Crypto-Ransomware : Your Feared IT Nightmare
Ransomware has become a modern cyber pandemic that poses an existential danger for organizations poorly prepared for an attack. Different iterations of crypto-ransomware such as Dharma, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for a long time and continue to cause havoc. More recent variants of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, along with daily as yet unnamed viruses, not only encrypt online data but also infiltrate all available system backup. Information synchronized to the cloud can also be encrypted. In a poorly designed data protection solution, it can render any restoration impossible and basically knocks the entire system back to square one.
Restoring applications and information following a ransomware intrusion becomes a sprint against the clock as the victim fights to contain the damage, cleanup the crypto-ransomware, and restore mission-critical operations. Due to the fact that crypto-ransomware requires time to replicate throughout a network, assaults are frequently launched during nights and weekends, when successful penetrations tend to take longer to discover. This multiplies the difficulty of rapidly mobilizing and coordinating a capable mitigation team.
Progent has an assortment of solutions for securing Uberlândia organizations from ransomware attacks. Among these are staff education to help identify and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat defense to discover and extinguish day-zero malware attacks. Progent also offers the assistance of veteran ransomware recovery professionals with the track record and commitment to restore a breached network as quickly as possible.
Progent's Ransomware Recovery Help
Subsequent to a ransomware event, paying the ransom in cryptocurrency does not guarantee that criminal gangs will respond with the needed keys to decipher any or all of your information. Kaspersky Labs estimated that seventeen percent of ransomware victims never recovered their information even after having sent off the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger enterprises, the ransom can be in the millions of dollars. The alternative is to piece back together the critical elements of your IT environment. Absent access to full data backups, this calls for a wide complement of IT skills, top notch team management, and the willingness to work continuously until the recovery project is done.
For two decades, Progent has offered expert IT services for companies throughout the U.S. and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have earned high-level industry certifications in important technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally-renowned certifications including CISM, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has expertise with accounting and ERP application software. This breadth of experience gives Progent the ability to quickly understand critical systems and consolidate the remaining parts of your network environment following a ransomware penetration and configure them into a functioning system.
Progent's ransomware team of experts deploys top notch project management applications to orchestrate the complex recovery process. Progent understands the urgency of working swiftly and together with a customer's management and Information Technology team members to assign priority to tasks and to get key applications back on-line as fast as humanly possible.
Business Case Study: A Successful Crypto-Ransomware Attack Recovery
A small business contacted Progent after their organization was penetrated by the Ryuk crypto-ransomware. Ryuk is generally considered to have been developed by North Korean government sponsored cybercriminals, possibly adopting techniques exposed from the U.S. NSA organization. Ryuk seeks specific businesses with little room for operational disruption and is among the most profitable examples of ransomware. Headline organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing business located in Chicago and has about 500 staff members. The Ryuk attack had brought down all business operations and manufacturing processes. The majority of the client's information backups had been online at the time of the intrusion and were encrypted. The client was actively seeking loans for paying the ransom demand (in excess of $200,000) and praying for the best, but in the end engaged Progent.
Progent worked hand in hand the customer to quickly understand and prioritize the essential elements that had to be addressed to make it possible to resume business functions:
In less than two days, Progent was able to restore Active Directory to its pre-penetration state. Progent then accomplished reinstallations and storage recovery on key applications. All Microsoft Exchange Server schema and configuration information were usable, which facilitated the restore of Exchange. Progent was able to assemble non-encrypted OST data files (Outlook Email Offline Data Files) on various workstations and laptops to recover mail information. A not too old off-line backup of the businesses manufacturing software made them able to restore these essential services back on-line. Although a large amount of work remained to recover fully from the Ryuk event, critical systems were returned to operations rapidly:
Over the next month critical milestones in the restoration project were made in tight cooperation between Progent engineers and the customer:
Conclusion
A probable enterprise-killing catastrophe was evaded through the efforts of dedicated professionals, a broad spectrum of knowledge, and close collaboration. Although in hindsight the ransomware virus incident detailed here could have been prevented with advanced security technology and recognized best practices, user education, and well thought out incident response procedures for information backup and keeping systems up to date with security patches, the fact remains that government-sponsored hackers from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a ransomware incident, remember that Progent's team of experts has substantial experience in ransomware virus blocking, cleanup, and data disaster recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Uberlândia
For ransomware system recovery services in the Uberlândia area, phone Progent at