Ransomware : Your Crippling Information Technology Catastrophe
Ransomware has become an escalating cyberplague that poses an enterprise-level danger for businesses of all sizes unprepared for an assault. Different versions of ransomware like the Dharma, CryptoWall, Locky, SamSam and MongoLock cryptoworms have been out in the wild for years and still inflict harm. Newer variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, plus frequent unnamed newcomers, not only encrypt online files but also infect many accessible system backup. Files replicated to off-premises disaster recovery sites can also be ransomed. In a vulnerable data protection solution, it can render any restoration useless and basically knocks the datacenter back to zero.
Retrieving programs and information following a crypto-ransomware intrusion becomes a sprint against the clock as the targeted organization fights to stop the spread, remove the crypto-ransomware, and resume mission-critical operations. Due to the fact that crypto-ransomware requires time to spread throughout a network, assaults are usually sprung at night, when penetrations are likely to take more time to recognize. This compounds the difficulty of quickly assembling and coordinating an experienced response team.
Progent makes available a range of solutions for protecting Southfield businesses from ransomware attacks. Among these are user training to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based threat defense to discover and quarantine zero-day modern malware attacks. Progent in addition can provide the services of seasoned ransomware recovery professionals with the skills and perseverance to reconstruct a compromised system as quickly as possible.
Progent's Crypto-Ransomware Restoration Support Services
Following a crypto-ransomware attack, sending the ransom in cryptocurrency does not provide any assurance that distant criminals will provide the keys to unencrypt all your information. Kaspersky Labs determined that seventeen percent of ransomware victims never recovered their files after having paid the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom demand can reach millions of dollars. The fallback is to setup from scratch the key components of your Information Technology environment. Without access to essential information backups, this calls for a broad complement of skills, top notch team management, and the willingness to work continuously until the task is finished.
For two decades, Progent has offered certified expert IT services for companies throughout the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have been awarded advanced certifications in foundation technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has experience with financial management and ERP applications. This breadth of experience affords Progent the skills to quickly understand critical systems and consolidate the surviving components of your Information Technology system following a ransomware event and rebuild them into an operational system.
Progent's security team deploys top notch project management applications to coordinate the complicated restoration process. Progent understands the importance of acting quickly and in concert with a client's management and IT team members to assign priority to tasks and to get key applications back on line as soon as possible.
Client Story: A Successful Ransomware Penetration Response
A small business sought out Progent after their network system was penetrated by Ryuk ransomware. Ryuk is believed to have been launched by North Korean state sponsored hackers, suspected of using strategies leaked from America's National Security Agency. Ryuk goes after specific organizations with limited room for operational disruption and is among the most profitable examples of ransomware. Well Known victims include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturer headquartered in Chicago with about 500 workers. The Ryuk attack had shut down all essential operations and manufacturing capabilities. Most of the client's system backups had been on-line at the start of the intrusion and were eventually encrypted. The client was actively seeking loans for paying the ransom demand (exceeding $200,000) and hoping for the best, but ultimately utilized Progent.
Progent worked together with the client to rapidly get our arms around and assign priority to the most important elements that had to be addressed to make it possible to restart departmental functions:
In less than two days, Progent was able to rebuild Active Directory to its pre-penetration state. Progent then completed reinstallations and storage recovery of needed applications. All Microsoft Exchange Server ties and attributes were usable, which greatly helped the rebuild of Exchange. Progent was able to find non-encrypted OST files (Outlook Email Offline Data Files) on staff PCs and laptops in order to recover email data. A recent off-line backup of the businesses accounting/MRP software made it possible to recover these essential applications back online. Although major work remained to recover fully from the Ryuk damage, core systems were returned to operations rapidly:
Over the next month critical milestones in the restoration process were achieved through close collaboration between Progent consultants and the client:
Conclusion
A likely business extinction disaster was dodged by hard-working professionals, a wide range of subject matter expertise, and close collaboration. Although in retrospect the ransomware incident detailed here would have been identified and prevented with current cyber security solutions and security best practices, team training, and well designed security procedures for data backup and proper patching controls, the fact is that government-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do get hit by a ransomware incursion, feel confident that Progent's roster of professionals has a proven track record in ransomware virus blocking, mitigation, and information systems restoration.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting Services in Southfield
For ransomware system recovery consulting services in the Southfield metro area, phone Progent at