Ransomware : Your Feared IT Disaster
Ransomware has become a modern cyber pandemic that represents an enterprise-level danger for organizations poorly prepared for an attack. Multiple generations of ransomware such as Reveton, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for many years and continue to cause havoc. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus additional unnamed viruses, not only encrypt online critical data but also infect all accessible system restores and backups. Files synchronized to cloud environments can also be rendered useless. In a vulnerable system, this can make automated restoration hopeless and effectively sets the network back to square one.
Restoring programs and data after a crypto-ransomware intrusion becomes a sprint against time as the victim struggles to stop lateral movement, clear the virus, and resume mission-critical operations. Because ransomware requires time to move laterally across a network, assaults are usually sprung on weekends and holidays, when successful penetrations are likely to take longer to uncover. This multiplies the difficulty of quickly marshalling and organizing a knowledgeable mitigation team.
Progent makes available an assortment of solutions for protecting Dallas organizations from crypto-ransomware events. Among these are team education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based threat defense to discover and disable day-zero malware attacks. Progent in addition provides the services of expert crypto-ransomware recovery engineers with the skills and perseverance to rebuild a compromised environment as rapidly as possible.
Progent's Ransomware Restoration Support Services
After a crypto-ransomware penetration, paying the ransom in cryptocurrency does not guarantee that distant criminals will return the codes to unencrypt any of your files. Kaspersky Labs determined that 17% of ransomware victims never recovered their information after having sent off the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom demand can reach millions. The fallback is to piece back together the mission-critical parts of your Information Technology environment. Absent access to complete system backups, this calls for a wide complement of IT skills, well-coordinated project management, and the willingness to work non-stop until the task is done.
For twenty years, Progent has provided certified expert IT services for businesses across the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have attained advanced industry certifications in key technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has expertise in financial management and ERP applications. This breadth of experience gives Progent the ability to quickly identify critical systems and organize the surviving parts of your computer network system following a crypto-ransomware penetration and configure them into a functioning system.
Progent's ransomware group uses best of breed project management applications to orchestrate the complicated restoration process. Progent knows the urgency of acting quickly and in unison with a customer's management and Information Technology staff to assign priority to tasks and to get key systems back on-line as fast as humanly possible.
Case Study: A Successful Ransomware Penetration Restoration
A customer escalated to Progent after their network system was taken over by Ryuk ransomware virus. Ryuk is thought to have been deployed by North Korean government sponsored criminal gangs, possibly using algorithms exposed from America's National Security Agency. Ryuk attacks specific businesses with little room for operational disruption and is among the most lucrative versions of crypto-ransomware. High publicized victims include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturing company located in the Chicago metro area and has about 500 workers. The Ryuk penetration had shut down all essential operations and manufacturing processes. The majority of the client's backups had been directly accessible at the start of the attack and were encrypted. The client was pursuing financing for paying the ransom (in excess of $200,000) and praying for good luck, but ultimately brought in Progent.
Progent worked hand in hand the customer to quickly determine and prioritize the key areas that needed to be restored to make it possible to resume departmental operations:
Within 48 hours, Progent was able to re-build Active Directory to its pre-penetration state. Progent then charged ahead with reinstallations and storage recovery on the most important servers. All Exchange data and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was able to collect non-encrypted OST data files (Microsoft Outlook Off-Line Folder Files) on various workstations and laptops to recover mail information. A not too old off-line backup of the customer's manufacturing systems made them able to recover these required applications back online for users. Although a lot of work still had to be done to recover completely from the Ryuk event, the most important services were restored quickly:
During the next few weeks important milestones in the restoration project were achieved in close collaboration between Progent engineers and the customer:
Conclusion
A likely business-killing catastrophe was evaded by results-oriented experts, a broad spectrum of knowledge, and tight teamwork. Although in post mortem the ransomware incident described here would have been identified and blocked with modern security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, team education, and appropriate incident response procedures for information protection and proper patching controls, the reality remains that state-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do fall victim to a crypto-ransomware incident, remember that Progent's team of experts has substantial experience in ransomware virus blocking, removal, and file recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Services in Dallas
For ransomware system restoration consulting in the Dallas metro area, phone Progent at