Ransomware : Your Crippling IT Disaster
Ransomware has become a modern cyberplague that poses an extinction-level threat for organizations vulnerable to an attack. Multiple generations of ransomware like the CryptoLocker, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been out in the wild for many years and still inflict harm. Modern variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, plus additional as yet unnamed viruses, not only encrypt online information but also infect most accessible system protection. Information synched to off-premises disaster recovery sites can also be ransomed. In a poorly architected system, this can make automated restore operations hopeless and effectively knocks the datacenter back to square one.
Restoring applications and information following a ransomware attack becomes a sprint against the clock as the targeted organization fights to stop the spread, cleanup the virus, and restore business-critical activity. Because ransomware requires time to replicate throughout a network, assaults are often launched at night, when penetrations are likely to take longer to recognize. This multiplies the difficulty of rapidly mobilizing and orchestrating an experienced mitigation team.
Progent offers a variety of support services for securing Alpharetta enterprises from ransomware events. These include team member education to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat defense to discover and extinguish day-zero malware attacks. Progent also can provide the services of expert crypto-ransomware recovery engineers with the track record and commitment to reconstruct a breached network as urgently as possible.
Progent's Crypto-Ransomware Recovery Help
After a crypto-ransomware penetration, even paying the ransom in cryptocurrency does not ensure that merciless criminals will return the needed codes to unencrypt any of your information. Kaspersky determined that 17% of ransomware victims never restored their information even after having paid the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The fallback is to setup from scratch the mission-critical elements of your IT environment. Absent the availability of full system backups, this calls for a wide range of skills, professional project management, and the capability to work non-stop until the job is over.
For twenty years, Progent has offered professional Information Technology services for businesses across the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have earned advanced industry certifications in key technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security specialists have garnered internationally-renowned industry certifications including CISM, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise with accounting and ERP application software. This breadth of expertise provides Progent the capability to knowledgably identify necessary systems and re-organize the surviving pieces of your network environment after a crypto-ransomware attack and configure them into an operational network.
Progent's recovery group has best of breed project management systems to coordinate the complex recovery process. Progent understands the urgency of working swiftly and together with a client's management and Information Technology resources to prioritize tasks and to get essential services back online as soon as possible.
Customer Story: A Successful Crypto-Ransomware Virus Restoration
A business contacted Progent after their company was penetrated by the Ryuk ransomware virus. Ryuk is thought to have been created by North Korean government sponsored cybercriminals, possibly adopting approaches exposed from the U.S. NSA organization. Ryuk targets specific organizations with little or no tolerance for disruption and is one of the most lucrative iterations of ransomware. High publicized victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturing company based in Chicago and has around 500 staff members. The Ryuk penetration had brought down all essential operations and manufacturing capabilities. Most of the client's data backups had been on-line at the time of the attack and were destroyed. The client was taking steps for paying the ransom demand (in excess of $200K) and wishfully thinking for the best, but in the end made the decision to use Progent.
Progent worked with the customer to rapidly understand and assign priority to the critical systems that needed to be addressed in order to continue departmental functions:
In less than two days, Progent was able to rebuild Windows Active Directory to its pre-penetration state. Progent then helped perform reinstallations and hard drive recovery on critical systems. All Exchange Server schema and configuration information were intact, which greatly helped the rebuild of Exchange. Progent was able to locate intact OST data files (Outlook Email Off-Line Folder Files) on team desktop computers and laptops in order to recover email data. A recent offline backup of the client's manufacturing systems made it possible to recover these essential applications back online. Although a lot of work remained to recover completely from the Ryuk event, essential systems were recovered quickly:
Throughout the following couple of weeks critical milestones in the recovery process were completed through close cooperation between Progent engineers and the client:
Conclusion
A possible business-ending disaster was evaded through the efforts of hard-working professionals, a broad array of knowledge, and tight collaboration. Although in analyzing the event afterwards the ransomware attack detailed here should have been stopped with advanced cyber security technology and security best practices, staff training, and well thought out security procedures for information backup and applying software patches, the fact is that government-sponsored cyber criminals from Russia, China and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a ransomware penetration, feel confident that Progent's roster of experts has a proven track record in ransomware virus defense, removal, and information systems recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Services in Alpharetta
For ransomware cleanup consulting in the Alpharetta area, phone Progent at