Crypto-Ransomware : Your Feared IT Disaster
Crypto-Ransomware has become an escalating cyber pandemic that poses an existential threat for organizations unprepared for an attack. Different iterations of crypto-ransomware like the Dharma, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been circulating for years and continue to cause harm. Modern variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, along with daily unnamed malware, not only encrypt online data files but also infiltrate all accessible system backup. Information synched to off-premises disaster recovery sites can also be encrypted. In a vulnerable system, it can make automatic restoration hopeless and basically knocks the datacenter back to square one.
Getting back on-line services and data following a crypto-ransomware intrusion becomes a race against time as the targeted organization tries its best to contain the damage, remove the crypto-ransomware, and restore mission-critical activity. Because ransomware takes time to replicate across a network, penetrations are frequently launched at night, when successful attacks typically take more time to uncover. This multiplies the difficulty of quickly marshalling and coordinating an experienced mitigation team.
Progent provides a variety of solutions for securing Long Beach enterprises from ransomware attacks. These include user training to help recognize and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat protection to identify and quarantine day-zero malware attacks. Progent also provides the assistance of experienced crypto-ransomware recovery engineers with the skills and perseverance to restore a compromised network as soon as possible.
Progent's Crypto-Ransomware Restoration Support Services
Following a ransomware attack, even paying the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will respond with the keys to decrypt any of your files. Kaspersky Labs estimated that seventeen percent of ransomware victims never restored their information even after having sent off the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms are often several hundred thousand dollars. For larger organizations, the ransom demand can be in the millions of dollars. The other path is to piece back together the essential elements of your Information Technology environment. Absent access to essential system backups, this calls for a broad complement of skill sets, top notch team management, and the ability to work 24x7 until the job is finished.
For two decades, Progent has provided professional Information Technology services for businesses across the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have attained advanced industry certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have earned internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has experience in accounting and ERP application software. This breadth of expertise affords Progent the capability to efficiently understand necessary systems and integrate the surviving components of your network environment following a crypto-ransomware event and configure them into an operational network.
Progent's ransomware team has state-of-the-art project management applications to coordinate the complex restoration process. Progent understands the urgency of acting swiftly and in unison with a customer's management and Information Technology staff to prioritize tasks and to put the most important systems back online as soon as humanly possible.
Customer Case Study: A Successful Ransomware Penetration Response
A business hired Progent after their network system was penetrated by Ryuk ransomware. Ryuk is generally considered to have been created by North Korean state criminal gangs, suspected of using algorithms leaked from the United States National Security Agency. Ryuk targets specific companies with little tolerance for disruption and is among the most lucrative examples of ransomware. High publicized organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturer located in Chicago and has about 500 staff members. The Ryuk penetration had shut down all company operations and manufacturing processes. The majority of the client's data backups had been directly accessible at the beginning of the intrusion and were eventually encrypted. The client was actively seeking loans for paying the ransom (more than $200,000) and wishfully thinking for good luck, but in the end reached out to Progent.
Progent worked hand in hand the client to quickly determine and prioritize the critical elements that had to be addressed in order to continue business functions:
In less than 48 hours, Progent was able to re-build Active Directory services to its pre-virus state. Progent then assisted with setup and hard drive recovery on needed servers. All Exchange Server data and attributes were usable, which greatly helped the rebuild of Exchange. Progent was able to assemble non-encrypted OST files (Outlook Off-Line Folder Files) on various desktop computers in order to recover mail information. A recent offline backup of the customer's financials/ERP software made it possible to return these essential services back online for users. Although significant work still had to be done to recover fully from the Ryuk virus, essential systems were returned to operations rapidly:
Throughout the following few weeks important milestones in the recovery project were completed through tight collaboration between Progent team members and the customer:
Conclusion
A probable business-killing catastrophe was avoided through the efforts of top-tier experts, a wide array of subject matter expertise, and tight collaboration. Although in analyzing the event afterwards the ransomware virus incident detailed here could have been prevented with advanced security solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, team training, and well thought out incident response procedures for information backup and proper patching controls, the reality is that state-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and are not going away. If you do get hit by a ransomware penetration, feel confident that Progent's team of experts has substantial experience in ransomware virus blocking, removal, and information systems recovery.
Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Recovery Consulting Services in Long Beach
For ransomware cleanup consulting in the Long Beach area, phone Progent at