Ransomware : Your Crippling IT Disaster
Ransomware has become a modern cyberplague that represents an existential danger for businesses of all sizes vulnerable to an attack. Multiple generations of ransomware like the Reveton, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been running rampant for many years and still inflict destruction. More recent versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, as well as frequent as yet unnamed newcomers, not only do encryption of online data files but also infiltrate any configured system restores and backups. Information synchronized to cloud environments can also be ransomed. In a poorly architected data protection solution, this can render automated restoration hopeless and basically sets the datacenter back to zero.
Recovering applications and information after a ransomware attack becomes a sprint against the clock as the targeted business struggles to contain and remove the virus and to restore enterprise-critical activity. Because ransomware takes time to replicate, penetrations are often sprung at night, when successful penetrations in many cases take longer to uncover. This compounds the difficulty of promptly mobilizing and orchestrating a qualified response team.
Progent provides a range of support services for securing Yonkers businesses from ransomware attacks. Among these are team member training to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus setup and configuration of the latest generation security appliances with AI technology to intelligently identify and quarantine new threats. Progent in addition offers the services of experienced crypto-ransomware recovery professionals with the skills and perseverance to re-deploy a compromised system as rapidly as possible.
Progent's Ransomware Recovery Support Services
Following a ransomware attack, even paying the ransom in cryptocurrency does not ensure that criminal gangs will return the keys to decipher any or all of your data. Kaspersky Labs estimated that seventeen percent of crypto-ransomware victims never restored their information after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is greatly higher than the average ransomware demands, which ZDNET determined to be in the range of $13,000 for smaller businesses. The other path is to piece back together the essential elements of your IT environment. Without access to complete information backups, this requires a broad complement of skills, top notch team management, and the ability to work non-stop until the job is finished.
For twenty years, Progent has offered expert Information Technology services for businesses throughout the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-renowned industry certifications including CISM, CISSP, CRISC, and GIAC. (Visit Progent's certifications). Progent in addition has expertise with financial management and ERP software solutions. This breadth of experience affords Progent the capability to quickly ascertain critical systems and re-organize the remaining pieces of your Information Technology system following a ransomware penetration and assemble them into an operational network.
Progent's security group has best of breed project management systems to orchestrate the sophisticated recovery process. Progent appreciates the urgency of working swiftly and in unison with a client's management and IT team members to prioritize tasks and to put the most important systems back online as fast as possible.
Case Study: A Successful Crypto-Ransomware Virus Restoration
A business escalated to Progent after their network was penetrated by Ryuk crypto-ransomware. Ryuk is believed to have been developed by Northern Korean state criminal gangs, suspected of adopting algorithms leaked from the U.S. NSA organization. Ryuk attacks specific businesses with little or no tolerance for operational disruption and is among the most profitable iterations of ransomware viruses. High publicized victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a single-location manufacturing business based in the Chicago metro area with around 500 staff members. The Ryuk penetration had disabled all essential operations and manufacturing processes. Most of the client's backups had been on-line at the beginning of the attack and were eventually encrypted. The client was taking steps for paying the ransom (more than two hundred thousand dollars) and wishfully thinking for the best, but in the end called Progent.
Progent worked together with the customer to quickly determine and assign priority to the mission critical systems that needed to be addressed to make it possible to resume business operations:
Within two days, Progent was able to rebuild Windows Active Directory to its pre-penetration state. Progent then performed setup and hard drive recovery of critical systems. All Exchange data and configuration information were intact, which greatly helped the restore of Exchange. Progent was able to find non-encrypted OST data files (Microsoft Outlook Off-Line Folder Files) on staff workstations in order to recover email messages. A not too old off-line backup of the customer’s accounting/ERP systems made them able to restore these vital services back online. Although a lot of work needed to be completed to recover totally from the Ryuk virus, critical systems were recovered rapidly:
Over the next couple of weeks important milestones in the recovery project were accomplished through close cooperation between Progent team members and the client:
Conclusion
A potential business-ending catastrophe was evaded due to hard-working professionals, a broad spectrum of technical expertise, and close collaboration. Although upon completion of forensics the crypto-ransomware attack described here would have been identified and stopped with advanced security systems and security best practices, user and IT administrator education, and properly executed security procedures for backup and applying software patches, the reality remains that government-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do fall victim to a crypto-ransomware virus, feel confident that Progent's roster of experts has extensive experience in ransomware virus defense, removal, and data restoration.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Expertise in Yonkers
For ransomware system recovery consulting services in the Yonkers area, call Progent at