Ransomware Filtering and Removal Expertise Dallas

Ransomware : Your Feared Information Technology Catastrophe
Crypto-Ransomware has become an escalating cyberplague that presents an extinction-level danger for organizations vulnerable to an attack. Different versions of ransomware such as CryptoLocker, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been circulating for many years and still cause damage. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with daily as yet unnamed malware, not only do encryption of on-line data but also infect any accessible system backup. Information synchronized to cloud environments can also be corrupted. In a poorly architected environment, this can make any recovery useless and basically knocks the datacenter back to square one.

Restoring programs and information after a crypto-ransomware attack becomes a sprint against the clock as the targeted business struggles to contain and cleanup the virus and to resume business-critical operations. Due to the fact that ransomware takes time to spread, attacks are frequently launched during nights and weekends, when successful penetrations in many cases take more time to discover. This compounds the difficulty of promptly mobilizing and organizing a knowledgeable mitigation team.

Progent provides an assortment of help services for protecting Dallas organizations from crypto-ransomware events. Among these are team training to help identify and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus installation of modern security appliances with AI technology to quickly identify and quarantine new threats. Progent also offers the assistance of veteran ransomware recovery professionals with the skills and commitment to restore a breached system as soon as possible.

Progent's Crypto-Ransomware Restoration Help
After a crypto-ransomware attack, sending the ransom demands in cryptocurrency does not guarantee that cyber hackers will respond with the keys to unencrypt any or all of your information. Kaspersky estimated that 17% of crypto-ransomware victims never recovered their files even after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the typical crypto-ransomware demands, which ZDNET estimated to be around $13,000 for smaller businesses. The alternative is to re-install the key components of your IT environment. Absent access to full information backups, this requires a broad complement of skills, well-coordinated project management, and the capability to work non-stop until the job is done.

For twenty years, Progent has provided professional Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have attained top certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have garnered internationally-recognized certifications including CISA, CISSP, CRISC, and GIAC. (Refer to Progent's certifications). Progent also has expertise in financial systems and ERP application software. This breadth of expertise affords Progent the ability to rapidly understand critical systems and organize the remaining pieces of your Information Technology system following a ransomware penetration and rebuild them into a functioning system.

Progent's security team of experts has best of breed project management applications to coordinate the complicated recovery process. Progent appreciates the importance of working quickly and in unison with a customer’s management and IT resources to assign priority to tasks and to get critical services back on line as fast as possible.

Client Story: A Successful Ransomware Intrusion Restoration
A client contacted Progent after their organization was attacked by Ryuk ransomware virus. Ryuk is generally considered to have been created by North Korean state sponsored cybercriminals, suspected of using algorithms exposed from the U.S. NSA organization. Ryuk seeks specific businesses with little room for disruption and is one of the most lucrative versions of ransomware. Well Known organizations include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing business based in Chicago and has around 500 workers. The Ryuk intrusion had paralyzed all essential operations and manufacturing processes. Most of the client's information backups had been online at the start of the attack and were eventually encrypted. The client was taking steps for paying the ransom (exceeding $200K) and hoping for good luck, but ultimately called Progent.

Progent worked hand in hand the customer to quickly get our arms around and prioritize the key systems that had to be recovered to make it possible to restart company operations:

• Windows Active Directory
• Microsoft Exchange Server
• Accounting/MRP

In less than 48 hours, Progent was able to rebuild Active Directory services to its pre-penetration state. Progent then charged ahead with setup and storage recovery on needed applications. All Microsoft Exchange Server data and configuration information were usable, which accelerated the rebuild of Exchange. Progent was able to locate non-encrypted OST files (Outlook Offline Data Files) on staff workstations to recover email data. A not too old offline backup of the businesses manufacturing systems made them able to recover these required services back online. Although major work still had to be done to recover totally from the Ryuk event, essential services were restored quickly:

Throughout the next couple of weeks key milestones in the recovery process were made through close cooperation between Progent team members and the customer:

• In-house web sites were brought back up without losing any information.
• The MailStore Microsoft Exchange Server containing more than 4 million archived messages was brought on-line and accessible to users.
• CRM/Product Ordering/Invoices/Accounts Payable/Accounts Receivables (AR)/Inventory capabilities were 100 percent restored.
• A new Palo Alto Networks 850 firewall was set up and programmed.
• Ninety percent of the user desktops were functioning as before the incident.

Conclusion
A possible company-ending catastrophe was evaded due to results-oriented experts, a wide array of knowledge, and close teamwork. Although in hindsight the crypto-ransomware virus attack detailed here could have been identified and blocked with modern security technology and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator education, and appropriate incident response procedures for information protection and proper patching controls, the reality remains that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incident, remember that Progent's team of experts has extensive experience in ransomware virus blocking, cleanup, and file recovery.

Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist