Ransomware : Your Feared Information Technology Nightmare
Ransomware has become a too-frequent cyber pandemic that represents an enterprise-level threat for businesses of all sizes vulnerable to an attack. Different versions of ransomware like the CrySIS, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been out in the wild for years and still inflict havoc. Newer versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, as well as frequent unnamed malware, not only perform encryption of on-line files but also infect any available system restores and backups. Information synchronized to the cloud can also be corrupted. In a poorly designed data protection solution, this can make any restore operations impossible and effectively knocks the entire system back to square one.
Getting back applications and information after a ransomware outage becomes a sprint against time as the targeted organization struggles to stop lateral movement, cleanup the crypto-ransomware, and resume enterprise-critical operations. Since ransomware takes time to spread across a network, penetrations are usually launched on weekends and holidays, when penetrations in many cases take longer to discover. This multiplies the difficulty of quickly assembling and coordinating a capable mitigation team.
Progent offers an assortment of help services for protecting Parsippany businesses from ransomware events. Among these are staff training to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based cyberthreat defense to identify and suppress day-zero modern malware attacks. Progent also provides the assistance of veteran ransomware recovery consultants with the talent and perseverance to re-deploy a breached system as soon as possible.
Progent's Ransomware Restoration Services
Subsequent to a crypto-ransomware event, even paying the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will return the keys to decipher any of your information. Kaspersky determined that 17% of ransomware victims never restored their information after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms are often a few hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions. The other path is to re-install the vital parts of your IT environment. Without access to essential system backups, this calls for a wide range of skills, well-coordinated team management, and the ability to work 24x7 until the task is over.
For decades, Progent has provided professional Information Technology services for companies throughout the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have attained top industry certifications in important technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have garnered internationally-recognized certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has experience in financial systems and ERP applications. This breadth of expertise affords Progent the skills to rapidly ascertain critical systems and integrate the surviving parts of your Information Technology environment after a crypto-ransomware event and configure them into a functioning network.
Progent's recovery group utilizes top notch project management applications to coordinate the complex restoration process. Progent understands the urgency of acting swiftly and together with a customer's management and Information Technology staff to prioritize tasks and to put key applications back online as fast as possible.
Customer Story: A Successful Ransomware Penetration Recovery
A customer hired Progent after their company was penetrated by the Ryuk ransomware. Ryuk is generally considered to have been developed by North Korean state sponsored hackers, possibly using techniques exposed from the United States National Security Agency. Ryuk attacks specific businesses with little or no ability to sustain operational disruption and is among the most lucrative versions of ransomware. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing company headquartered in Chicago and has around 500 workers. The Ryuk attack had shut down all company operations and manufacturing capabilities. Most of the client's information backups had been online at the beginning of the attack and were eventually encrypted. The client was pursuing financing for paying the ransom demand (in excess of two hundred thousand dollars) and wishfully thinking for good luck, but ultimately utilized Progent.
Progent worked hand in hand the client to quickly determine and prioritize the key systems that had to be restored in order to restart company operations:
In less than two days, Progent was able to rebuild Active Directory services to its pre-intrusion state. Progent then charged ahead with rebuilding and storage recovery of essential systems. All Exchange data and attributes were usable, which accelerated the rebuild of Exchange. Progent was also able to assemble local OST files (Microsoft Outlook Off-Line Data Files) on team desktop computers in order to recover email data. A recent off-line backup of the businesses accounting/MRP software made them able to recover these vital services back servicing users. Although significant work needed to be completed to recover completely from the Ryuk virus, the most important systems were restored quickly:
During the following month key milestones in the recovery project were accomplished in close cooperation between Progent consultants and the client:
Conclusion
A possible company-ending disaster was avoided due to results-oriented professionals, a broad spectrum of subject matter expertise, and close teamwork. Although upon completion of forensics the crypto-ransomware incident described here would have been identified and disabled with up-to-date cyber security solutions and NIST Cybersecurity Framework best practices, user training, and well thought out security procedures for data protection and proper patching controls, the reality remains that government-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and will continue. If you do fall victim to a crypto-ransomware attack, remember that Progent's roster of professionals has extensive experience in ransomware virus blocking, mitigation, and data recovery.
Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Parsippany
For ransomware system recovery consulting in the Parsippany area, call Progent at