Ransomware : Your Feared IT Nightmare
Crypto-Ransomware has become an escalating cyberplague that represents an enterprise-level danger for businesses vulnerable to an attack. Different iterations of ransomware such as Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been out in the wild for years and still inflict havoc. Modern strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, as well as additional as yet unnamed newcomers, not only encrypt online data files but also infiltrate most configured system backups. Files replicated to cloud environments can also be encrypted. In a poorly designed data protection solution, this can make automated restore operations hopeless and effectively knocks the datacenter back to square one.
Retrieving programs and information following a ransomware event becomes a sprint against time as the victim fights to stop the spread and cleanup the ransomware and to restore mission-critical activity. Due to the fact that crypto-ransomware requires time to replicate, attacks are usually launched during weekends and nights, when penetrations may take longer to detect. This multiplies the difficulty of quickly assembling and coordinating an experienced mitigation team.
Progent has a variety of solutions for securing Salt Lake City organizations from ransomware attacks. Among these are team member education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based threat protection to identify and disable zero-day modern malware attacks. Progent also can provide the assistance of expert crypto-ransomware recovery consultants with the track record and commitment to re-deploy a compromised network as soon as possible.
Progent's Ransomware Recovery Help
After a crypto-ransomware penetration, sending the ransom demands in cryptocurrency does not provide any assurance that merciless criminals will respond with the needed keys to decipher all your files. Kaspersky determined that 17% of ransomware victims never restored their information even after having sent off the ransom, resulting in increased losses. The gamble is also very costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the usual ransomware demands, which ZDNET determined to be approximately $13,000 for small organizations. The other path is to piece back together the vital parts of your IT environment. Without the availability of complete system backups, this calls for a wide range of skill sets, top notch project management, and the capability to work non-stop until the job is completed.
For two decades, Progent has offered professional Information Technology services for companies throughout the United States and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned top industry certifications in important technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-renowned certifications including CISM, CISSP, CRISC, and GIAC. (Visit Progent's certifications). Progent also has expertise with financial management and ERP software solutions. This breadth of expertise provides Progent the capability to quickly ascertain critical systems and consolidate the remaining parts of your IT environment after a crypto-ransomware attack and assemble them into an operational system.
Progent's ransomware team uses top notch project management systems to coordinate the complex restoration process. Progent knows the importance of acting rapidly and in unison with a customer's management and IT resources to prioritize tasks and to put critical systems back online as fast as humanly possible.
Client Story: A Successful Ransomware Incident Response
A client engaged Progent after their company was attacked by the Ryuk ransomware virus. Ryuk is thought to have been deployed by Northern Korean state sponsored criminal gangs, suspected of adopting techniques leaked from the U.S. National Security Agency. Ryuk attacks specific organizations with little or no room for operational disruption and is one of the most profitable examples of crypto-ransomware. Well Known targets include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturer based in Chicago and has around 500 employees. The Ryuk event had paralyzed all company operations and manufacturing capabilities. Most of the client's system backups had been on-line at the beginning of the intrusion and were encrypted. The client considered paying the ransom demand (in excess of two hundred thousand dollars) and praying for the best, but in the end utilized Progent.
Progent worked together with the client to quickly assess and assign priority to the critical applications that needed to be restored in order to resume company operations:
In less than 48 hours, Progent was able to rebuild Active Directory to its pre-attack state. Progent then charged ahead with rebuilding and storage recovery on the most important servers. All Microsoft Exchange Server data and attributes were usable, which greatly helped the restore of Exchange. Progent was able to locate local OST data files (Outlook Offline Data Files) on various PCs and laptops to recover mail messages. A not too old off-line backup of the customer's accounting systems made them able to restore these essential applications back available to users. Although significant work was left to recover totally from the Ryuk damage, essential systems were recovered rapidly:
Over the next month key milestones in the recovery project were accomplished in tight collaboration between Progent team members and the client:
Conclusion
A potential business extinction disaster was averted by results-oriented professionals, a wide spectrum of IT skills, and close collaboration. Although in hindsight the ransomware incident described here should have been stopped with modern cyber security technology and NIST Cybersecurity Framework best practices, user and IT administrator education, and well designed incident response procedures for data protection and applying software patches, the fact is that government-sponsored cybercriminals from China, North Korea and elsewhere are tireless and are an ongoing threat. If you do fall victim to a ransomware virus, feel confident that Progent's roster of experts has proven experience in crypto-ransomware virus defense, mitigation, and information systems recovery.
Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting in Salt Lake City
For ransomware recovery consulting in the Salt Lake City area, phone Progent at