Ransomware : Your Feared Information Technology Disaster
Crypto-Ransomware has become a modern cyber pandemic that presents an enterprise-level danger for businesses of all sizes vulnerable to an attack. Multiple generations of crypto-ransomware like the CrySIS, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for years and continue to inflict havoc. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, as well as additional as yet unnamed malware, not only perform encryption of on-line information but also infect all accessible system backups. Information synched to cloud environments can also be ransomed. In a poorly designed system, this can render automated restoration useless and effectively knocks the entire system back to zero.
Getting back on-line programs and data after a ransomware intrusion becomes a sprint against time as the targeted organization tries its best to stop lateral movement, cleanup the ransomware, and restore business-critical operations. Because crypto-ransomware needs time to replicate across a network, attacks are usually launched at night, when successful attacks typically take more time to identify. This compounds the difficulty of quickly marshalling and orchestrating an experienced response team.
Progent provides a variety of solutions for protecting Yonkers organizations from crypto-ransomware attacks. Among these are staff training to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based threat defense to identify and extinguish day-zero modern malware assaults. Progent in addition provides the assistance of seasoned crypto-ransomware recovery professionals with the track record and perseverance to re-deploy a breached network as rapidly as possible.
Progent's Ransomware Restoration Services
Following a ransomware event, sending the ransom demands in cryptocurrency does not ensure that cyber hackers will respond with the needed keys to unencrypt all your data. Kaspersky Labs determined that seventeen percent of ransomware victims never recovered their data after having paid the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom can reach millions. The fallback is to setup from scratch the vital parts of your Information Technology environment. Without the availability of complete system backups, this calls for a wide range of skill sets, well-coordinated team management, and the willingness to work continuously until the recovery project is finished.
For decades, Progent has made available expert Information Technology services for businesses throughout the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have earned high-level certifications in important technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has expertise in financial systems and ERP applications. This breadth of experience gives Progent the capability to knowledgably understand important systems and integrate the remaining pieces of your network system after a crypto-ransomware penetration and assemble them into an operational system.
Progent's ransomware team of experts has top notch project management tools to coordinate the complex restoration process. Progent understands the urgency of acting rapidly and in unison with a customer's management and Information Technology staff to prioritize tasks and to get key services back online as fast as possible.
Client Case Study: A Successful Ransomware Attack Restoration
A small business contacted Progent after their organization was attacked by the Ryuk ransomware. Ryuk is believed to have been developed by North Korean state sponsored criminal gangs, suspected of adopting algorithms leaked from America's NSA organization. Ryuk goes after specific businesses with limited tolerance for operational disruption and is among the most lucrative incarnations of ransomware viruses. Major targets include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturer based in Chicago with about 500 employees. The Ryuk event had brought down all essential operations and manufacturing capabilities. Most of the client's data protection had been directly accessible at the start of the intrusion and were encrypted. The client was evaluating paying the ransom demand (in excess of $200,000) and praying for the best, but in the end utilized Progent.
Progent worked with the client to rapidly understand and prioritize the critical elements that needed to be restored to make it possible to resume departmental operations:
In less than 2 days, Progent was able to recover Active Directory services to its pre-penetration state. Progent then completed setup and hard drive recovery on key systems. All Exchange data and attributes were usable, which facilitated the rebuild of Exchange. Progent was able to locate local OST data files (Outlook Offline Data Files) on staff PCs and laptops in order to recover email information. A recent off-line backup of the client's manufacturing systems made it possible to restore these required services back online. Although significant work remained to recover fully from the Ryuk damage, the most important systems were recovered quickly:
During the next couple of weeks important milestones in the restoration process were completed in tight cooperation between Progent engineers and the customer:
Conclusion
A likely enterprise-killing disaster was averted due to hard-working experts, a broad range of IT skills, and close collaboration. Although in analyzing the event afterwards the ransomware virus penetration described here should have been identified and stopped with advanced cyber security solutions and best practices, team training, and well designed incident response procedures for backup and keeping systems up to date with security patches, the reality is that government-sponsored cybercriminals from China, North Korea and elsewhere are relentless and will continue. If you do fall victim to a crypto-ransomware penetration, feel confident that Progent's roster of experts has substantial experience in crypto-ransomware virus defense, remediation, and file restoration.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Services in Yonkers
For ransomware system restoration consulting in the Yonkers metro area, call Progent at