Ransomware : Your Feared Information Technology Nightmare
Ransomware has become an escalating cyberplague that represents an enterprise-level threat for businesses vulnerable to an attack. Different iterations of ransomware like the CryptoLocker, Fusob, Locky, Syskey and MongoLock cryptoworms have been replicating for a long time and still inflict destruction. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, as well as additional unnamed viruses, not only perform encryption of online data files but also infiltrate all available system backups. Data synchronized to the cloud can also be ransomed. In a vulnerable system, this can render automated restoration useless and effectively knocks the datacenter back to square one.
Restoring applications and data following a ransomware attack becomes a race against time as the victim struggles to contain the damage, clear the ransomware, and resume mission-critical operations. Due to the fact that crypto-ransomware takes time to move laterally throughout a targeted network, assaults are usually launched at night, when successful penetrations in many cases take longer to uncover. This compounds the difficulty of rapidly assembling and coordinating an experienced response team.
Progent provides a range of support services for securing Bakersfield organizations from ransomware events. These include user training to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based threat defense to detect and quarantine zero-day malware attacks. Progent in addition provides the assistance of experienced ransomware recovery engineers with the talent and commitment to rebuild a breached system as rapidly as possible.
Progent's Ransomware Recovery Support Services
Soon after a crypto-ransomware attack, sending the ransom in cryptocurrency does not provide any assurance that distant criminals will return the keys to unencrypt any of your information. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their information after having paid the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms are commonly several hundred thousand dollars. For larger organizations, the ransom can reach millions. The other path is to setup from scratch the vital parts of your IT environment. Absent the availability of full data backups, this calls for a wide complement of skills, professional project management, and the ability to work non-stop until the task is complete.
For decades, Progent has offered professional IT services for businesses throughout the U.S. and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have attained top industry certifications in key technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security specialists have earned internationally-recognized industry certifications including CISA, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has experience in accounting and ERP applications. This breadth of experience affords Progent the skills to rapidly identify critical systems and consolidate the remaining components of your computer network system following a crypto-ransomware attack and configure them into a functioning system.
Progent's ransomware team uses state-of-the-art project management systems to orchestrate the complex restoration process. Progent knows the importance of working rapidly and together with a client's management and IT resources to prioritize tasks and to put essential applications back on-line as fast as possible.
Business Case Study: A Successful Ransomware Attack Restoration
A customer contacted Progent after their organization was attacked by the Ryuk crypto-ransomware. Ryuk is generally considered to have been developed by North Korean government sponsored criminal gangs, possibly adopting algorithms leaked from the U.S. National Security Agency. Ryuk seeks specific companies with limited ability to sustain operational disruption and is one of the most profitable iterations of ransomware. Headline victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing business based in the Chicago metro area and has about 500 employees. The Ryuk intrusion had disabled all essential operations and manufacturing processes. The majority of the client's information backups had been online at the time of the intrusion and were damaged. The client considered paying the ransom demand (exceeding $200K) and wishfully thinking for good luck, but ultimately utilized Progent.
Progent worked with the customer to quickly assess and prioritize the key systems that had to be recovered to make it possible to restart business operations:
Within 2 days, Progent was able to rebuild Active Directory to its pre-virus state. Progent then charged ahead with reinstallations and storage recovery of needed systems. All Microsoft Exchange Server schema and configuration information were intact, which facilitated the restore of Exchange. Progent was able to assemble non-encrypted OST files (Microsoft Outlook Off-Line Folder Files) on various PCs to recover email data. A not too old off-line backup of the businesses accounting systems made it possible to return these required programs back on-line. Although a large amount of work remained to recover totally from the Ryuk virus, critical systems were restored quickly:
Throughout the next few weeks critical milestones in the restoration process were achieved through tight cooperation between Progent engineers and the customer:
Conclusion
A potential business extinction catastrophe was avoided with top-tier professionals, a broad range of subject matter expertise, and close collaboration. Although in hindsight the ransomware virus attack detailed here should have been identified and prevented with current security solutions and security best practices, staff training, and well thought out security procedures for information backup and keeping systems up to date with security patches, the reality remains that state-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a crypto-ransomware incident, feel confident that Progent's team of experts has a proven track record in ransomware virus blocking, cleanup, and file disaster recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Expertise in Bakersfield
For ransomware cleanup expertise in the Bakersfield area, phone Progent at