk targets specific businesses with limited room for operational disruption and is one of the most profitable instances of crypto-ransomware. Well Known targets include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturing company located in Chicago and has about 500 employees. The Ryuk intrusion had paralyzed all company operations and manufacturing capabilities. The majority of the client's system backups had been on-line at the time of the attack and were damaged. The client was actively seeking loans for paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for good luck, but ultimately called Progent.
Progent worked hand in hand the client to rapidly assess and prioritize the essential areas that needed to be recovered in order to continue company functions:
In less than 48 hours, Progent was able to recover Active Directory to its pre-attack state. Progent then completed rebuilding and storage recovery on needed applications. All Microsoft Exchange Server data and configuration information were intact, which accelerated the restore of Exchange. Progent was able to assemble local OST files (Outlook Off-Line Folder Files) on various workstations to recover email data. A recent off-line backup of the businesses accounting/MRP systems made it possible to restore these required programs back online. Although a lot of work needed to be completed to recover totally from the Ryuk virus, the most important services were returned to operations rapidly:
Over the following few weeks important milestones in the restoration project were accomplished through close collaboration between Progent team members and the client:
Conclusion
A potential enterprise-killing disaster was averted by hard-working experts, a broad array of subject matter expertise, and tight teamwork. Although in analyzing the event afterwards the ransomware penetration described here should have been stopped with advanced security technology and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator training, and appropriate incident response procedures for information backup and applying software patches, the reality is that government-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and will continue. If you do fall victim to a ransomware attack, remember that Progent's team of experts has extensive experience in ransomware virus blocking, removal, and data disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Salem
For ransomware system restoration consulting in the Salem area, call Progent at