Ransomware : Your Feared IT Catastrophe
Crypto-Ransomware has become a too-frequent cyber pandemic that represents an enterprise-level danger for businesses unprepared for an assault. Versions of ransomware such as CryptoLocker, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been circulating for years and still cause harm. Modern strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus additional as yet unnamed newcomers, not only encrypt on-line data files but also infect all accessible system protection. Data synchronized to the cloud can also be rendered useless. In a poorly designed data protection solution, it can render automatic restoration impossible and effectively knocks the entire system back to square one.
Restoring services and data following a ransomware outage becomes a race against time as the targeted organization struggles to stop the spread, clear the ransomware, and restore business-critical activity. Due to the fact that ransomware needs time to replicate throughout a targeted network, penetrations are usually launched at night, when successful attacks typically take longer to discover. This multiplies the difficulty of rapidly mobilizing and coordinating an experienced mitigation team.
Progent offers an assortment of help services for securing Southlake enterprises from ransomware penetrations. Among these are user education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat protection to discover and suppress day-zero modern malware assaults. Progent also provides the services of veteran crypto-ransomware recovery consultants with the track record and perseverance to reconstruct a breached system as rapidly as possible.
Progent's Crypto-Ransomware Restoration Support Services
Subsequent to a ransomware event, sending the ransom in cryptocurrency does not guarantee that cyber criminals will respond with the keys to decipher all your data. Kaspersky Labs ascertained that 17% of ransomware victims never restored their files after having sent off the ransom, resulting in more losses. The risk is also very costly. Ryuk ransoms are commonly a few hundred thousand dollars. For larger organizations, the ransom can be in the millions. The other path is to piece back together the vital parts of your IT environment. Without access to full information backups, this requires a broad range of skills, top notch project management, and the ability to work non-stop until the task is complete.
For twenty years, Progent has provided professional IT services for businesses throughout the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have been awarded high-level industry certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have earned internationally-recognized industry certifications including CISM, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise in accounting and ERP software solutions. This breadth of expertise affords Progent the capability to quickly identify critical systems and integrate the surviving pieces of your IT system after a ransomware penetration and configure them into an operational network.
Progent's security group uses top notch project management tools to orchestrate the complex recovery process. Progent understands the urgency of acting rapidly and together with a client's management and IT resources to assign priority to tasks and to put essential systems back online as fast as humanly possible.
Customer Story: A Successful Crypto-Ransomware Penetration Response
A customer escalated to Progent after their network was crashed by Ryuk crypto-ransomware. Ryuk is believed to have been developed by North Korean state sponsored cybercriminals, possibly adopting strategies leaked from the U.S. NSA organization. Ryuk attacks specific organizations with limited room for operational disruption and is one of the most lucrative versions of ransomware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturer located in the Chicago metro area and has around 500 employees. The Ryuk event had brought down all business operations and manufacturing processes. Most of the client's data backups had been directly accessible at the start of the intrusion and were destroyed. The client was actively seeking loans for paying the ransom demand (exceeding $200,000) and hoping for good luck, but ultimately utilized Progent.
Progent worked hand in hand the customer to rapidly get our arms around and prioritize the most important applications that needed to be addressed to make it possible to restart company functions:
Within 2 days, Progent was able to restore Windows Active Directory to its pre-attack state. Progent then initiated reinstallations and hard drive recovery of needed systems. All Microsoft Exchange Server data and attributes were intact, which facilitated the restore of Exchange. Progent was able to find non-encrypted OST files (Outlook Email Offline Data Files) on team workstations and laptops to recover email messages. A not too old offline backup of the businesses accounting/ERP systems made them able to restore these vital applications back available to users. Although a lot of work remained to recover fully from the Ryuk attack, core services were recovered rapidly:
Throughout the following month important milestones in the restoration project were completed in close collaboration between Progent consultants and the client:
Conclusion
A likely business extinction disaster was avoided through the efforts of hard-working experts, a broad array of technical expertise, and tight teamwork. Although in analyzing the event afterwards the crypto-ransomware virus penetration described here would have been identified and prevented with current security technology solutions and NIST Cybersecurity Framework best practices, staff education, and well thought out incident response procedures for information backup and applying software patches, the fact remains that state-sponsored cyber criminals from Russia, China and elsewhere are relentless and represent an ongoing threat. If you do get hit by a ransomware virus, feel confident that Progent's roster of professionals has proven experience in ransomware virus blocking, removal, and file recovery.
Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting Services in Southlake
For ransomware cleanup consulting in the Southlake metro area, phone Progent at