Ransomware : Your Crippling IT Nightmare
Crypto-Ransomware has become a too-frequent cyber pandemic that represents an enterprise-level threat for businesses of all sizes unprepared for an assault. Different versions of ransomware such as CryptoLocker, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been around for a long time and still cause damage. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, as well as additional unnamed malware, not only perform encryption of on-line critical data but also infect any accessible system backups. Data replicated to cloud environments can also be rendered useless. In a poorly architected environment, this can make any restore operations impossible and effectively sets the network back to square one.
Restoring services and information after a ransomware outage becomes a race against the clock as the targeted business fights to stop the spread, eradicate the crypto-ransomware, and restore business-critical operations. Due to the fact that ransomware takes time to spread throughout a network, penetrations are frequently launched on weekends, when attacks are likely to take more time to uncover. This multiplies the difficulty of quickly marshalling and coordinating a qualified response team.
Progent offers a variety of help services for securing Manaus enterprises from ransomware penetrations. Among these are team member training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat defense to identify and quarantine day-zero malware assaults. Progent also can provide the services of expert crypto-ransomware recovery professionals with the skills and perseverance to reconstruct a compromised network as rapidly as possible.
Progent's Crypto-Ransomware Recovery Services
After a crypto-ransomware event, paying the ransom in cryptocurrency does not guarantee that distant criminals will provide the keys to unencrypt any of your files. Kaspersky Labs ascertained that seventeen percent of crypto-ransomware victims never recovered their information even after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms are often several hundred thousand dollars. For larger enterprises, the ransom demand can reach millions of dollars. The fallback is to setup from scratch the vital parts of your Information Technology environment. Without access to complete system backups, this requires a wide range of skill sets, top notch team management, and the capability to work continuously until the job is finished.
For twenty years, Progent has offered professional IT services for businesses throughout the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have earned high-level industry certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have garnered internationally-recognized industry certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience with financial management and ERP application software. This breadth of experience affords Progent the ability to efficiently ascertain critical systems and integrate the remaining pieces of your IT system after a crypto-ransomware event and assemble them into a functioning system.
Progent's security group has state-of-the-art project management systems to coordinate the complex recovery process. Progent appreciates the urgency of acting quickly and in unison with a customer's management and IT team members to assign priority to tasks and to put the most important systems back on line as fast as possible.
Client Story: A Successful Ransomware Virus Response
A business contacted Progent after their network was attacked by the Ryuk ransomware. Ryuk is believed to have been created by North Korean government sponsored criminal gangs, possibly using technology exposed from the U.S. NSA organization. Ryuk targets specific companies with little tolerance for disruption and is one of the most profitable instances of ransomware viruses. Major victims include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturing business headquartered in Chicago with about 500 employees. The Ryuk event had paralyzed all company operations and manufacturing capabilities. The majority of the client's data protection had been online at the beginning of the attack and were eventually encrypted. The client was taking steps for paying the ransom demand (exceeding $200K) and praying for good luck, but in the end brought in Progent.
Progent worked together with the customer to quickly get our arms around and assign priority to the most important areas that needed to be restored in order to continue company operations:
In less than 48 hours, Progent was able to recover Active Directory services to its pre-virus state. Progent then assisted with rebuilding and hard drive recovery of mission critical systems. All Exchange ties and attributes were usable, which facilitated the rebuild of Exchange. Progent was able to locate intact OST data files (Microsoft Outlook Off-Line Folder Files) on various workstations and laptops in order to recover mail messages. A recent offline backup of the businesses accounting/ERP software made it possible to restore these essential programs back available to users. Although major work was left to recover totally from the Ryuk damage, essential systems were recovered rapidly:
During the next few weeks important milestones in the restoration project were made in close cooperation between Progent consultants and the client:
Conclusion
A probable business catastrophe was dodged due to hard-working professionals, a wide array of IT skills, and close collaboration. Although in post mortem the ransomware virus attack described here would have been identified and blocked with modern security systems and recognized best practices, staff training, and well thought out incident response procedures for data protection and proper patching controls, the reality remains that government-sponsored cybercriminals from Russia, China and elsewhere are relentless and represent an ongoing threat. If you do get hit by a crypto-ransomware incident, remember that Progent's roster of experts has extensive experience in ransomware virus blocking, cleanup, and data recovery.
Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting Services in Manaus
For ransomware cleanup consulting in the Manaus area, phone Progent at