Ransomware : Your Feared IT Nightmare
Crypto-Ransomware has become a too-frequent cyberplague that presents an extinction-level danger for businesses of all sizes vulnerable to an assault. Versions of crypto-ransomware like the CryptoLocker, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for a long time and still cause havoc. More recent variants of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, as well as more as yet unnamed viruses, not only perform encryption of online critical data but also infect many available system protection. Information replicated to off-premises disaster recovery sites can also be ransomed. In a poorly designed system, this can make automated restoration impossible and basically sets the entire system back to square one.
Recovering services and data following a ransomware attack becomes a race against the clock as the targeted business tries its best to stop lateral movement, eradicate the ransomware, and restore mission-critical operations. Since crypto-ransomware needs time to replicate across a targeted network, attacks are usually launched during weekends and nights, when penetrations tend to take longer to notice. This compounds the difficulty of promptly assembling and organizing an experienced response team.
Progent makes available a range of services for protecting Colorado Springs enterprises from ransomware attacks. Among these are user training to help identify and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat defense to detect and quarantine zero-day malware attacks. Progent also can provide the services of seasoned crypto-ransomware recovery engineers with the talent and perseverance to rebuild a breached environment as quickly as possible.
Progent's Crypto-Ransomware Recovery Services
Following a crypto-ransomware attack, paying the ransom in cryptocurrency does not guarantee that merciless criminals will provide the needed codes to unencrypt any of your data. Kaspersky estimated that seventeen percent of crypto-ransomware victims never restored their information after having paid the ransom, resulting in increased losses. The gamble is also expensive. Ryuk ransoms are often several hundred thousand dollars. For larger organizations, the ransom can be in the millions of dollars. The other path is to re-install the vital parts of your IT environment. Without the availability of essential system backups, this requires a wide range of skill sets, top notch team management, and the capability to work continuously until the job is finished.
For two decades, Progent has provided certified expert Information Technology services for companies across the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes consultants who have been awarded top certifications in important technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security experts have garnered internationally-renowned certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has expertise in accounting and ERP applications. This breadth of experience affords Progent the skills to knowledgably identify important systems and integrate the remaining components of your computer network environment after a ransomware attack and assemble them into an operational network.
Progent's recovery team of experts deploys top notch project management tools to orchestrate the complex restoration process. Progent knows the importance of working quickly and in unison with a client's management and IT team members to assign priority to tasks and to get the most important services back on-line as soon as humanly possible.
Client Story: A Successful Ransomware Intrusion Recovery
A customer hired Progent after their organization was attacked by Ryuk ransomware. Ryuk is thought to have been launched by North Korean state criminal gangs, suspected of adopting approaches exposed from the United States NSA organization. Ryuk attacks specific organizations with little tolerance for disruption and is among the most lucrative instances of crypto-ransomware. Well Known targets include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturing company located in the Chicago metro area with around 500 workers. The Ryuk intrusion had brought down all company operations and manufacturing capabilities. The majority of the client's information backups had been directly accessible at the beginning of the intrusion and were damaged. The client considered paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for good luck, but in the end reached out to Progent.
Progent worked together with the client to rapidly identify and assign priority to the key areas that had to be addressed to make it possible to restart company functions:
In less than 48 hours, Progent was able to recover Windows Active Directory to its pre-virus state. Progent then helped perform rebuilding and hard drive recovery of needed systems. All Exchange Server schema and attributes were usable, which greatly helped the rebuild of Exchange. Progent was able to collect local OST data files (Microsoft Outlook Offline Folder Files) on user workstations to recover mail messages. A not too old off-line backup of the businesses accounting software made it possible to return these essential applications back on-line. Although significant work was left to recover totally from the Ryuk event, core services were restored rapidly:
Over the next month key milestones in the recovery process were accomplished in close collaboration between Progent consultants and the customer:
Conclusion
A possible business-ending catastrophe was averted due to top-tier professionals, a broad spectrum of knowledge, and close teamwork. Although upon completion of forensics the ransomware virus incident detailed here should have been shut down with advanced security technology and NIST Cybersecurity Framework best practices, staff training, and well thought out security procedures for information backup and applying software patches, the fact remains that government-sponsored cyber criminals from China, North Korea and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware incursion, remember that Progent's roster of experts has extensive experience in ransomware virus blocking, cleanup, and file disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting Services in Colorado Springs
For ransomware cleanup expertise in the Colorado Springs metro area, phone Progent at