Crypto-Ransomware : Your Worst IT Disaster
Crypto-Ransomware has become a too-frequent cyber pandemic that presents an existential danger for organizations unprepared for an assault. Different versions of ransomware like the Reveton, Fusob, Locky, SamSam and MongoLock cryptoworms have been out in the wild for a long time and continue to inflict damage. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, plus frequent unnamed viruses, not only perform encryption of on-line critical data but also infect many configured system protection. Files replicated to cloud environments can also be corrupted. In a vulnerable system, it can make any recovery hopeless and effectively knocks the entire system back to zero.
Getting back online programs and data following a ransomware attack becomes a sprint against time as the targeted organization tries its best to contain the damage, remove the crypto-ransomware, and resume mission-critical operations. Due to the fact that ransomware takes time to replicate throughout a targeted network, attacks are often launched during weekends and nights, when successful attacks typically take longer to detect. This multiplies the difficulty of quickly marshalling and orchestrating an experienced response team.
Progent has an assortment of solutions for protecting Fort Myers enterprises from crypto-ransomware attacks. Among these are staff education to become familiar with and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat defense to identify and quarantine zero-day modern malware assaults. Progent also provides the assistance of experienced ransomware recovery engineers with the track record and commitment to reconstruct a breached network as quickly as possible.
Progent's Crypto-Ransomware Recovery Help
After a crypto-ransomware event, sending the ransom demands in cryptocurrency does not provide any assurance that distant criminals will return the needed keys to decipher any of your data. Kaspersky determined that seventeen percent of ransomware victims never restored their files even after having sent off the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom demand can reach millions of dollars. The alternative is to setup from scratch the essential components of your IT environment. Absent access to essential information backups, this requires a broad range of IT skills, top notch project management, and the ability to work non-stop until the recovery project is done.
For two decades, Progent has provided expert IT services for companies across the United States and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have earned advanced industry certifications in important technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have garnered internationally-renowned certifications including CISM, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience with accounting and ERP applications. This breadth of expertise affords Progent the ability to quickly understand critical systems and re-organize the surviving parts of your network system following a ransomware attack and assemble them into a functioning network.
Progent's recovery team of experts deploys powerful project management systems to coordinate the complicated restoration process. Progent appreciates the urgency of working quickly and in concert with a client's management and Information Technology team members to prioritize tasks and to put essential applications back on line as soon as humanly possible.
Customer Story: A Successful Ransomware Incident Response
A small business engaged Progent after their network system was taken over by the Ryuk ransomware virus. Ryuk is thought to have been launched by North Korean government sponsored cybercriminals, possibly adopting techniques exposed from the U.S. NSA organization. Ryuk attacks specific organizations with little tolerance for disruption and is one of the most profitable instances of crypto-ransomware. High publicized victims include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing business based in the Chicago metro area and has about 500 employees. The Ryuk penetration had paralyzed all business operations and manufacturing capabilities. The majority of the client's backups had been on-line at the start of the attack and were eventually encrypted. The client was evaluating paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for good luck, but in the end brought in Progent.
Progent worked hand in hand the customer to quickly identify and assign priority to the critical applications that needed to be recovered in order to continue company functions:
Within 2 days, Progent was able to recover Active Directory to its pre-attack state. Progent then assisted with setup and storage recovery of essential servers. All Exchange Server data and attributes were intact, which greatly helped the rebuild of Exchange. Progent was also able to collect intact OST files (Outlook Offline Data Files) on user desktop computers in order to recover email data. A not too old off-line backup of the businesses accounting/ERP systems made them able to restore these essential services back online for users. Although a large amount of work remained to recover totally from the Ryuk damage, critical services were recovered quickly:
Throughout the next couple of weeks important milestones in the restoration process were completed through tight cooperation between Progent consultants and the client:
Conclusion
A likely business-ending catastrophe was evaded with top-tier professionals, a broad array of technical expertise, and close teamwork. Although in analyzing the event afterwards the ransomware virus penetration detailed here should have been identified and prevented with modern cyber security solutions and best practices, team education, and well thought out incident response procedures for backup and keeping systems up to date with security patches, the reality is that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and are not going away. If you do get hit by a ransomware virus, remember that Progent's team of professionals has a proven track record in crypto-ransomware virus defense, mitigation, and information systems disaster recovery.
Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Fort Myers
For ransomware cleanup consulting in the Fort Myers area, call Progent at