Ransomware : Your Feared IT Catastrophe
Ransomware has become a too-frequent cyberplague that represents an extinction-level threat for businesses of all sizes unprepared for an attack. Different iterations of ransomware such as CryptoLocker, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been circulating for years and continue to cause destruction. More recent versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, along with more unnamed malware, not only perform encryption of on-line critical data but also infect all available system protection mechanisms. Files synched to cloud environments can also be corrupted. In a poorly designed environment, it can make automatic restore operations hopeless and basically knocks the datacenter back to square one.
Retrieving services and data following a ransomware event becomes a race against time as the victim struggles to contain, cleanup the ransomware, and restore mission-critical activity. Because crypto-ransomware requires time to spread throughout a network, assaults are frequently sprung on weekends, when attacks are likely to take more time to uncover. This compounds the difficulty of quickly mobilizing and organizing an experienced mitigation team.
Progent has an assortment of help services for securing Glendale organizations from crypto-ransomware attacks. These include user education to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based cyberthreat protection to discover and extinguish day-zero modern malware attacks. Progent also can provide the services of seasoned ransomware recovery professionals with the talent and commitment to restore a compromised network as soon as possible.
Progent's Crypto-Ransomware Recovery Support Services
After a ransomware invasion, sending the ransom in cryptocurrency does not guarantee that cyber criminals will provide the codes to decipher all your data. Kaspersky estimated that 17% of ransomware victims never recovered their information after having sent off the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms are often several hundred thousand dollars. For larger enterprises, the ransom can be in the millions. The fallback is to piece back together the essential components of your IT environment. Without the availability of full system backups, this calls for a broad complement of skill sets, top notch project management, and the capability to work non-stop until the recovery project is over.
For twenty years, Progent has made available expert IT services for businesses across the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have been awarded advanced certifications in leading technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have earned internationally-renowned industry certifications including CISM, CISSP-ISSAP, ISACA CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has expertise in financial systems and ERP application software. This breadth of expertise provides Progent the capability to knowledgably identify important systems and integrate the surviving pieces of your computer network system following a ransomware penetration and assemble them into an operational system.
Progent's ransomware group deploys powerful project management systems to orchestrate the complicated recovery process. Progent appreciates the importance of working swiftly and in unison with a customer's management and IT resources to assign priority to tasks and to put the most important applications back online as fast as humanly possible.
Client Story: A Successful Crypto-Ransomware Attack Recovery
A small business contacted Progent after their organization was brought down by the Ryuk ransomware. Ryuk is generally considered to have been developed by North Korean state sponsored criminal gangs, suspected of using techniques leaked from the U.S. National Security Agency. Ryuk goes after specific organizations with little or no tolerance for operational disruption and is one of the most profitable examples of ransomware malware. High publicized targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer based in Chicago and has around 500 employees. The Ryuk attack had brought down all company operations and manufacturing processes. Most of the client's backups had been on-line at the start of the attack and were damaged. The client was pursuing financing for paying the ransom demand (in excess of $200K) and praying for good luck, but in the end made the decision to use Progent.
Progent worked with the client to rapidly identify and prioritize the essential systems that had to be addressed to make it possible to restart business operations:
Within 48 hours, Progent was able to recover Active Directory to its pre-attack state. Progent then performed reinstallations and storage recovery on mission critical servers. All Exchange schema and attributes were intact, which accelerated the restore of Exchange. Progent was also able to find non-encrypted OST files (Outlook Email Off-Line Folder Files) on staff PCs and laptops in order to recover mail data. A not too old off-line backup of the businesses financials/ERP systems made it possible to restore these required applications back online. Although a lot of work still had to be done to recover completely from the Ryuk damage, critical services were recovered quickly:
Over the next couple of weeks important milestones in the restoration process were made through tight cooperation between Progent team members and the customer:
Conclusion
A possible enterprise-killing disaster was averted through the efforts of top-tier professionals, a broad array of technical expertise, and tight collaboration. Although upon completion of forensics the ransomware virus incident detailed here should have been identified and prevented with up-to-date cyber security systems and best practices, staff training, and well designed security procedures for data backup and applying software patches, the reality remains that state-sponsored cybercriminals from China, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a ransomware virus, feel confident that Progent's roster of professionals has substantial experience in crypto-ransomware virus defense, cleanup, and data restoration.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Services in Glendale
For ransomware system recovery consulting in the Glendale metro area, phone Progent at