Ransomware : Your Crippling Information Technology Disaster
Ransomware has become an escalating cyber pandemic that presents an extinction-level threat for businesses of all sizes vulnerable to an attack. Versions of ransomware like the Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been out in the wild for a long time and still cause harm. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as additional as yet unnamed newcomers, not only perform encryption of online data files but also infiltrate any configured system protection. Information replicated to the cloud can also be corrupted. In a poorly architected data protection solution, this can make automatic restoration useless and effectively sets the datacenter back to zero.
Getting back on-line applications and data following a ransomware intrusion becomes a race against the clock as the targeted organization struggles to contain the damage, eradicate the virus, and restore business-critical operations. Due to the fact that crypto-ransomware takes time to spread across a targeted network, penetrations are frequently launched during weekends and nights, when penetrations tend to take longer to discover. This multiplies the difficulty of quickly assembling and organizing a qualified response team.
Progent provides a range of solutions for protecting enterprises from ransomware penetrations. These include team education to help identify and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based threat defense to detect and suppress zero-day modern malware attacks. Progent also provides the services of veteran crypto-ransomware recovery engineers with the talent and commitment to rebuild a compromised network as soon as possible.
Progent's Crypto-Ransomware Restoration Services
Following a ransomware invasion, paying the ransom in cryptocurrency does not provide any assurance that cyber hackers will provide the needed keys to decrypt any or all of your data. Kaspersky ascertained that seventeen percent of crypto-ransomware victims never restored their files even after having sent off the ransom, resulting in more losses. The risk is also very costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions of dollars. The other path is to piece back together the essential parts of your IT environment. Absent access to complete system backups, this requires a broad range of IT skills, well-coordinated project management, and the ability to work continuously until the task is done.
For two decades, Progent has offered expert Information Technology services for businesses across the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have earned top industry certifications in key technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized industry certifications including CISA, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has expertise with financial management and ERP software solutions. This breadth of experience gives Progent the capability to quickly identify critical systems and integrate the remaining pieces of your computer network environment after a crypto-ransomware penetration and assemble them into an operational system.
Progent's recovery team deploys state-of-the-art project management applications to coordinate the sophisticated recovery process. Progent understands the importance of working swiftly and together with a customer's management and IT resources to prioritize tasks and to get the most important systems back on-line as fast as possible.
Case Study: A Successful Crypto-Ransomware Penetration Restoration
A business contacted Progent after their organization was brought down by the Ryuk ransomware virus. Ryuk is generally considered to have been developed by North Korean state sponsored criminal gangs, possibly using approaches leaked from the United States NSA organization. Ryuk goes after specific businesses with little tolerance for disruption and is among the most profitable versions of ransomware. Major victims include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturer headquartered in the Chicago metro area with around 500 workers. The Ryuk event had disabled all company operations and manufacturing processes. The majority of the client's backups had been on-line at the start of the intrusion and were damaged. The client considered paying the ransom (exceeding $200,000) and praying for good luck, but ultimately made the decision to use Progent.
Progent worked with the customer to rapidly get our arms around and prioritize the mission critical areas that had to be restored in order to resume departmental functions:
In less than two days, Progent was able to rebuild Windows Active Directory to its pre-intrusion state. Progent then performed setup and storage recovery of needed applications. All Exchange Server ties and attributes were usable, which accelerated the restore of Exchange. Progent was able to locate intact OST files (Microsoft Outlook Offline Data Files) on user desktop computers and laptops in order to recover email data. A not too old off-line backup of the customer's financials/MRP systems made it possible to restore these vital applications back online for users. Although major work needed to be completed to recover fully from the Ryuk virus, essential services were restored quickly:
Over the following few weeks important milestones in the recovery process were accomplished through tight cooperation between Progent engineers and the customer:
Conclusion
A potential enterprise-killing catastrophe was dodged by hard-working professionals, a wide range of knowledge, and close teamwork. Although in hindsight the ransomware virus penetration described here would have been stopped with current cyber security technology solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator education, and appropriate security procedures for information backup and proper patching controls, the fact is that government-sponsored cybercriminals from Russia, North Korea and elsewhere are relentless and are not going away. If you do get hit by a ransomware penetration, feel confident that Progent's team of experts has substantial experience in crypto-ransomware virus blocking, mitigation, and information systems restoration.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Repair Expertise
For 24-Hour ransomware recovery consulting, call Progent at