Ransomware : Your Crippling IT Catastrophe
Ransomware has become a too-frequent cyber pandemic that represents an existential threat for businesses unprepared for an attack. Different iterations of crypto-ransomware like the CryptoLocker, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been circulating for many years and still cause damage. Newer variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as additional unnamed malware, not only encrypt on-line files but also infect most available system protection mechanisms. Information synched to the cloud can also be corrupted. In a poorly architected environment, this can render automatic restore operations useless and effectively knocks the network back to square one.
Restoring services and information following a ransomware event becomes a sprint against time as the targeted business tries its best to stop the spread, clear the ransomware, and restore business-critical activity. Due to the fact that crypto-ransomware takes time to replicate throughout a network, penetrations are usually sprung during weekends and nights, when successful penetrations in many cases take longer to identify. This multiplies the difficulty of promptly mobilizing and organizing an experienced response team.
Progent offers an assortment of support services for protecting Dayton businesses from ransomware penetrations. These include staff training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based threat protection to identify and suppress zero-day malware attacks. Progent also offers the services of expert ransomware recovery engineers with the talent and perseverance to restore a breached system as rapidly as possible.
Progent's Ransomware Restoration Help
Subsequent to a crypto-ransomware penetration, even paying the ransom in cryptocurrency does not ensure that distant criminals will return the keys to decrypt any of your data. Kaspersky Labs determined that 17% of ransomware victims never recovered their data even after having sent off the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom can reach millions. The fallback is to setup from scratch the critical components of your IT environment. Without the availability of essential system backups, this requires a broad range of skill sets, top notch project management, and the ability to work continuously until the recovery project is over.
For decades, Progent has provided certified expert IT services for businesses across the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have been awarded top industry certifications in leading technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security experts have garnered internationally-renowned industry certifications including CISA, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience in accounting and ERP application software. This breadth of expertise affords Progent the ability to efficiently identify critical systems and re-organize the surviving components of your Information Technology environment following a crypto-ransomware event and configure them into an operational system.
Progent's recovery group has powerful project management tools to coordinate the complex recovery process. Progent appreciates the importance of working swiftly and in concert with a customer's management and IT resources to prioritize tasks and to get key services back on-line as soon as humanly possible.
Business Case Study: A Successful Crypto-Ransomware Virus Response
A business hired Progent after their organization was brought down by Ryuk ransomware. Ryuk is thought to have been deployed by North Korean state sponsored cybercriminals, suspected of adopting technology exposed from the United States NSA organization. Ryuk targets specific organizations with little tolerance for operational disruption and is among the most lucrative versions of ransomware viruses. High publicized targets include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a regional manufacturing company based in Chicago and has about 500 workers. The Ryuk penetration had paralyzed all company operations and manufacturing capabilities. The majority of the client's system backups had been directly accessible at the start of the intrusion and were destroyed. The client was taking steps for paying the ransom demand (exceeding $200,000) and hoping for the best, but in the end made the decision to use Progent.
Progent worked with the customer to quickly determine and assign priority to the essential elements that had to be restored to make it possible to resume company operations:
Within two days, Progent was able to re-build Active Directory services to its pre-virus state. Progent then assisted with rebuilding and storage recovery on needed systems. All Exchange Server data and attributes were intact, which greatly helped the restore of Exchange. Progent was able to collect intact OST files (Microsoft Outlook Off-Line Data Files) on various desktop computers in order to recover email data. A recent offline backup of the client's financials/ERP systems made them able to restore these essential applications back online for users. Although significant work needed to be completed to recover totally from the Ryuk virus, essential services were restored rapidly:
During the next couple of weeks important milestones in the recovery project were completed in tight collaboration between Progent team members and the client:
Conclusion
A possible company-ending catastrophe was avoided with hard-working professionals, a wide spectrum of knowledge, and close teamwork. Although upon completion of forensics the crypto-ransomware attack described here would have been identified and stopped with current cyber security technology solutions and security best practices, team training, and well designed security procedures for information protection and proper patching controls, the reality is that government-sponsored cyber criminals from Russia, China and elsewhere are relentless and are an ongoing threat. If you do get hit by a ransomware incident, feel confident that Progent's team of experts has proven experience in ransomware virus blocking, cleanup, and data disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Expertise in Dayton
For ransomware cleanup services in the Dayton area, phone Progent at