Ransomware : Your Worst IT Catastrophe
Crypto-Ransomware has become a modern cyber pandemic that poses an existential danger for organizations vulnerable to an attack. Multiple generations of crypto-ransomware like the Dharma, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been out in the wild for many years and continue to cause havoc. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as frequent as yet unnamed malware, not only perform encryption of on-line data files but also infiltrate most accessible system protection. Data replicated to cloud environments can also be encrypted. In a poorly architected system, it can make any restoration useless and effectively sets the network back to square one.
Restoring applications and data after a ransomware intrusion becomes a sprint against time as the targeted organization struggles to stop the spread, remove the crypto-ransomware, and restore mission-critical activity. Due to the fact that ransomware needs time to replicate throughout a targeted network, assaults are usually launched during nights and weekends, when successful attacks typically take longer to discover. This compounds the difficulty of rapidly marshalling and coordinating a qualified mitigation team.
Progent has an assortment of help services for securing Florianópolis businesses from ransomware penetrations. These include staff training to help recognize and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat protection to identify and extinguish day-zero modern malware assaults. Progent in addition provides the services of experienced ransomware recovery professionals with the skills and commitment to rebuild a compromised system as urgently as possible.
Progent's Crypto-Ransomware Restoration Services
After a ransomware event, even paying the ransom demands in cryptocurrency does not guarantee that cyber criminals will provide the needed keys to unencrypt any of your files. Kaspersky Labs ascertained that seventeen percent of crypto-ransomware victims never recovered their files even after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom can reach millions. The other path is to piece back together the mission-critical components of your Information Technology environment. Absent access to complete information backups, this requires a broad complement of IT skills, well-coordinated team management, and the ability to work 24x7 until the task is done.
For twenty years, Progent has provided certified expert Information Technology services for businesses across the United States and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have been awarded advanced industry certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have earned internationally-recognized certifications including CISM, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has expertise with accounting and ERP software solutions. This breadth of expertise gives Progent the capability to efficiently determine important systems and organize the remaining parts of your IT system after a crypto-ransomware event and configure them into a functioning network.
Progent's recovery team deploys state-of-the-art project management systems to coordinate the complicated recovery process. Progent knows the urgency of working swiftly and in unison with a client's management and IT resources to assign priority to tasks and to put the most important services back on-line as fast as humanly possible.
Customer Case Study: A Successful Ransomware Attack Restoration
A customer engaged Progent after their network system was taken over by Ryuk ransomware. Ryuk is thought to have been created by North Korean government sponsored criminal gangs, suspected of using techniques exposed from the United States NSA organization. Ryuk goes after specific organizations with little or no tolerance for disruption and is one of the most profitable incarnations of ransomware. Major organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing company located in the Chicago metro area with around 500 staff members. The Ryuk penetration had shut down all business operations and manufacturing capabilities. Most of the client's data protection had been on-line at the time of the attack and were encrypted. The client was pursuing financing for paying the ransom demand (in excess of $200K) and praying for the best, but in the end made the decision to use Progent.
Progent worked together with the client to rapidly identify and prioritize the most important applications that needed to be restored to make it possible to continue business functions:
In less than 48 hours, Progent was able to restore Active Directory services to its pre-penetration state. Progent then completed setup and hard drive recovery on essential applications. All Microsoft Exchange Server data and configuration information were usable, which accelerated the rebuild of Exchange. Progent was able to locate intact OST files (Microsoft Outlook Offline Folder Files) on user PCs to recover email messages. A recent off-line backup of the customer's manufacturing systems made it possible to restore these required programs back online. Although a lot of work remained to recover fully from the Ryuk event, core systems were restored rapidly:
Over the following month critical milestones in the restoration project were made in tight cooperation between Progent consultants and the customer:
Conclusion
A probable company-ending disaster was avoided due to hard-working professionals, a wide range of subject matter expertise, and tight collaboration. Although in retrospect the ransomware penetration described here should have been stopped with up-to-date security solutions and security best practices, user and IT administrator training, and appropriate incident response procedures for data backup and proper patching controls, the fact remains that government-sponsored cyber criminals from China, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incursion, feel confident that Progent's team of professionals has substantial experience in crypto-ransomware virus defense, mitigation, and data restoration.
Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting in Florianópolis
For ransomware system restoration expertise in the Florianópolis metro area, phone Progent at