Ransomware : Your Feared IT Disaster
Crypto-Ransomware has become a too-frequent cyber pandemic that poses an extinction-level danger for businesses of all sizes vulnerable to an attack. Multiple generations of crypto-ransomware such as Reveton, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been circulating for a long time and still cause destruction. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as more as yet unnamed viruses, not only do encryption of online critical data but also infiltrate most available system protection mechanisms. Information synchronized to the cloud can also be corrupted. In a poorly architected environment, it can make automatic recovery hopeless and effectively sets the entire system back to zero.
Retrieving services and data following a ransomware event becomes a race against the clock as the targeted business fights to stop the spread and eradicate the ransomware and to restore mission-critical activity. Because ransomware takes time to spread, attacks are often launched on weekends, when successful attacks tend to take longer to recognize. This multiplies the difficulty of promptly marshalling and coordinating a knowledgeable response team.
Progent makes available a variety of support services for securing Colorado Springs organizations from crypto-ransomware attacks. Among these are team member education to help identify and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based threat defense to detect and extinguish day-zero malware attacks. Progent also can provide the assistance of veteran crypto-ransomware recovery engineers with the track record and commitment to re-deploy a compromised environment as soon as possible.
Progent's Ransomware Recovery Support Services
After a ransomware attack, sending the ransom in Bitcoin cryptocurrency does not provide any assurance that merciless criminals will provide the keys to decipher any or all of your files. Kaspersky estimated that 17% of ransomware victims never restored their information even after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the typical ransomware demands, which ZDNET estimated to be in the range of $13,000 for small organizations. The alternative is to setup from scratch the mission-critical parts of your IT environment. Absent the availability of full data backups, this calls for a wide range of skill sets, well-coordinated project management, and the ability to work 24x7 until the recovery project is over.
For two decades, Progent has made available certified expert Information Technology services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes professionals who have earned advanced industry certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security specialists have garnered internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent in addition has experience with financial systems and ERP application software. This breadth of expertise affords Progent the skills to efficiently ascertain critical systems and integrate the surviving pieces of your IT system following a ransomware attack and assemble them into an operational network.
Progent's security team of experts uses top notch project management applications to coordinate the complicated restoration process. Progent understands the urgency of working rapidly and in concert with a customer's management and Information Technology resources to prioritize tasks and to get essential applications back on-line as soon as possible.
Client Case Study: A Successful Ransomware Attack Response
A business sought out Progent after their organization was crashed by Ryuk ransomware. Ryuk is generally considered to have been launched by North Korean state sponsored hackers, suspected of adopting technology exposed from the U.S. NSA organization. Ryuk targets specific companies with little or no room for disruption and is among the most lucrative instances of ransomware. Well Known victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturing business located in the Chicago metro area and has around 500 workers. The Ryuk attack had frozen all company operations and manufacturing processes. Most of the client's backups had been directly accessible at the time of the attack and were damaged. The client was taking steps for paying the ransom demand (exceeding two hundred thousand dollars) and hoping for good luck, but in the end called Progent.
Progent worked with the customer to quickly determine and assign priority to the key applications that needed to be restored to make it possible to continue business functions:
In less than 48 hours, Progent was able to recover Windows Active Directory to its pre-penetration state. Progent then charged ahead with rebuilding and hard drive recovery of essential systems. All Exchange schema and configuration information were intact, which greatly helped the restore of Exchange. Progent was also able to collect local OST data files (Outlook Email Offline Data Files) on user desktop computers and laptops in order to recover email data. A not too old off-line backup of the businesses accounting/MRP software made them able to recover these required programs back on-line. Although major work remained to recover totally from the Ryuk damage, core systems were restored rapidly:
During the next month important milestones in the restoration project were made in close cooperation between Progent consultants and the client:
Conclusion
A probable enterprise-killing disaster was avoided through the efforts of results-oriented professionals, a wide spectrum of subject matter expertise, and tight teamwork. Although in hindsight the crypto-ransomware attack described here would have been prevented with modern cyber security technology and ISO/IEC 27001 best practices, user and IT administrator education, and well thought out incident response procedures for backup and keeping systems up to date with security patches, the fact remains that state-sponsored cyber criminals from China, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a ransomware penetration, remember that Progent's team of professionals has substantial experience in ransomware virus blocking, removal, and information systems recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Expertise in Colorado Springs
For ransomware system recovery expertise in the Colorado Springs area, phone Progent at