Ransomware : Your Worst IT Nightmare
Ransomware has become an escalating cyber pandemic that represents an enterprise-level danger for businesses unprepared for an attack. Different iterations of crypto-ransomware like the Reveton, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been circulating for many years and continue to inflict harm. More recent variants of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, along with more as yet unnamed newcomers, not only perform encryption of on-line information but also infect most configured system backups. Information synchronized to cloud environments can also be encrypted. In a poorly designed environment, it can render any restoration useless and effectively sets the network back to zero.
Restoring programs and information after a ransomware attack becomes a race against the clock as the victim struggles to stop lateral movement, remove the ransomware, and restore enterprise-critical operations. Because crypto-ransomware requires time to move laterally across a network, assaults are often launched on weekends and holidays, when successful attacks typically take longer to identify. This multiplies the difficulty of quickly marshalling and organizing a knowledgeable response team.
Progent offers a range of help services for protecting Fort Collins businesses from ransomware attacks. These include staff education to help identify and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based threat defense to discover and extinguish zero-day malware assaults. Progent also provides the assistance of veteran ransomware recovery professionals with the skills and commitment to re-deploy a breached environment as urgently as possible.
Progent's Ransomware Restoration Services
Subsequent to a crypto-ransomware attack, paying the ransom in cryptocurrency does not ensure that distant criminals will provide the needed keys to decipher any or all of your information. Kaspersky estimated that seventeen percent of ransomware victims never restored their data after having sent off the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom demand can reach millions of dollars. The fallback is to re-install the essential parts of your Information Technology environment. Absent access to full system backups, this calls for a broad complement of skill sets, professional project management, and the willingness to work non-stop until the job is complete.
For decades, Progent has offered professional Information Technology services for businesses throughout the U.S. and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have been awarded top certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-recognized certifications including CISM, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has experience in financial systems and ERP application software. This breadth of experience affords Progent the skills to efficiently ascertain important systems and consolidate the surviving pieces of your network system after a ransomware attack and rebuild them into an operational system.
Progent's recovery team uses top notch project management applications to orchestrate the complex recovery process. Progent knows the importance of acting quickly and in concert with a client's management and Information Technology staff to prioritize tasks and to get the most important applications back online as fast as humanly possible.
Customer Case Study: A Successful Ransomware Attack Restoration
A customer escalated to Progent after their network was brought down by Ryuk ransomware. Ryuk is generally considered to have been launched by North Korean state sponsored criminal gangs, possibly adopting technology exposed from America's NSA organization. Ryuk goes after specific businesses with limited room for disruption and is one of the most lucrative examples of ransomware malware. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in Chicago and has around 500 employees. The Ryuk event had frozen all business operations and manufacturing processes. Most of the client's system backups had been directly accessible at the beginning of the attack and were eventually encrypted. The client was taking steps for paying the ransom demand (more than two hundred thousand dollars) and praying for good luck, but ultimately made the decision to use Progent.
Progent worked with the client to quickly identify and prioritize the critical services that had to be recovered to make it possible to restart business operations:
Within two days, Progent was able to re-build Active Directory to its pre-virus state. Progent then performed setup and storage recovery on the most important servers. All Microsoft Exchange Server data and attributes were intact, which accelerated the restore of Exchange. Progent was able to assemble intact OST files (Outlook Off-Line Data Files) on staff PCs and laptops to recover mail data. A not too old offline backup of the customer's financials/MRP software made it possible to restore these essential services back on-line. Although significant work was left to recover fully from the Ryuk attack, the most important services were returned to operations rapidly:
Throughout the next month critical milestones in the recovery process were achieved in close collaboration between Progent consultants and the customer:
Conclusion
A probable business-killing disaster was averted due to results-oriented experts, a broad array of subject matter expertise, and close teamwork. Although upon completion of forensics the crypto-ransomware virus penetration described here could have been identified and prevented with up-to-date cyber security systems and NIST Cybersecurity Framework best practices, team training, and well designed incident response procedures for information backup and proper patching controls, the fact is that government-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware virus, remember that Progent's team of experts has substantial experience in crypto-ransomware virus blocking, removal, and information systems recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting in Fort Collins
For ransomware cleanup consulting services in the Fort Collins metro area, phone Progent at