Ransomware : Your Crippling IT Disaster
Ransomware has become a too-frequent cyber pandemic that represents an existential danger for businesses of all sizes vulnerable to an assault. Multiple generations of ransomware like the Reveton, WannaCry, Locky, SamSam and MongoLock cryptoworms have been around for years and continue to inflict damage. More recent versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, plus more as yet unnamed newcomers, not only do encryption of on-line critical data but also infiltrate all accessible system protection. Information replicated to off-site disaster recovery sites can also be ransomed. In a poorly architected system, it can render any recovery useless and effectively knocks the entire system back to zero.
Getting back online programs and information after a ransomware outage becomes a race against the clock as the victim fights to contain the damage and remove the ransomware and to resume mission-critical operations. Due to the fact that ransomware requires time to replicate, penetrations are often sprung on weekends, when successful attacks tend to take longer to uncover. This multiplies the difficulty of rapidly mobilizing and orchestrating an experienced response team.
Progent has a range of services for securing Southfield enterprises from ransomware attacks. These include team education to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat defense to identify and extinguish day-zero modern malware attacks. Progent in addition offers the services of veteran ransomware recovery consultants with the skills and perseverance to re-deploy a breached network as soon as possible.
Progent's Ransomware Recovery Help
After a crypto-ransomware attack, sending the ransom demands in cryptocurrency does not ensure that criminal gangs will respond with the codes to unencrypt all your files. Kaspersky estimated that 17% of crypto-ransomware victims never restored their information even after having sent off the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is well above the typical ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller organizations. The alternative is to piece back together the critical elements of your Information Technology environment. Absent access to full information backups, this calls for a wide range of IT skills, professional project management, and the willingness to work 24x7 until the recovery project is over.
For two decades, Progent has provided expert IT services for businesses throughout the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have been awarded high-level certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security consultants have garnered internationally-renowned certifications including CISM, CISSP, ISACA CRISC, and GIAC. (See Progent's certifications). Progent in addition has expertise with accounting and ERP applications. This breadth of experience gives Progent the ability to rapidly ascertain important systems and integrate the remaining parts of your computer network system after a ransomware penetration and assemble them into an operational system.
Progent's recovery team has best of breed project management applications to coordinate the complex restoration process. Progent understands the importance of acting quickly and together with a client's management and IT team members to assign priority to tasks and to get essential services back online as soon as possible.
Business Case Study: A Successful Crypto-Ransomware Penetration Recovery
A business escalated to Progent after their network system was taken over by the Ryuk crypto-ransomware. Ryuk is thought to have been developed by Northern Korean state sponsored cybercriminals, possibly adopting techniques exposed from America's NSA organization. Ryuk attacks specific companies with little room for operational disruption and is among the most profitable incarnations of ransomware viruses. High publicized victims include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing company based in Chicago with around 500 employees. The Ryuk intrusion had disabled all business operations and manufacturing processes. Most of the client's information backups had been directly accessible at the beginning of the attack and were destroyed. The client considered paying the ransom demand (in excess of $200K) and hoping for the best, but ultimately reached out to Progent.
Progent worked together with the customer to quickly assess and assign priority to the key elements that needed to be recovered in order to continue company operations:
Within two days, Progent was able to re-build Windows Active Directory to its pre-attack state. Progent then initiated setup and storage recovery on mission critical applications. All Exchange Server data and attributes were intact, which facilitated the restore of Exchange. Progent was also able to find intact OST files (Microsoft Outlook Offline Folder Files) on team workstations to recover email messages. A not too old offline backup of the customer's financials/ERP systems made it possible to return these required programs back on-line. Although significant work remained to recover completely from the Ryuk virus, critical systems were recovered rapidly:
Throughout the following few weeks key milestones in the restoration process were made in tight collaboration between Progent team members and the client:
Conclusion
A possible business-killing catastrophe was averted with dedicated professionals, a broad array of IT skills, and close teamwork. Although in post mortem the crypto-ransomware virus penetration described here should have been identified and stopped with modern security systems and NIST Cybersecurity Framework best practices, user and IT administrator education, and appropriate incident response procedures for information protection and proper patching controls, the fact is that state-sponsored criminal cyber gangs from Russia, China and elsewhere are relentless and will continue. If you do get hit by a ransomware incident, feel confident that Progent's roster of professionals has proven experience in ransomware virus defense, mitigation, and information systems recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Southfield
For ransomware system restoration consulting services in the Southfield area, call Progent at