Ransomware : Your Feared IT Nightmare
Crypto-Ransomware has become an escalating cyber pandemic that represents an extinction-level threat for businesses unprepared for an attack. Versions of crypto-ransomware like the CrySIS, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been around for years and continue to inflict havoc. Newer versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, plus daily unnamed viruses, not only do encryption of online information but also infect most configured system restores and backups. Files synchronized to the cloud can also be corrupted. In a poorly designed system, this can render any recovery impossible and effectively knocks the datacenter back to zero.
Retrieving services and information after a crypto-ransomware intrusion becomes a race against the clock as the victim struggles to contain and remove the crypto-ransomware and to resume business-critical activity. Due to the fact that ransomware requires time to replicate, assaults are usually sprung during weekends and nights, when attacks tend to take longer to uncover. This compounds the difficulty of promptly assembling and organizing a knowledgeable response team.
Progent provides a variety of support services for securing Des Moines organizations from ransomware attacks. Among these are user training to help recognize and avoid phishing scams, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus setup and configuration of the latest generation security solutions with machine learning technology to rapidly detect and suppress day-zero threats. Progent in addition can provide the services of seasoned ransomware recovery consultants with the skills and perseverance to reconstruct a compromised network as soon as possible.
Progent's Ransomware Recovery Support Services
After a ransomware penetration, sending the ransom in Bitcoin cryptocurrency does not guarantee that merciless criminals will provide the codes to decipher any of your data. Kaspersky determined that seventeen percent of ransomware victims never restored their data even after having paid the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the typical ransomware demands, which ZDNET determined to be around $13,000 for small businesses. The other path is to re-install the key components of your Information Technology environment. Absent access to essential information backups, this requires a broad complement of IT skills, top notch team management, and the willingness to work 24x7 until the recovery project is finished.
For twenty years, Progent has provided professional Information Technology services for companies across the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have attained high-level industry certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity engineers have garnered internationally-renowned industry certifications including CISM, CISSP, CRISC, and GIAC. (Visit Progent's certifications). Progent in addition has expertise in financial systems and ERP application software. This breadth of expertise gives Progent the ability to quickly ascertain important systems and consolidate the surviving components of your network environment following a ransomware event and rebuild them into a functioning system.
Progent's recovery team of experts deploys best of breed project management systems to orchestrate the complex restoration process. Progent appreciates the urgency of acting swiftly and in unison with a client's management and IT team members to assign priority to tasks and to put key services back online as soon as humanly possible.
Business Case Study: A Successful Ransomware Attack Recovery
A client contacted Progent after their company was brought down by the Ryuk ransomware virus. Ryuk is generally considered to have been developed by North Korean state cybercriminals, possibly adopting technology exposed from America’s National Security Agency. Ryuk targets specific companies with little or no ability to sustain operational disruption and is one of the most profitable iterations of ransomware. High publicized organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturer located in Chicago with about 500 staff members. The Ryuk event had frozen all company operations and manufacturing processes. The majority of the client's information backups had been online at the beginning of the attack and were eventually encrypted. The client was pursuing financing for paying the ransom demand (exceeding $200K) and praying for good luck, but ultimately made the decision to use Progent.
Progent worked with the customer to rapidly get our arms around and assign priority to the essential areas that needed to be recovered to make it possible to continue business operations:
In less than two days, Progent was able to recover Active Directory services to its pre-penetration state. Progent then performed rebuilding and storage recovery of critical servers. All Exchange Server schema and attributes were usable, which accelerated the restore of Exchange. Progent was also able to assemble non-encrypted OST files (Microsoft Outlook Off-Line Data Files) on team desktop computers and laptops to recover mail information. A recent off-line backup of the client's accounting systems made it possible to restore these essential services back online for users. Although a lot of work remained to recover totally from the Ryuk damage, critical systems were restored rapidly:
During the following couple of weeks important milestones in the recovery process were achieved through close cooperation between Progent engineers and the client:
Conclusion
A probable business-ending catastrophe was dodged due to hard-working experts, a broad spectrum of subject matter expertise, and tight collaboration. Although in retrospect the ransomware attack detailed here could have been shut down with current cyber security solutions and ISO/IEC 27001 best practices, user and IT administrator training, and well designed security procedures for information protection and keeping systems up to date with security patches, the reality remains that state-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and will continue. If you do fall victim to a crypto-ransomware incursion, remember that Progent's team of experts has proven experience in ransomware virus blocking, cleanup, and data recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Des Moines
For ransomware system recovery expertise in the Des Moines metro area, call Progent at