Ransomware Prevention and Recovery Expertise Dallas

Crypto-Ransomware : Your Crippling IT Disaster
Ransomware has become a too-frequent cyberplague that represents an extinction-level threat for organizations poorly prepared for an assault. Multiple generations of ransomware such as CrySIS, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for many years and continue to inflict havoc. Modern strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Lockbit and Egregor, along with daily as yet unnamed malware, not only encrypt on-line critical data but also infect any accessible system restores and backups. Data synchronized to the cloud can also be encrypted. In a poorly designed data protection solution, this can render automated recovery impossible and basically sets the network back to zero.

Restoring programs and data following a crypto-ransomware intrusion becomes a sprint against the clock as the victim struggles to stop the spread and remove the ransomware and to resume business-critical operations. Since ransomware requires time to spread, attacks are usually sprung during weekends and nights, when successful penetrations in many cases take more time to uncover. This multiplies the difficulty of quickly mobilizing and organizing an experienced response team.

Progent provides an assortment of services for securing Dallas businesses from crypto-ransomware events. Among these are staff training to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, along with deployment of the latest generation security appliances with AI technology to intelligently detect and disable zero-day threats. Progent in addition provides the assistance of veteran ransomware recovery professionals with the skills and perseverance to restore a compromised system as quickly as possible.

Progent's Crypto-Ransomware Recovery Support Services
Subsequent to a crypto-ransomware event, even paying the ransom demands in Bitcoin cryptocurrency does not ensure that cyber criminals will respond with the codes to decrypt any of your files. Kaspersky Labs determined that seventeen percent of crypto-ransomware victims never restored their files even after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the usual ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller businesses. The other path is to piece back together the vital components of your IT environment. Absent access to complete system backups, this requires a wide complement of IT skills, top notch team management, and the capability to work non-stop until the task is complete.

For decades, Progent has offered expert Information Technology services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have earned high-level industry certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-renowned certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise with financial systems and ERP application software. This breadth of experience provides Progent the ability to efficiently determine necessary systems and organize the surviving pieces of your Information Technology system after a crypto-ransomware attack and configure them into a functioning network.

Progent's security team of experts has state-of-the-art project management tools to orchestrate the complicated recovery process. Progent knows the urgency of acting swiftly and together with a customer’s management and Information Technology team members to assign priority to tasks and to put the most important systems back on-line as soon as possible.

Business Case Study: A Successful Ransomware Virus Restoration
A client engaged Progent after their organization was attacked by the Ryuk ransomware. Ryuk is generally considered to have been deployed by North Korean state cybercriminals, possibly adopting strategies exposed from America’s NSA organization. Ryuk goes after specific organizations with limited room for operational disruption and is among the most profitable instances of ransomware. Major organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturing company based in the Chicago metro area and has around 500 workers. The Ryuk intrusion had paralyzed all business operations and manufacturing processes. Most of the client's information backups had been on-line at the beginning of the intrusion and were encrypted. The client was taking steps for paying the ransom demand (exceeding $200,000) and hoping for good luck, but in the end called Progent.

Progent worked hand in hand the client to quickly determine and prioritize the critical elements that had to be recovered in order to restart departmental functions:

• Active Directory
• E-Mail
• MRP System

In less than 2 days, Progent was able to restore Active Directory to its pre-intrusion state. Progent then completed reinstallations and storage recovery on the most important servers. All Exchange Server schema and attributes were intact, which accelerated the restore of Exchange. Progent was able to locate intact OST files (Outlook Off-Line Data Files) on staff PCs to recover email data. A not too old offline backup of the client's accounting/ERP software made them able to recover these essential services back online. Although significant work was left to recover completely from the Ryuk damage, the most important systems were recovered rapidly:

Throughout the next couple of weeks key milestones in the recovery project were made through tight collaboration between Progent engineers and the customer:

• Internal web applications were returned to operation without losing any data.
• The MailStore Microsoft Exchange Server exceeding four million historical messages was brought online and available for users.
• CRM/Product Ordering/Invoices/Accounts Payable (AP)/Accounts Receivables/Inventory Control modules were 100 percent operational.
• A new Palo Alto Networks 850 firewall was deployed.
• Nearly all of the user workstations were being used by staff.

Conclusion
A possible enterprise-killing disaster was averted with hard-working professionals, a wide array of IT skills, and tight teamwork. Although upon completion of forensics the crypto-ransomware penetration detailed here could have been identified and stopped with advanced cyber security technology and security best practices, team training, and properly executed security procedures for information backup and applying software patches, the fact is that state-sponsored cyber criminals from China, Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a crypto-ransomware penetration, remember that Progent's roster of experts has proven experience in ransomware virus defense, remediation, and file recovery.

Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist