Crypto-Ransomware : Your Worst Information Technology Catastrophe
Ransomware has become an escalating cyber pandemic that represents an extinction-level threat for organizations vulnerable to an assault. Different iterations of ransomware such as Reveton, Fusob, Locky, Syskey and MongoLock cryptoworms have been running rampant for a long time and still inflict destruction. More recent versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, plus frequent unnamed viruses, not only do encryption of on-line data but also infiltrate all configured system protection. Files replicated to off-site disaster recovery sites can also be rendered useless. In a poorly designed system, it can make any restore operations impossible and effectively sets the entire system back to zero.
Getting back on-line applications and information following a ransomware outage becomes a sprint against the clock as the victim tries its best to stop lateral movement and clear the ransomware and to resume business-critical operations. Due to the fact that crypto-ransomware needs time to replicate, penetrations are frequently launched during weekends and nights, when penetrations in many cases take more time to recognize. This compounds the difficulty of rapidly assembling and organizing a qualified response team.
Progent offers a variety of support services for securing Manaus enterprises from crypto-ransomware penetrations. Among these are user education to help recognize and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat protection to discover and quarantine day-zero modern malware attacks. Progent in addition offers the services of experienced ransomware recovery professionals with the track record and commitment to re-deploy a compromised network as urgently as possible.
Progent's Ransomware Restoration Help
Following a ransomware penetration, sending the ransom in Bitcoin cryptocurrency does not provide any assurance that cyber hackers will return the codes to unencrypt any of your files. Kaspersky estimated that seventeen percent of ransomware victims never restored their information even after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the average ransomware demands, which ZDNET estimated to be approximately $13,000 for small organizations. The fallback is to setup from scratch the vital parts of your Information Technology environment. Absent the availability of full data backups, this calls for a broad complement of IT skills, well-coordinated project management, and the willingness to work continuously until the recovery project is finished.
For two decades, Progent has made available certified expert Information Technology services for companies throughout the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have attained advanced certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security experts have garnered internationally-renowned certifications including CISA, CISSP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has experience in accounting and ERP software solutions. This breadth of experience gives Progent the capability to quickly ascertain important systems and organize the remaining pieces of your IT environment following a crypto-ransomware attack and configure them into an operational network.
Progent's recovery team of experts uses state-of-the-art project management systems to coordinate the complicated recovery process. Progent appreciates the importance of acting quickly and in unison with a customer's management and Information Technology resources to prioritize tasks and to put essential systems back on line as soon as humanly possible.
Customer Case Study: A Successful Ransomware Penetration Response
A customer hired Progent after their company was brought down by the Ryuk ransomware. Ryuk is believed to have been deployed by Northern Korean government sponsored hackers, suspected of using techniques leaked from the U.S. NSA organization. Ryuk seeks specific businesses with little room for operational disruption and is among the most lucrative iterations of ransomware. Headline targets include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a regional manufacturing company based in the Chicago metro area with around 500 employees. The Ryuk intrusion had paralyzed all company operations and manufacturing capabilities. The majority of the client's data protection had been on-line at the time of the attack and were destroyed. The client was pursuing financing for paying the ransom demand (exceeding $200,000) and wishfully thinking for good luck, but ultimately made the decision to use Progent.
Progent worked together with the customer to quickly understand and assign priority to the most important services that needed to be restored in order to resume company functions:
In less than 2 days, Progent was able to rebuild Active Directory to its pre-penetration state. Progent then charged ahead with rebuilding and hard drive recovery of the most important servers. All Microsoft Exchange Server schema and configuration information were usable, which facilitated the restore of Exchange. Progent was able to find intact OST files (Outlook Email Offline Data Files) on staff workstations in order to recover mail data. A recent off-line backup of the businesses accounting/ERP software made them able to recover these required applications back available to users. Although a large amount of work needed to be completed to recover completely from the Ryuk damage, critical services were returned to operations quickly:
Throughout the next month important milestones in the recovery process were accomplished in tight cooperation between Progent team members and the client:
Conclusion
A potential business-ending disaster was avoided through the efforts of dedicated experts, a wide spectrum of technical expertise, and tight teamwork. Although upon completion of forensics the ransomware virus attack detailed here could have been disabled with current cyber security technology and recognized best practices, user and IT administrator training, and properly executed incident response procedures for data backup and proper patching controls, the fact remains that government-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do get hit by a crypto-ransomware virus, remember that Progent's team of experts has extensive experience in ransomware virus defense, removal, and information systems recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Services in Manaus
For ransomware cleanup consulting in the Manaus area, call Progent at