Crypto-Ransomware : Your Crippling IT Nightmare
Ransomware has become an escalating cyberplague that represents an existential danger for organizations poorly prepared for an assault. Different versions of ransomware like the Reveton, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been around for many years and still inflict harm. Modern variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, as well as daily as yet unnamed malware, not only encrypt on-line data files but also infect many available system backups. Data synched to off-site disaster recovery sites can also be rendered useless. In a poorly designed data protection solution, it can make automated restore operations impossible and basically knocks the network back to zero.
Restoring applications and data following a ransomware event becomes a race against time as the targeted organization fights to contain and remove the ransomware and to restore business-critical activity. Due to the fact that crypto-ransomware needs time to spread, penetrations are often launched at night, when attacks in many cases take longer to recognize. This compounds the difficulty of rapidly mobilizing and coordinating a knowledgeable response team.
Progent provides an assortment of solutions for protecting Cheyenne organizations from ransomware events. These include staff education to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat protection to identify and suppress zero-day modern malware assaults. Progent also offers the assistance of experienced ransomware recovery engineers with the talent and perseverance to rebuild a breached network as urgently as possible.
Progent's Ransomware Restoration Support Services
Soon after a ransomware attack, even paying the ransom in Bitcoin cryptocurrency does not guarantee that cyber criminals will provide the codes to decrypt any or all of your files. Kaspersky Labs estimated that 17% of crypto-ransomware victims never restored their information even after having sent off the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is well higher than the usual crypto-ransomware demands, which ZDNET determined to be in the range of $13,000 for small organizations. The other path is to re-install the vital elements of your Information Technology environment. Absent access to essential system backups, this requires a broad range of IT skills, professional project management, and the ability to work non-stop until the job is over.
For decades, Progent has provided professional IT services for businesses throughout the U.S. and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded advanced industry certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have garnered internationally-recognized industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, and GIAC. (See Progent's certifications). Progent in addition has experience in financial management and ERP application software. This breadth of expertise affords Progent the skills to knowledgably determine critical systems and consolidate the remaining parts of your computer network environment after a ransomware attack and configure them into a functioning network.
Progent's recovery team uses best of breed project management tools to coordinate the complicated recovery process. Progent knows the importance of working rapidly and together with a customer's management and IT team members to assign priority to tasks and to get key applications back on line as fast as humanly possible.
Case Study: A Successful Crypto-Ransomware Penetration Recovery
A business escalated to Progent after their network was crashed by Ryuk crypto-ransomware. Ryuk is generally considered to have been developed by Northern Korean state cybercriminals, suspected of using technology exposed from the U.S. NSA organization. Ryuk seeks specific organizations with little tolerance for disruption and is one of the most lucrative iterations of ransomware malware. Well Known victims include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturing company based in the Chicago metro area and has around 500 workers. The Ryuk penetration had brought down all business operations and manufacturing capabilities. The majority of the client's information backups had been online at the time of the intrusion and were encrypted. The client was taking steps for paying the ransom (more than $200K) and praying for the best, but ultimately called Progent.
Progent worked hand in hand the customer to quickly identify and prioritize the essential services that had to be addressed to make it possible to resume company functions:
In less than two days, Progent was able to recover Windows Active Directory to its pre-virus state. Progent then initiated rebuilding and storage recovery of mission critical systems. All Exchange data and attributes were intact, which accelerated the rebuild of Exchange. Progent was able to find intact OST files (Outlook Off-Line Data Files) on various workstations and laptops in order to recover mail messages. A recent offline backup of the client's financials/MRP software made them able to return these required applications back online for users. Although major work was left to recover completely from the Ryuk virus, core services were returned to operations rapidly:
During the next month key milestones in the recovery process were achieved in tight cooperation between Progent team members and the client:
Conclusion
A potential business catastrophe was averted by top-tier experts, a broad array of technical expertise, and close teamwork. Although in post mortem the ransomware attack detailed here should have been identified and blocked with current security solutions and security best practices, user education, and well designed security procedures for data backup and keeping systems up to date with security patches, the fact is that state-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do get hit by a ransomware incident, remember that Progent's team of professionals has substantial experience in ransomware virus blocking, cleanup, and data disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Cheyenne
For ransomware system recovery consulting services in the Cheyenne area, call Progent at