Ransomware : Your Worst Information Technology Nightmare
Crypto-Ransomware has become a modern cyberplague that represents an extinction-level danger for businesses of all sizes unprepared for an assault. Different versions of ransomware such as Reveton, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been circulating for a long time and still inflict destruction. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, plus additional as yet unnamed newcomers, not only encrypt on-line critical data but also infiltrate many accessible system protection. Information synchronized to cloud environments can also be rendered useless. In a poorly architected environment, this can make automatic recovery useless and effectively sets the network back to square one.
Getting back services and data after a crypto-ransomware intrusion becomes a race against time as the targeted organization struggles to contain the damage and clear the crypto-ransomware and to restore business-critical operations. Due to the fact that ransomware needs time to spread, attacks are usually launched on weekends, when attacks in many cases take more time to detect. This compounds the difficulty of rapidly assembling and orchestrating a qualified mitigation team.
Progent has a range of solutions for protecting Manaus organizations from crypto-ransomware penetrations. Among these are user training to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat protection to discover and disable zero-day modern malware attacks. Progent also can provide the assistance of expert ransomware recovery engineers with the skills and perseverance to re-deploy a breached network as urgently as possible.
Progent's Crypto-Ransomware Recovery Support Services
Subsequent to a ransomware attack, even paying the ransom in Bitcoin cryptocurrency does not ensure that cyber criminals will return the needed keys to decrypt all your information. Kaspersky Labs ascertained that seventeen percent of crypto-ransomware victims never restored their data after having sent off the ransom, resulting in increased losses. The gamble is also very costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the usual ransomware demands, which ZDNET estimated to be in the range of $13,000 for small organizations. The fallback is to re-install the mission-critical components of your Information Technology environment. Absent the availability of complete information backups, this calls for a broad complement of skills, well-coordinated team management, and the capability to work non-stop until the job is over.
For decades, Progent has made available expert IT services for businesses throughout the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have attained high-level certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-renowned certifications including CISM, CISSP-ISSAP, ISACA CRISC, and GIAC. (See Progent's certifications). Progent in addition has experience in financial systems and ERP applications. This breadth of expertise gives Progent the skills to knowledgably determine necessary systems and consolidate the remaining pieces of your IT system following a ransomware penetration and assemble them into an operational system.
Progent's ransomware team of experts has top notch project management tools to coordinate the complicated recovery process. Progent appreciates the importance of acting swiftly and together with a client's management and IT team members to assign priority to tasks and to get critical services back online as soon as possible.
Client Story: A Successful Ransomware Intrusion Restoration
A small business escalated to Progent after their company was penetrated by the Ryuk crypto-ransomware. Ryuk is believed to have been launched by North Korean state hackers, possibly using techniques exposed from the United States National Security Agency. Ryuk seeks specific organizations with little or no tolerance for operational disruption and is among the most lucrative instances of crypto-ransomware. Well Known victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturing company based in the Chicago metro area with about 500 workers. The Ryuk intrusion had shut down all essential operations and manufacturing capabilities. The majority of the client's backups had been directly accessible at the time of the attack and were encrypted. The client considered paying the ransom (in excess of two hundred thousand dollars) and hoping for the best, but ultimately called Progent.
Progent worked together with the client to rapidly identify and assign priority to the critical applications that had to be addressed in order to continue business operations:
Within two days, Progent was able to rebuild Windows Active Directory to its pre-penetration state. Progent then accomplished rebuilding and hard drive recovery of critical servers. All Exchange Server ties and attributes were intact, which facilitated the restore of Exchange. Progent was able to assemble local OST files (Outlook Off-Line Data Files) on user desktop computers and laptops in order to recover mail messages. A recent off-line backup of the businesses financials/MRP software made it possible to restore these essential programs back servicing users. Although major work remained to recover totally from the Ryuk event, critical systems were returned to operations rapidly:
Throughout the next few weeks critical milestones in the recovery process were made in tight cooperation between Progent engineers and the customer:
Conclusion
A possible company-ending disaster was evaded with top-tier experts, a wide spectrum of knowledge, and tight teamwork. Although in hindsight the ransomware virus penetration detailed here should have been disabled with advanced cyber security solutions and security best practices, staff training, and well thought out incident response procedures for information protection and applying software patches, the reality is that state-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a crypto-ransomware incident, feel confident that Progent's roster of professionals has extensive experience in ransomware virus defense, mitigation, and information systems disaster recovery.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting in Manaus
For ransomware system recovery consulting services in the Manaus area, phone Progent at