Ransomware : Your Crippling Information Technology Catastrophe
Ransomware has become an escalating cyber pandemic that presents an extinction-level danger for businesses of all sizes poorly prepared for an attack. Different versions of ransomware like the CrySIS, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been circulating for a long time and continue to cause damage. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, along with frequent as yet unnamed viruses, not only encrypt on-line information but also infect all accessible system restores and backups. Files replicated to off-premises disaster recovery sites can also be ransomed. In a poorly designed system, this can make any recovery impossible and basically sets the datacenter back to zero.
Recovering services and data after a ransomware attack becomes a sprint against time as the targeted business struggles to contain the damage, clear the ransomware, and resume mission-critical activity. Because crypto-ransomware requires time to spread across a targeted network, penetrations are frequently launched on weekends and holidays, when successful attacks typically take more time to uncover. This multiplies the difficulty of rapidly mobilizing and organizing a knowledgeable response team.
Progent has a range of solutions for protecting Alexandria businesses from crypto-ransomware attacks. Among these are team training to help identify and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based threat protection to identify and suppress zero-day malware attacks. Progent also can provide the assistance of veteran ransomware recovery engineers with the skills and perseverance to re-deploy a compromised environment as rapidly as possible.
Progent's Ransomware Restoration Help
After a ransomware penetration, paying the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will provide the needed keys to decrypt any or all of your files. Kaspersky estimated that seventeen percent of crypto-ransomware victims never restored their information even after having paid the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The fallback is to setup from scratch the essential elements of your IT environment. Absent access to essential data backups, this calls for a broad complement of IT skills, professional team management, and the capability to work continuously until the recovery project is finished.
For two decades, Progent has made available professional IT services for businesses across the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have earned top industry certifications in important technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-renowned industry certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience in accounting and ERP applications. This breadth of expertise gives Progent the capability to knowledgably understand important systems and re-organize the surviving parts of your network system after a ransomware penetration and configure them into an operational system.
Progent's ransomware team of experts uses powerful project management tools to orchestrate the complex restoration process. Progent appreciates the importance of working quickly and together with a client's management and Information Technology staff to prioritize tasks and to get critical services back on line as soon as possible.
Client Story: A Successful Ransomware Intrusion Response
A customer sought out Progent after their company was brought down by the Ryuk ransomware. Ryuk is believed to have been launched by North Korean state sponsored criminal gangs, suspected of using technology leaked from the United States NSA organization. Ryuk targets specific companies with limited room for disruption and is one of the most lucrative examples of ransomware. Major victims include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturer located in Chicago with about 500 employees. The Ryuk event had shut down all essential operations and manufacturing processes. The majority of the client's backups had been on-line at the time of the attack and were destroyed. The client was taking steps for paying the ransom (exceeding two hundred thousand dollars) and hoping for good luck, but ultimately engaged Progent.
Progent worked hand in hand the customer to rapidly assess and prioritize the critical areas that had to be recovered to make it possible to restart business functions:
In less than 2 days, Progent was able to restore Windows Active Directory to its pre-virus state. Progent then completed reinstallations and hard drive recovery on mission critical applications. All Microsoft Exchange Server data and attributes were usable, which facilitated the restore of Exchange. Progent was able to assemble non-encrypted OST files (Outlook Email Offline Data Files) on various workstations and laptops in order to recover mail information. A not too old offline backup of the client's financials/MRP systems made them able to recover these vital applications back servicing users. Although major work was left to recover fully from the Ryuk event, critical systems were returned to operations rapidly:
During the next few weeks key milestones in the recovery project were accomplished in close cooperation between Progent team members and the client:
Conclusion
A probable business extinction catastrophe was dodged due to results-oriented experts, a wide spectrum of subject matter expertise, and tight teamwork. Although in analyzing the event afterwards the crypto-ransomware penetration described here would have been identified and stopped with current cyber security solutions and best practices, staff education, and properly executed incident response procedures for information backup and proper patching controls, the fact is that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are tireless and will continue. If you do fall victim to a ransomware penetration, feel confident that Progent's roster of professionals has a proven track record in ransomware virus defense, mitigation, and file recovery.
Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Expertise in Alexandria
For ransomware cleanup expertise in the Alexandria area, phone Progent at