Crypto-Ransomware : Your Feared IT Disaster
Ransomware has become a modern cyberplague that presents an enterprise-level threat for businesses unprepared for an assault. Different iterations of ransomware such as Dharma, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been circulating for a long time and still cause havoc. Modern strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, as well as daily unnamed malware, not only encrypt online data but also infiltrate many accessible system protection. Files synchronized to off-premises disaster recovery sites can also be encrypted. In a poorly designed data protection solution, this can render automatic restore operations hopeless and basically knocks the network back to zero.
Retrieving applications and data after a ransomware intrusion becomes a race against time as the targeted organization struggles to contain the damage, cleanup the ransomware, and restore business-critical operations. Since crypto-ransomware takes time to replicate across a targeted network, attacks are frequently launched on weekends, when successful penetrations tend to take more time to recognize. This multiplies the difficulty of rapidly assembling and organizing a qualified response team.
Progent provides a variety of services for securing Lakeland enterprises from ransomware attacks. Among these are user education to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based cyberthreat protection to identify and suppress zero-day modern malware attacks. Progent also provides the assistance of seasoned crypto-ransomware recovery professionals with the talent and commitment to reconstruct a compromised system as urgently as possible.
Progent's Ransomware Recovery Help
Following a ransomware penetration, sending the ransom in cryptocurrency does not ensure that merciless criminals will return the codes to unencrypt any of your information. Kaspersky determined that 17% of crypto-ransomware victims never recovered their files even after having paid the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom demand can be in the millions of dollars. The other path is to re-install the essential parts of your Information Technology environment. Without access to full system backups, this requires a broad range of IT skills, top notch team management, and the capability to work continuously until the recovery project is complete.
For twenty years, Progent has provided professional Information Technology services for businesses across the US and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have attained high-level industry certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security specialists have garnered internationally-recognized industry certifications including CISA, CISSP, CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has experience in financial systems and ERP application software. This breadth of experience provides Progent the ability to efficiently understand important systems and re-organize the surviving pieces of your Information Technology system after a crypto-ransomware event and configure them into a functioning system.
Progent's recovery team of experts uses powerful project management applications to orchestrate the complicated recovery process. Progent appreciates the importance of working quickly and in unison with a client's management and IT team members to assign priority to tasks and to get essential systems back online as fast as humanly possible.
Customer Story: A Successful Crypto-Ransomware Incident Restoration
A client engaged Progent after their network system was attacked by the Ryuk ransomware. Ryuk is thought to have been deployed by North Korean state sponsored criminal gangs, suspected of using strategies leaked from the U.S. National Security Agency. Ryuk attacks specific companies with limited ability to sustain disruption and is among the most profitable versions of ransomware viruses. Headline victims include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturer located in Chicago with about 500 staff members. The Ryuk penetration had brought down all company operations and manufacturing capabilities. The majority of the client's information backups had been directly accessible at the time of the intrusion and were encrypted. The client was pursuing financing for paying the ransom demand (in excess of $200,000) and praying for the best, but ultimately brought in Progent.
Progent worked with the client to quickly understand and assign priority to the critical services that needed to be recovered to make it possible to restart company operations:
Within two days, Progent was able to re-build Active Directory services to its pre-attack state. Progent then initiated rebuilding and storage recovery of needed servers. All Exchange Server data and attributes were intact, which accelerated the rebuild of Exchange. Progent was able to assemble intact OST data files (Outlook Off-Line Data Files) on staff PCs and laptops to recover email information. A recent off-line backup of the client's manufacturing software made it possible to return these essential applications back online. Although major work still had to be done to recover totally from the Ryuk attack, core systems were returned to operations quickly:
During the following few weeks key milestones in the recovery process were achieved through tight collaboration between Progent team members and the client:
Conclusion
A probable company-ending catastrophe was dodged through the efforts of top-tier experts, a wide range of technical expertise, and close collaboration. Although in retrospect the ransomware virus incident described here could have been prevented with advanced security technology and security best practices, user training, and well thought out incident response procedures for data backup and applying software patches, the reality remains that state-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a ransomware attack, feel confident that Progent's team of experts has substantial experience in ransomware virus blocking, cleanup, and data recovery.
Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in Lakeland
For ransomware system recovery consulting in the Lakeland metro area, call Progent at