Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become a modern cyber pandemic that poses an extinction-level threat for businesses of all sizes vulnerable to an assault. Different iterations of ransomware such as CrySIS, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been running rampant for many years and continue to cause damage. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, as well as daily unnamed viruses, not only do encryption of on-line data but also infiltrate many available system protection mechanisms. Files synched to the cloud can also be ransomed. In a poorly architected environment, this can make any recovery impossible and effectively knocks the entire system back to zero.
Getting back on-line applications and data after a ransomware event becomes a race against the clock as the targeted business tries its best to stop the spread and clear the ransomware and to resume enterprise-critical activity. Because ransomware requires time to spread, attacks are often launched on weekends and holidays, when successful penetrations may take more time to recognize. This compounds the difficulty of rapidly assembling and organizing a knowledgeable response team.
Progent has a range of help services for securing Southfield businesses from ransomware attacks. These include team member education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based threat defense to discover and quarantine day-zero modern malware attacks. Progent in addition can provide the services of seasoned ransomware recovery consultants with the talent and commitment to rebuild a breached environment as soon as possible.
Progent's Ransomware Restoration Services
Following a ransomware attack, even paying the ransom demands in cryptocurrency does not guarantee that criminal gangs will provide the keys to decipher any of your information. Kaspersky estimated that seventeen percent of ransomware victims never restored their information after having sent off the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is greatly above the average ransomware demands, which ZDNET estimated to be approximately $13,000 for small businesses. The fallback is to piece back together the critical parts of your Information Technology environment. Absent access to full system backups, this requires a wide range of skills, professional team management, and the willingness to work 24x7 until the recovery project is complete.
For two decades, Progent has made available expert Information Technology services for businesses throughout the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have attained high-level industry certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have garnered internationally-renowned certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has experience in financial management and ERP software solutions. This breadth of expertise affords Progent the capability to knowledgably ascertain necessary systems and integrate the surviving components of your IT system after a crypto-ransomware event and configure them into an operational network.
Progent's recovery team deploys best of breed project management applications to orchestrate the sophisticated recovery process. Progent appreciates the importance of acting quickly and in concert with a customer's management and Information Technology staff to assign priority to tasks and to put critical services back on line as fast as humanly possible.
Customer Story: A Successful Ransomware Virus Recovery
A business hired Progent after their network was brought down by the Ryuk crypto-ransomware. Ryuk is thought to have been deployed by Northern Korean state cybercriminals, suspected of using technology leaked from the U.S. NSA organization. Ryuk seeks specific businesses with little or no tolerance for operational disruption and is among the most profitable versions of ransomware. Major organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturing company headquartered in the Chicago metro area and has about 500 staff members. The Ryuk penetration had disabled all essential operations and manufacturing capabilities. The majority of the client's information backups had been online at the beginning of the intrusion and were destroyed. The client was pursuing financing for paying the ransom demand (in excess of $200K) and praying for good luck, but in the end brought in Progent.
Progent worked with the customer to quickly get our arms around and assign priority to the essential elements that had to be addressed in order to continue departmental operations:
Within 48 hours, Progent was able to recover Active Directory to its pre-intrusion state. Progent then performed rebuilding and storage recovery of needed applications. All Microsoft Exchange Server schema and attributes were intact, which facilitated the restore of Exchange. Progent was also able to assemble local OST data files (Microsoft Outlook Off-Line Folder Files) on staff desktop computers and laptops in order to recover mail information. A not too old off-line backup of the businesses accounting/MRP systems made them able to recover these vital programs back on-line. Although significant work needed to be completed to recover fully from the Ryuk event, the most important systems were returned to operations quickly:
During the following few weeks critical milestones in the restoration process were made through close collaboration between Progent consultants and the client:
Conclusion
A probable business disaster was evaded by top-tier professionals, a broad spectrum of subject matter expertise, and tight teamwork. Although in hindsight the crypto-ransomware virus penetration described here would have been stopped with up-to-date security technology and recognized best practices, user education, and properly executed security procedures for data protection and keeping systems up to date with security patches, the fact is that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a ransomware incursion, remember that Progent's team of experts has proven experience in ransomware virus blocking, mitigation, and information systems restoration.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer story, click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Southfield
For ransomware cleanup expertise in the Southfield metro area, phone Progent at