Ransomware : Your Feared Information Technology Catastrophe
Ransomware has become a too-frequent cyberplague that poses an enterprise-level threat for businesses poorly prepared for an assault. Different iterations of crypto-ransomware such as CryptoLocker, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been running rampant for a long time and continue to inflict harm. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, along with daily as yet unnamed viruses, not only do encryption of online information but also infect all configured system backup. Data synchronized to the cloud can also be rendered useless. In a vulnerable system, this can render any restoration useless and effectively knocks the network back to square one.
Getting back on-line applications and data following a ransomware outage becomes a race against the clock as the victim fights to contain and clear the ransomware and to restore business-critical operations. Since ransomware needs time to spread, penetrations are usually sprung during nights and weekends, when penetrations are likely to take longer to notice. This compounds the difficulty of quickly marshalling and orchestrating an experienced response team.
Progent has an assortment of services for securing Edison enterprises from ransomware penetrations. These include team member training to help recognize and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's AI-based cyberthreat protection to detect and disable day-zero malware attacks. Progent also can provide the assistance of experienced ransomware recovery engineers with the track record and perseverance to rebuild a compromised network as quickly as possible.
Progent's Ransomware Recovery Support Services
Following a ransomware attack, sending the ransom in Bitcoin cryptocurrency does not ensure that criminal gangs will provide the needed keys to decipher any or all of your data. Kaspersky Labs estimated that 17% of ransomware victims never recovered their information after having paid the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the usual ransomware demands, which ZDNET determined to be in the range of $13,000 for smaller businesses. The fallback is to piece back together the vital elements of your Information Technology environment. Absent the availability of full data backups, this requires a wide complement of IT skills, well-coordinated team management, and the willingness to work continuously until the recovery project is over.
For decades, Progent has made available certified expert Information Technology services for businesses across the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have been awarded top industry certifications in key technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally-renowned industry certifications including CISM, CISSP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has expertise in financial management and ERP software solutions. This breadth of expertise gives Progent the ability to knowledgably understand necessary systems and re-organize the remaining parts of your computer network system following a ransomware penetration and assemble them into a functioning system.
Progent's recovery team of experts has powerful project management tools to coordinate the complex recovery process. Progent understands the importance of working quickly and in concert with a client's management and IT resources to prioritize tasks and to get essential services back online as fast as possible.
Customer Case Study: A Successful Ransomware Attack Recovery
A customer engaged Progent after their network system was crashed by Ryuk ransomware. Ryuk is generally considered to have been created by North Korean state cybercriminals, possibly using algorithms leaked from the U.S. National Security Agency. Ryuk targets specific businesses with little or no room for operational disruption and is among the most lucrative examples of ransomware. Well Known victims include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturer based in Chicago with around 500 staff members. The Ryuk penetration had disabled all company operations and manufacturing capabilities. Most of the client's data backups had been online at the start of the intrusion and were eventually encrypted. The client was evaluating paying the ransom demand (exceeding two hundred thousand dollars) and hoping for the best, but in the end engaged Progent.
Progent worked with the client to quickly assess and assign priority to the mission critical applications that needed to be restored in order to resume business functions:
Within two days, Progent was able to rebuild Windows Active Directory to its pre-attack state. Progent then helped perform reinstallations and hard drive recovery of essential servers. All Exchange Server ties and configuration information were intact, which greatly helped the restore of Exchange. Progent was able to find non-encrypted OST files (Outlook Offline Folder Files) on various desktop computers in order to recover email messages. A not too old offline backup of the client's accounting/MRP systems made it possible to return these essential programs back available to users. Although a lot of work was left to recover fully from the Ryuk damage, critical services were recovered quickly:
Throughout the next couple of weeks key milestones in the recovery project were completed in close collaboration between Progent engineers and the customer:
Conclusion
A probable business-killing catastrophe was dodged with top-tier professionals, a broad range of knowledge, and close teamwork. Although in post mortem the ransomware virus penetration described here could have been identified and blocked with up-to-date security technology and security best practices, user and IT administrator education, and well thought out security procedures for information backup and keeping systems up to date with security patches, the reality is that state-sponsored cybercriminals from Russia, China and elsewhere are relentless and are not going away. If you do get hit by a crypto-ransomware virus, feel confident that Progent's roster of professionals has proven experience in crypto-ransomware virus blocking, remediation, and file restoration.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Expertise in Edison
For ransomware system restoration consulting services in the Edison area, phone Progent at