Crypto-Ransomware : Your Feared IT Nightmare
Ransomware has become a modern cyber pandemic that poses an enterprise-level threat for organizations poorly prepared for an attack. Different iterations of ransomware such as CrySIS, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been out in the wild for a long time and still inflict damage. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with daily as yet unnamed viruses, not only perform encryption of on-line critical data but also infiltrate all accessible system restores and backups. Information synchronized to the cloud can also be corrupted. In a vulnerable data protection solution, it can make any recovery hopeless and basically sets the datacenter back to square one.
Retrieving programs and information after a ransomware outage becomes a sprint against the clock as the targeted business fights to contain the damage, clear the virus, and restore business-critical operations. Since ransomware needs time to move laterally throughout a network, attacks are often launched on weekends and holidays, when penetrations in many cases take more time to detect. This compounds the difficulty of promptly assembling and organizing a qualified mitigation team.
Progent has an assortment of services for securing Oklahoma CIty organizations from ransomware attacks. Among these are staff training to help identify and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat protection to detect and disable day-zero malware attacks. Progent also provides the services of expert crypto-ransomware recovery professionals with the skills and commitment to rebuild a breached system as rapidly as possible.
Progent's Ransomware Restoration Help
After a crypto-ransomware attack, paying the ransom in cryptocurrency does not guarantee that cyber criminals will return the codes to decipher any of your files. Kaspersky Labs estimated that 17% of ransomware victims never restored their information after having sent off the ransom, resulting in increased losses. The gamble is also expensive. Ryuk ransoms are commonly several hundred thousand dollars. For larger organizations, the ransom demand can reach millions of dollars. The alternative is to piece back together the critical parts of your IT environment. Without access to full system backups, this calls for a broad range of IT skills, top notch team management, and the capability to work 24x7 until the task is over.
For two decades, Progent has provided professional Information Technology services for businesses across the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have attained high-level certifications in key technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security consultants have earned internationally-recognized certifications including CISA, CISSP-ISSAP, ISACA CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience with financial systems and ERP application software. This breadth of experience affords Progent the ability to knowledgably ascertain critical systems and consolidate the surviving pieces of your computer network system after a ransomware event and configure them into a functioning system.
Progent's ransomware group deploys top notch project management tools to orchestrate the complicated recovery process. Progent knows the importance of acting quickly and in concert with a customer's management and Information Technology team members to prioritize tasks and to put the most important applications back on line as soon as humanly possible.
Case Study: A Successful Crypto-Ransomware Intrusion Restoration
A business hired Progent after their company was crashed by Ryuk ransomware. Ryuk is believed to have been developed by North Korean government sponsored cybercriminals, possibly adopting techniques leaked from the U.S. National Security Agency. Ryuk attacks specific organizations with little or no tolerance for disruption and is among the most lucrative incarnations of ransomware malware. Headline victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturing company based in Chicago with around 500 employees. The Ryuk event had disabled all essential operations and manufacturing capabilities. The majority of the client's data backups had been online at the time of the intrusion and were encrypted. The client was evaluating paying the ransom (more than $200,000) and praying for the best, but in the end brought in Progent.
Progent worked together with the customer to rapidly get our arms around and prioritize the essential services that had to be restored in order to restart business operations:
Within 48 hours, Progent was able to re-build Active Directory services to its pre-intrusion state. Progent then helped perform rebuilding and hard drive recovery of essential servers. All Exchange data and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to locate intact OST data files (Microsoft Outlook Off-Line Folder Files) on team PCs to recover email messages. A recent off-line backup of the customer's financials/ERP software made them able to restore these required programs back on-line. Although a lot of work needed to be completed to recover totally from the Ryuk virus, critical systems were restored rapidly:
Throughout the next couple of weeks important milestones in the recovery process were achieved in close collaboration between Progent engineers and the customer:
Conclusion
A probable business disaster was avoided through the efforts of top-tier professionals, a broad range of knowledge, and tight collaboration. Although upon completion of forensics the crypto-ransomware penetration detailed here should have been blocked with advanced cyber security systems and NIST Cybersecurity Framework best practices, team training, and appropriate incident response procedures for data protection and keeping systems up to date with security patches, the fact is that government-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do get hit by a ransomware attack, feel confident that Progent's roster of professionals has substantial experience in ransomware virus blocking, mitigation, and file disaster recovery.
Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Oklahoma CIty
For ransomware system recovery consulting in the Oklahoma CIty metro area, phone Progent at