Ransomware : Your Feared Information Technology Nightmare
Ransomware has become an escalating cyberplague that poses an existential danger for organizations unprepared for an assault. Different iterations of ransomware like the Dharma, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been running rampant for a long time and still cause harm. More recent versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, along with more as yet unnamed malware, not only perform encryption of on-line information but also infect most available system protection mechanisms. Information synched to off-premises disaster recovery sites can also be ransomed. In a poorly architected environment, this can make any restoration impossible and effectively knocks the network back to zero.
Retrieving applications and data after a ransomware intrusion becomes a race against time as the targeted organization struggles to contain, clear the ransomware, and restore enterprise-critical operations. Since ransomware takes time to spread throughout a targeted network, assaults are often sprung during weekends and nights, when successful penetrations in many cases take more time to discover. This multiplies the difficulty of promptly assembling and coordinating a knowledgeable mitigation team.
Progent offers a range of support services for securing Manhattan Beach organizations from crypto-ransomware events. These include staff training to help recognize and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat protection to discover and extinguish day-zero malware attacks. Progent in addition provides the services of experienced ransomware recovery professionals with the track record and commitment to restore a breached system as soon as possible.
Progent's Crypto-Ransomware Recovery Services
Subsequent to a ransomware event, even paying the ransom in cryptocurrency does not guarantee that cyber criminals will return the needed keys to decipher any or all of your files. Kaspersky Labs ascertained that 17% of ransomware victims never restored their information even after having paid the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms are often several hundred thousand dollars. For larger enterprises, the ransom demand can reach millions of dollars. The fallback is to setup from scratch the vital elements of your IT environment. Absent the availability of complete data backups, this requires a broad range of skills, well-coordinated project management, and the capability to work 24x7 until the task is done.
For twenty years, Progent has provided professional Information Technology services for companies throughout the United States and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have attained advanced certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security experts have garnered internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has expertise in accounting and ERP applications. This breadth of experience gives Progent the skills to quickly understand necessary systems and re-organize the surviving components of your computer network system following a ransomware event and assemble them into a functioning system.
Progent's ransomware group deploys powerful project management systems to orchestrate the complicated restoration process. Progent appreciates the urgency of acting rapidly and together with a customer's management and IT team members to assign priority to tasks and to put key services back online as fast as humanly possible.
Client Story: A Successful Ransomware Penetration Recovery
A business engaged Progent after their network system was taken over by Ryuk crypto-ransomware. Ryuk is believed to have been created by North Korean government sponsored criminal gangs, possibly adopting approaches leaked from the United States NSA organization. Ryuk seeks specific companies with little or no ability to sustain operational disruption and is one of the most profitable incarnations of crypto-ransomware. Major victims include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing business based in the Chicago metro area and has about 500 employees. The Ryuk attack had brought down all company operations and manufacturing processes. Most of the client's information backups had been on-line at the start of the intrusion and were eventually encrypted. The client was taking steps for paying the ransom (in excess of $200K) and praying for good luck, but ultimately called Progent.
Progent worked with the client to rapidly understand and assign priority to the most important systems that had to be recovered to make it possible to restart business functions:
In less than 2 days, Progent was able to rebuild Windows Active Directory to its pre-intrusion state. Progent then helped perform setup and hard drive recovery on critical servers. All Microsoft Exchange Server data and configuration information were usable, which facilitated the restore of Exchange. Progent was also able to assemble local OST data files (Outlook Off-Line Folder Files) on staff PCs in order to recover email data. A recent offline backup of the customer's financials/MRP software made them able to return these vital programs back servicing users. Although a lot of work still had to be done to recover totally from the Ryuk attack, core services were returned to operations rapidly:
During the following couple of weeks key milestones in the recovery project were accomplished through close collaboration between Progent team members and the customer:
Conclusion
A potential business-ending disaster was evaded with dedicated professionals, a broad array of subject matter expertise, and tight collaboration. Although in retrospect the ransomware attack described here would have been identified and blocked with up-to-date security systems and NIST Cybersecurity Framework best practices, user and IT administrator training, and well designed security procedures for data protection and applying software patches, the fact remains that state-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware incursion, remember that Progent's roster of professionals has extensive experience in crypto-ransomware virus defense, remediation, and information systems restoration.
Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this customer story, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Services in Manhattan Beach
For ransomware system recovery services in the Manhattan Beach area, call Progent at