Crypto-Ransomware : Your Feared Information Technology Catastrophe
Crypto-Ransomware has become a modern cyberplague that presents an existential threat for businesses of all sizes poorly prepared for an assault. Different iterations of crypto-ransomware such as Dharma, Fusob, Locky, SamSam and MongoLock cryptoworms have been around for many years and still cause havoc. Modern versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, as well as additional unnamed viruses, not only encrypt on-line critical data but also infiltrate all configured system backup. Information synchronized to cloud environments can also be encrypted. In a vulnerable environment, this can make any restore operations hopeless and basically knocks the datacenter back to zero.
Retrieving services and data after a ransomware attack becomes a race against time as the targeted organization struggles to stop lateral movement and cleanup the virus and to restore mission-critical activity. Since ransomware requires time to replicate, assaults are frequently sprung during nights and weekends, when attacks may take more time to uncover. This multiplies the difficulty of rapidly assembling and coordinating a knowledgeable mitigation team.
Progent offers an assortment of solutions for protecting Salt Lake City businesses from crypto-ransomware attacks. These include team member education to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to setup and configuration of next-generation security solutions with AI technology to automatically detect and suppress zero-day cyber attacks. Progent in addition provides the assistance of veteran ransomware recovery consultants with the track record and perseverance to rebuild a compromised system as soon as possible.
Progent's Ransomware Restoration Support Services
Soon after a ransomware penetration, sending the ransom demands in Bitcoin cryptocurrency does not provide any assurance that cyber criminals will respond with the codes to decipher any or all of your files. Kaspersky estimated that 17% of crypto-ransomware victims never recovered their information even after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the usual crypto-ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The alternative is to setup from scratch the mission-critical parts of your Information Technology environment. Without the availability of complete data backups, this requires a broad range of skills, top notch team management, and the ability to work continuously until the recovery project is complete.
For two decades, Progent has offered professional IT services for companies across the United States and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have earned top industry certifications in key technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have garnered internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise in financial systems and ERP application software. This breadth of expertise provides Progent the capability to knowledgably ascertain necessary systems and re-organize the remaining pieces of your computer network environment following a ransomware penetration and assemble them into an operational network.
Progent's security team of experts has state-of-the-art project management systems to orchestrate the complicated restoration process. Progent knows the importance of working swiftly and in unison with a client's management and Information Technology staff to assign priority to tasks and to put essential services back on-line as fast as possible.
Client Case Study: A Successful Crypto-Ransomware Virus Recovery
A small business contacted Progent after their network system was crashed by Ryuk ransomware virus. Ryuk is generally considered to have been developed by North Korean state sponsored cybercriminals, suspected of adopting approaches leaked from America’s National Security Agency. Ryuk goes after specific companies with little or no tolerance for disruption and is one of the most profitable incarnations of crypto-ransomware. Well Known victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturer located in the Chicago metro area with around 500 workers. The Ryuk event had paralyzed all business operations and manufacturing processes. Most of the client's data protection had been on-line at the start of the intrusion and were encrypted. The client considered paying the ransom (exceeding $200,000) and wishfully thinking for the best, but ultimately utilized Progent.
Progent worked hand in hand the client to rapidly identify and assign priority to the key elements that had to be recovered in order to continue business functions:
In less than 48 hours, Progent was able to re-build Windows Active Directory to its pre-attack state. Progent then initiated rebuilding and storage recovery of critical applications. All Exchange Server ties and attributes were intact, which greatly helped the restore of Exchange. Progent was also able to collect non-encrypted OST files (Microsoft Outlook Off-Line Data Files) on team PCs and laptops to recover mail data. A recent offline backup of the customer’s accounting software made it possible to restore these vital services back online for users. Although significant work remained to recover totally from the Ryuk event, the most important services were recovered quickly:
During the next couple of weeks critical milestones in the restoration process were made in tight collaboration between Progent engineers and the client:
Conclusion
A possible business-killing disaster was dodged due to hard-working experts, a wide array of knowledge, and close teamwork. Although in analyzing the event afterwards the crypto-ransomware incident detailed here would have been shut down with up-to-date security technology and NIST Cybersecurity Framework best practices, team training, and well designed incident response procedures for data protection and proper patching controls, the fact remains that state-sponsored cyber criminals from China, Russia, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware incident, remember that Progent's team of professionals has substantial experience in crypto-ransomware virus blocking, removal, and information systems recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Salt Lake City
For ransomware system recovery services in the Salt Lake City area, call Progent at