Crypto-Ransomware : Your Worst IT Disaster
Crypto-Ransomware has become an escalating cyber pandemic that poses an enterprise-level threat for businesses of all sizes vulnerable to an assault. Different versions of ransomware like the Reveton, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been circulating for many years and still cause damage. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, along with frequent as yet unnamed malware, not only encrypt online files but also infect any accessible system backup. Information synchronized to the cloud can also be encrypted. In a poorly designed data protection solution, it can make any recovery hopeless and basically knocks the datacenter back to square one.
Restoring programs and information following a ransomware intrusion becomes a sprint against the clock as the targeted business tries its best to stop lateral movement, remove the ransomware, and restore mission-critical operations. Due to the fact that crypto-ransomware requires time to move laterally across a network, attacks are often sprung at night, when successful attacks may take longer to uncover. This multiplies the difficulty of promptly assembling and organizing an experienced response team.
Progent offers a range of services for protecting Yonkers enterprises from ransomware attacks. These include team member training to help identify and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat defense to detect and quarantine zero-day modern malware assaults. Progent in addition provides the assistance of expert ransomware recovery engineers with the talent and perseverance to restore a compromised network as rapidly as possible.
Progent's Crypto-Ransomware Restoration Support Services
Soon after a crypto-ransomware penetration, paying the ransom in cryptocurrency does not provide any assurance that cyber hackers will respond with the codes to decrypt any or all of your files. Kaspersky Labs determined that 17% of crypto-ransomware victims never restored their information even after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms are often several hundred thousand dollars. For larger organizations, the ransom can be in the millions of dollars. The alternative is to piece back together the essential parts of your Information Technology environment. Without access to essential system backups, this calls for a broad complement of skill sets, top notch project management, and the ability to work 24x7 until the job is completed.
For two decades, Progent has offered certified expert Information Technology services for companies throughout the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have been awarded top certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have earned internationally-recognized industry certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has experience in financial systems and ERP application software. This breadth of experience gives Progent the skills to quickly ascertain necessary systems and integrate the remaining components of your network system following a ransomware event and assemble them into a functioning network.
Progent's ransomware team has best of breed project management applications to orchestrate the complex recovery process. Progent appreciates the importance of working swiftly and in unison with a client's management and Information Technology team members to assign priority to tasks and to put the most important systems back online as soon as possible.
Client Story: A Successful Ransomware Penetration Recovery
A customer engaged Progent after their network was penetrated by Ryuk ransomware. Ryuk is believed to have been created by North Korean state hackers, suspected of using strategies leaked from the United States NSA organization. Ryuk attacks specific organizations with little or no ability to sustain disruption and is among the most lucrative instances of ransomware viruses. Headline targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing business headquartered in Chicago and has about 500 workers. The Ryuk penetration had shut down all business operations and manufacturing capabilities. Most of the client's data protection had been directly accessible at the start of the attack and were destroyed. The client was pursuing financing for paying the ransom demand (in excess of $200K) and wishfully thinking for the best, but ultimately engaged Progent.
Progent worked together with the customer to rapidly determine and assign priority to the essential services that had to be recovered in order to resume business operations:
Within 2 days, Progent was able to re-build Active Directory services to its pre-virus state. Progent then helped perform reinstallations and hard drive recovery of critical servers. All Exchange data and configuration information were usable, which accelerated the rebuild of Exchange. Progent was also able to find local OST data files (Microsoft Outlook Offline Folder Files) on staff PCs to recover mail information. A recent off-line backup of the businesses financials/MRP software made it possible to recover these required programs back available to users. Although significant work was left to recover totally from the Ryuk event, the most important systems were returned to operations rapidly:
Over the following few weeks key milestones in the restoration project were completed in close cooperation between Progent consultants and the client:
Conclusion
A likely business-ending disaster was evaded due to top-tier experts, a wide range of IT skills, and tight teamwork. Although in hindsight the ransomware penetration described here would have been identified and blocked with up-to-date security technology solutions and security best practices, user training, and properly executed incident response procedures for backup and applying software patches, the reality remains that government-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and represent an ongoing threat. If you do get hit by a ransomware virus, feel confident that Progent's roster of experts has proven experience in crypto-ransomware virus blocking, cleanup, and data recovery.
Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Yonkers
For ransomware system restoration services in the Yonkers area, phone Progent at