Ransomware : Your Worst Information Technology Disaster
Ransomware has become a modern cyber pandemic that poses an extinction-level danger for organizations vulnerable to an assault. Multiple generations of ransomware such as CryptoLocker, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been around for years and still cause destruction. Newer versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with daily as yet unnamed malware, not only encrypt online critical data but also infiltrate any accessible system protection. Files synchronized to off-premises disaster recovery sites can also be rendered useless. In a poorly designed data protection solution, it can render automatic restore operations hopeless and basically sets the datacenter back to square one.
Recovering programs and data after a crypto-ransomware event becomes a race against time as the victim fights to contain the damage, cleanup the ransomware, and resume business-critical activity. Due to the fact that ransomware needs time to spread throughout a network, penetrations are frequently sprung on weekends and holidays, when successful attacks tend to take more time to uncover. This compounds the difficulty of quickly marshalling and organizing a qualified response team.
Progent has an assortment of support services for securing Oakland enterprises from ransomware attacks. Among these are team member education to help recognize and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's behavior-based cyberthreat defense to detect and suppress day-zero modern malware attacks. Progent also can provide the services of experienced ransomware recovery professionals with the talent and commitment to re-deploy a compromised system as quickly as possible.
Progent's Ransomware Recovery Help
Soon after a ransomware event, even paying the ransom in cryptocurrency does not guarantee that merciless criminals will respond with the needed codes to decrypt all your data. Kaspersky ascertained that seventeen percent of crypto-ransomware victims never recovered their information even after having sent off the ransom, resulting in more losses. The risk is also very costly. Ryuk ransoms are commonly several hundred thousand dollars. For larger enterprises, the ransom can be in the millions of dollars. The alternative is to setup from scratch the essential parts of your IT environment. Without access to essential information backups, this requires a wide range of skills, professional project management, and the capability to work non-stop until the task is finished.
For two decades, Progent has offered certified expert Information Technology services for companies throughout the U.S. and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have been awarded high-level certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security engineers have garnered internationally-renowned industry certifications including CISM, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has experience with financial systems and ERP application software. This breadth of expertise gives Progent the capability to efficiently identify necessary systems and organize the surviving components of your network system following a ransomware event and rebuild them into a functioning network.
Progent's security group utilizes best of breed project management tools to coordinate the complicated recovery process. Progent knows the importance of working quickly and together with a client's management and Information Technology staff to prioritize tasks and to get the most important services back on-line as soon as possible.
Business Case Study: A Successful Crypto-Ransomware Intrusion Recovery
A customer hired Progent after their organization was brought down by Ryuk crypto-ransomware. Ryuk is thought to have been developed by North Korean state sponsored criminal gangs, suspected of adopting approaches exposed from America's NSA organization. Ryuk goes after specific companies with limited ability to sustain operational disruption and is among the most lucrative instances of ransomware. Headline organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturing company based in the Chicago metro area with around 500 workers. The Ryuk event had shut down all company operations and manufacturing processes. Most of the client's data protection had been on-line at the beginning of the attack and were encrypted. The client was pursuing financing for paying the ransom demand (in excess of $200,000) and wishfully thinking for good luck, but ultimately made the decision to use Progent.
Progent worked with the client to quickly determine and prioritize the essential applications that needed to be restored to make it possible to restart business operations:
Within 2 days, Progent was able to rebuild Active Directory to its pre-penetration state. Progent then helped perform setup and hard drive recovery of mission critical applications. All Exchange Server ties and attributes were usable, which accelerated the rebuild of Exchange. Progent was also able to collect local OST data files (Outlook Email Off-Line Folder Files) on various PCs and laptops in order to recover email data. A not too old off-line backup of the customer's manufacturing software made it possible to return these required services back online for users. Although major work remained to recover totally from the Ryuk event, critical systems were restored quickly:
During the next month critical milestones in the restoration project were completed in tight collaboration between Progent engineers and the customer:
Conclusion
A potential company-ending catastrophe was avoided with hard-working experts, a broad range of technical expertise, and tight teamwork. Although in hindsight the ransomware virus penetration detailed here could have been identified and disabled with up-to-date cyber security technology and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator education, and well thought out incident response procedures for information backup and applying software patches, the fact remains that state-sponsored cyber criminals from China, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a ransomware incident, feel confident that Progent's team of experts has proven experience in crypto-ransomware virus defense, removal, and information systems restoration.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Oakland
For ransomware system restoration expertise in the Oakland area, call Progent at