Ransomware Defense and Removal Solutions

Ransomware : Your Crippling Information Technology Catastrophe
Ransomware has become a modern cyber pandemic that poses an extinction-level danger for organizations poorly prepared for an attack. Versions of crypto-ransomware like the Dharma, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been out in the wild for years and continue to inflict destruction. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Lockbit and Egregor, plus more unnamed newcomers, not only encrypt on-line data but also infect many available system backup. Information replicated to off-site disaster recovery sites can also be corrupted. In a poorly designed data protection solution, it can make automated restore operations impossible and effectively sets the entire system back to square one.

Getting back on-line services and data following a ransomware intrusion becomes a sprint against time as the victim struggles to contain the damage and eradicate the virus and to restore enterprise-critical activity. Due to the fact that ransomware takes time to replicate, assaults are often launched during weekends and nights, when successful penetrations tend to take more time to detect. This multiplies the difficulty of promptly marshalling and organizing a capable mitigation team.

Progent offers an assortment of services for securing enterprises from ransomware events. These include team training to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring for remote monitoring and management, along with installation of the latest generation security solutions with artificial intelligence capabilities to automatically identify and suppress zero-day threats. Progent also can provide the assistance of expert ransomware recovery engineers with the track record and perseverance to restore a breached system as soon as possible.

Progent's Crypto-Ransomware Restoration Support Services
Soon after a ransomware penetration, paying the ransom demands in Bitcoin cryptocurrency does not guarantee that distant criminals will respond with the keys to unencrypt any of your files. Kaspersky determined that seventeen percent of ransomware victims never recovered their information after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the usual ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller organizations. The other path is to re-install the essential elements of your IT environment. Absent the availability of complete data backups, this requires a wide range of skills, professional project management, and the capability to work non-stop until the job is finished.

For twenty years, Progent has provided expert IT services for companies throughout the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have earned advanced certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have earned internationally-recognized certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has experience in financial systems and ERP software solutions. This breadth of experience provides Progent the capability to knowledgably ascertain critical systems and consolidate the remaining components of your Information Technology system following a crypto-ransomware attack and assemble them into an operational network.

Progent's recovery team utilizes state-of-the-art project management applications to coordinate the complex restoration process. Progent understands the importance of working quickly and in concert with a customer’s management and Information Technology team members to prioritize tasks and to put key systems back on line as soon as humanly possible.

Customer Story: A Successful Crypto-Ransomware Penetration Restoration
A small business contacted Progent after their company was taken over by Ryuk ransomware. Ryuk is generally considered to have been created by Northern Korean state sponsored cybercriminals, suspected of adopting approaches leaked from America’s NSA organization. Ryuk seeks specific businesses with limited room for operational disruption and is one of the most profitable incarnations of ransomware. Headline organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturing business headquartered in Chicago with around 500 staff members. The Ryuk intrusion had brought down all essential operations and manufacturing capabilities. Most of the client's data protection had been on-line at the beginning of the intrusion and were eventually encrypted. The client was evaluating paying the ransom (in excess of $200,000) and wishfully thinking for the best, but ultimately utilized Progent.

Progent worked hand in hand the client to quickly determine and assign priority to the mission critical areas that had to be recovered in order to resume business operations:

• Microsoft Active Directory
• Electronic Mail
• MRP System

In less than 2 days, Progent was able to restore Active Directory services to its pre-virus state. Progent then performed rebuilding and hard drive recovery on mission critical applications. All Exchange Server schema and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to collect local OST files (Outlook Email Offline Folder Files) on team workstations and laptops in order to recover email messages. A recent offline backup of the client's financials/MRP software made it possible to restore these required services back servicing users. Although a large amount of work still had to be done to recover totally from the Ryuk damage, core services were recovered rapidly:

Throughout the following few weeks important milestones in the restoration project were accomplished through close cooperation between Progent engineers and the client:

• In-house web sites were restored without losing any information.
• The MailStore Server exceeding 4 million historical emails was brought on-line and accessible to users.
• CRM/Customer Orders/Invoicing/Accounts Payable (AP)/AR/Inventory modules were 100% restored.
• A new Palo Alto Networks 850 security appliance was installed.
• 90% of the user workstations were being used by staff.

Conclusion
A possible enterprise-killing catastrophe was avoided due to hard-working experts, a wide spectrum of knowledge, and close teamwork. Although in hindsight the ransomware attack described here could have been prevented with modern security technology solutions and recognized best practices, staff training, and properly executed incident response procedures for information backup and proper patching controls, the fact is that government-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and will continue. If you do fall victim to a ransomware incident, remember that Progent's team of experts has a proven track record in crypto-ransomware virus defense, removal, and information systems recovery.

Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Crypto-Ransomware Remediation Expertise
For 24/7 ransomware remediation services, reach out to Progent at 800-993-9400 or go to Contact Progent.