Ransomware : Your Feared IT Catastrophe
Crypto-Ransomware has become a modern cyber pandemic that represents an extinction-level danger for businesses of all sizes vulnerable to an assault. Different iterations of crypto-ransomware such as CryptoLocker, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been running rampant for a long time and continue to inflict damage. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus more as yet unnamed malware, not only do encryption of online information but also infiltrate most accessible system protection. Data replicated to the cloud can also be corrupted. In a vulnerable data protection solution, it can render automated recovery useless and effectively knocks the datacenter back to square one.
Recovering applications and information following a ransomware event becomes a race against time as the targeted organization fights to stop lateral movement and eradicate the virus and to restore mission-critical operations. Due to the fact that crypto-ransomware requires time to move laterally, assaults are frequently launched on weekends, when penetrations may take more time to detect. This multiplies the difficulty of quickly assembling and coordinating a capable response team.
Progent makes available a range of solutions for protecting Dayton businesses from ransomware events. Among these are team member training to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based threat protection to discover and extinguish zero-day malware attacks. Progent also can provide the assistance of veteran crypto-ransomware recovery professionals with the skills and perseverance to reconstruct a compromised network as rapidly as possible.
Progent's Ransomware Restoration Services
Following a crypto-ransomware event, paying the ransom demands in Bitcoin cryptocurrency does not ensure that merciless criminals will return the needed keys to unencrypt any or all of your files. Kaspersky Labs ascertained that 17% of ransomware victims never restored their information after having sent off the ransom, resulting in increased losses. The gamble is also expensive. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the typical crypto-ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The alternative is to setup from scratch the essential elements of your IT environment. Absent the availability of essential data backups, this requires a wide range of skills, professional project management, and the ability to work continuously until the recovery project is completed.
For twenty years, Progent has provided professional IT services for businesses throughout the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have been awarded advanced certifications in key technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have earned internationally-renowned industry certifications including CISM, CISSP-ISSAP, CRISC, and GIAC. (Refer to Progent's certifications). Progent also has experience with accounting and ERP software solutions. This breadth of experience affords Progent the ability to rapidly understand necessary systems and organize the surviving pieces of your IT system following a ransomware event and assemble them into an operational system.
Progent's ransomware team deploys best of breed project management applications to orchestrate the complex recovery process. Progent understands the urgency of acting quickly and together with a customer's management and Information Technology staff to prioritize tasks and to get essential services back on line as fast as humanly possible.
Client Case Study: A Successful Crypto-Ransomware Attack Restoration
A business escalated to Progent after their network system was taken over by the Ryuk crypto-ransomware. Ryuk is believed to have been developed by Northern Korean state criminal gangs, suspected of adopting algorithms exposed from America's National Security Agency. Ryuk seeks specific companies with little or no tolerance for disruption and is one of the most profitable versions of ransomware. Well Known organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturing company based in the Chicago metro area with around 500 employees. The Ryuk penetration had paralyzed all company operations and manufacturing processes. The majority of the client's information backups had been directly accessible at the start of the attack and were destroyed. The client was actively seeking loans for paying the ransom demand (exceeding $200,000) and praying for the best, but ultimately called Progent.
Progent worked together with the customer to quickly understand and assign priority to the critical services that had to be addressed in order to resume departmental operations:
Within 48 hours, Progent was able to re-build Active Directory to its pre-intrusion state. Progent then accomplished rebuilding and hard drive recovery on key applications. All Microsoft Exchange Server data and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to find intact OST data files (Outlook Email Offline Data Files) on team desktop computers and laptops in order to recover mail information. A recent offline backup of the customer's financials/ERP systems made it possible to return these vital programs back on-line. Although a lot of work needed to be completed to recover fully from the Ryuk attack, critical services were returned to operations rapidly:
Over the following month critical milestones in the restoration project were achieved in tight cooperation between Progent engineers and the client:
Conclusion
A potential enterprise-killing disaster was evaded through the efforts of hard-working experts, a wide range of knowledge, and tight collaboration. Although in hindsight the ransomware virus attack detailed here should have been identified and stopped with up-to-date cyber security systems and security best practices, user training, and well designed incident response procedures for data backup and proper patching controls, the fact is that government-sponsored hackers from China, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a ransomware attack, feel confident that Progent's roster of experts has a proven track record in ransomware virus blocking, removal, and information systems recovery.
Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this customer story, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Dayton
For ransomware system restoration consulting in the Dayton metro area, phone Progent at