Ransomware : Your Feared Information Technology Nightmare
Ransomware has become a too-frequent cyber pandemic that poses an extinction-level danger for businesses of all sizes unprepared for an assault. Versions of crypto-ransomware like the Reveton, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been running rampant for years and still cause damage. More recent versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, as well as more unnamed viruses, not only do encryption of on-line information but also infiltrate many accessible system restores and backups. Data replicated to off-site disaster recovery sites can also be corrupted. In a poorly architected data protection solution, it can render any restore operations useless and effectively sets the datacenter back to square one.
Getting back on-line services and data following a ransomware intrusion becomes a race against the clock as the targeted organization tries its best to stop the spread and eradicate the crypto-ransomware and to resume business-critical activity. Because ransomware needs time to spread, assaults are frequently launched during nights and weekends, when penetrations tend to take longer to detect. This multiplies the difficulty of rapidly marshalling and coordinating an experienced mitigation team.
Progent has a range of solutions for securing Dayton enterprises from ransomware attacks. These include staff training to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat defense to identify and suppress day-zero malware attacks. Progent also offers the assistance of expert ransomware recovery engineers with the skills and commitment to rebuild a compromised system as urgently as possible.
Progent's Crypto-Ransomware Restoration Services
Subsequent to a crypto-ransomware attack, sending the ransom demands in Bitcoin cryptocurrency does not provide any assurance that merciless criminals will respond with the needed keys to decipher any of your data. Kaspersky Labs estimated that 17% of ransomware victims never restored their information after having paid the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is significantly above the usual ransomware demands, which ZDNET determined to be approximately $13,000 for smaller organizations. The alternative is to setup from scratch the critical parts of your IT environment. Without the availability of complete information backups, this requires a wide range of skill sets, well-coordinated team management, and the willingness to work 24x7 until the job is completed.
For two decades, Progent has made available certified expert Information Technology services for companies throughout the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have been awarded advanced certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity engineers have earned internationally-renowned industry certifications including CISM, CISSP-ISSAP, CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise with accounting and ERP applications. This breadth of expertise provides Progent the skills to rapidly understand necessary systems and re-organize the remaining pieces of your network environment after a ransomware penetration and assemble them into a functioning system.
Progent's recovery team has top notch project management systems to orchestrate the sophisticated restoration process. Progent knows the importance of acting quickly and together with a client's management and Information Technology team members to assign priority to tasks and to get the most important systems back on-line as soon as humanly possible.
Client Case Study: A Successful Crypto-Ransomware Attack Response
A business hired Progent after their company was attacked by the Ryuk crypto-ransomware. Ryuk is believed to have been developed by North Korean state sponsored criminal gangs, suspected of adopting strategies leaked from America's National Security Agency. Ryuk seeks specific organizations with little or no tolerance for operational disruption and is one of the most lucrative incarnations of ransomware malware. High publicized targets include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturing business located in Chicago and has about 500 workers. The Ryuk penetration had frozen all company operations and manufacturing capabilities. Most of the client's backups had been on-line at the time of the intrusion and were destroyed. The client was actively seeking loans for paying the ransom (in excess of $200K) and hoping for good luck, but in the end made the decision to use Progent.
Progent worked hand in hand the customer to quickly identify and prioritize the essential areas that had to be recovered to make it possible to continue departmental functions:
In less than 48 hours, Progent was able to recover Windows Active Directory to its pre-penetration state. Progent then initiated reinstallations and hard drive recovery of critical applications. All Exchange data and configuration information were intact, which facilitated the rebuild of Exchange. Progent was able to locate intact OST data files (Microsoft Outlook Off-Line Data Files) on team workstations in order to recover email data. A recent offline backup of the client's financials/ERP software made it possible to recover these essential applications back servicing users. Although significant work still had to be done to recover completely from the Ryuk event, core systems were restored quickly:
Throughout the following month important milestones in the recovery process were accomplished in tight collaboration between Progent team members and the customer:
Conclusion
A probable enterprise-killing catastrophe was evaded through the efforts of dedicated experts, a broad spectrum of subject matter expertise, and tight teamwork. Although upon completion of forensics the ransomware penetration detailed here could have been disabled with advanced cyber security solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator training, and appropriate security procedures for data protection and applying software patches, the fact remains that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a ransomware attack, feel confident that Progent's roster of experts has a proven track record in ransomware virus blocking, cleanup, and file recovery.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Expertise in Dayton
For ransomware cleanup services in the Dayton metro area, call Progent at