Ransomware : Your Crippling Information Technology Catastrophe
Ransomware has become a modern cyberplague that poses an extinction-level threat for organizations vulnerable to an attack. Different versions of crypto-ransomware like the Reveton, Fusob, Locky, SamSam and MongoLock cryptoworms have been around for many years and still cause damage. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, along with more unnamed viruses, not only encrypt online data but also infect most available system protection. Files synchronized to cloud environments can also be encrypted. In a poorly designed data protection solution, this can make any recovery hopeless and basically sets the entire system back to zero.
Restoring applications and information following a ransomware event becomes a race against time as the targeted business struggles to stop lateral movement, clear the crypto-ransomware, and restore business-critical operations. Due to the fact that crypto-ransomware takes time to spread across a targeted network, penetrations are frequently sprung at night, when successful attacks tend to take longer to notice. This compounds the difficulty of promptly marshalling and coordinating a qualified response team.
Progent makes available a range of solutions for securing Fort Wayne enterprises from crypto-ransomware penetrations. These include user education to help recognize and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based threat defense to discover and extinguish day-zero modern malware assaults. Progent in addition can provide the services of veteran crypto-ransomware recovery consultants with the skills and commitment to re-deploy a breached environment as soon as possible.
Progent's Ransomware Restoration Support Services
After a crypto-ransomware invasion, sending the ransom demands in cryptocurrency does not provide any assurance that cyber criminals will return the keys to decipher any or all of your files. Kaspersky Labs ascertained that 17% of crypto-ransomware victims never restored their data even after having paid the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The other path is to re-install the essential elements of your IT environment. Absent access to full information backups, this requires a broad range of skills, well-coordinated team management, and the ability to work continuously until the task is done.
For decades, Progent has provided expert IT services for businesses across the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have been awarded top certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have earned internationally-renowned industry certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has experience with financial management and ERP applications. This breadth of experience affords Progent the ability to rapidly understand necessary systems and integrate the remaining parts of your computer network environment following a ransomware penetration and rebuild them into an operational system.
Progent's ransomware team of experts has powerful project management applications to coordinate the complex recovery process. Progent knows the urgency of working rapidly and in unison with a client's management and Information Technology resources to assign priority to tasks and to get critical systems back on line as soon as possible.
Client Story: A Successful Ransomware Intrusion Recovery
A business hired Progent after their network system was taken over by the Ryuk ransomware. Ryuk is believed to have been developed by North Korean state hackers, suspected of adopting technology leaked from the U.S. National Security Agency. Ryuk goes after specific businesses with little or no ability to sustain disruption and is one of the most profitable instances of crypto-ransomware. Headline victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a single-location manufacturer headquartered in Chicago with about 500 staff members. The Ryuk penetration had paralyzed all essential operations and manufacturing capabilities. The majority of the client's data backups had been directly accessible at the start of the attack and were destroyed. The client was evaluating paying the ransom (in excess of $200,000) and wishfully thinking for the best, but ultimately utilized Progent.
Progent worked with the customer to quickly get our arms around and assign priority to the key areas that had to be restored to make it possible to restart business functions:
Within 2 days, Progent was able to re-build Windows Active Directory to its pre-penetration state. Progent then accomplished rebuilding and storage recovery on mission critical applications. All Exchange Server data and attributes were usable, which accelerated the restore of Exchange. Progent was able to collect local OST data files (Microsoft Outlook Off-Line Folder Files) on team workstations and laptops to recover email information. A recent offline backup of the businesses accounting/MRP software made it possible to recover these vital programs back servicing users. Although significant work still had to be done to recover completely from the Ryuk virus, core services were returned to operations rapidly:
During the following month critical milestones in the recovery project were achieved in close collaboration between Progent engineers and the client:
Conclusion
A probable business-killing catastrophe was avoided due to dedicated experts, a broad spectrum of knowledge, and tight collaboration. Although in retrospect the crypto-ransomware virus penetration described here could have been identified and prevented with modern security systems and recognized best practices, user education, and well thought out incident response procedures for backup and keeping systems up to date with security patches, the fact is that government-sponsored hackers from Russia, North Korea and elsewhere are relentless and will continue. If you do fall victim to a ransomware incursion, remember that Progent's team of professionals has extensive experience in ransomware virus blocking, mitigation, and file disaster recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting in Fort Wayne
For ransomware system restoration consulting services in the Fort Wayne area, phone Progent at