Ransomware : Your Crippling Information Technology Disaster
Ransomware has become a modern cyber pandemic that poses an existential threat for organizations poorly prepared for an assault. Multiple generations of crypto-ransomware like the Reveton, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been replicating for years and still inflict damage. Modern strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, as well as more unnamed malware, not only encrypt online data but also infect most configured system protection mechanisms. Files synchronized to off-premises disaster recovery sites can also be ransomed. In a poorly architected system, this can make automated restore operations impossible and basically knocks the datacenter back to zero.
Getting back applications and data after a ransomware outage becomes a sprint against time as the targeted organization tries its best to contain the damage, remove the ransomware, and resume enterprise-critical activity. Because ransomware takes time to move laterally across a targeted network, assaults are frequently sprung at night, when attacks may take longer to uncover. This multiplies the difficulty of rapidly assembling and organizing a knowledgeable response team.
Progent makes available an assortment of help services for securing organizations from ransomware attacks. Among these are team training to become familiar with and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based threat protection to discover and quarantine day-zero malware assaults. Progent in addition offers the services of veteran ransomware recovery consultants with the talent and commitment to reconstruct a breached environment as urgently as possible.
Progent's Ransomware Recovery Support Services
After a crypto-ransomware penetration, even paying the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will provide the keys to unencrypt any of your data. Kaspersky Labs estimated that seventeen percent of ransomware victims never restored their data even after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms are often several hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions of dollars. The alternative is to piece back together the vital parts of your IT environment. Absent access to complete information backups, this requires a broad complement of skill sets, well-coordinated project management, and the capability to work non-stop until the task is complete.
For twenty years, Progent has provided expert IT services for businesses throughout the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have earned top certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have garnered internationally-renowned certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has expertise with financial management and ERP software solutions. This breadth of expertise affords Progent the ability to efficiently understand necessary systems and organize the surviving pieces of your Information Technology system following a ransomware event and rebuild them into an operational network.
Progent's recovery team uses top notch project management tools to orchestrate the complex restoration process. Progent knows the importance of acting swiftly and together with a client's management and Information Technology team members to prioritize tasks and to put critical systems back on-line as fast as possible.
Business Case Study: A Successful Crypto-Ransomware Virus Response
A small business escalated to Progent after their company was crashed by Ryuk crypto-ransomware. Ryuk is thought to have been developed by North Korean state criminal gangs, suspected of adopting algorithms leaked from the U.S. National Security Agency. Ryuk seeks specific businesses with little or no ability to sustain operational disruption and is among the most lucrative versions of ransomware. Major victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturer located in the Chicago metro area and has around 500 workers. The Ryuk attack had shut down all essential operations and manufacturing processes. Most of the client's data backups had been directly accessible at the start of the intrusion and were eventually encrypted. The client considered paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for the best, but ultimately engaged Progent.
Progent worked hand in hand the client to rapidly identify and prioritize the essential elements that needed to be restored to make it possible to restart company functions:
In less than two days, Progent was able to rebuild Active Directory to its pre-intrusion state. Progent then charged ahead with setup and hard drive recovery of critical servers. All Exchange data and configuration information were usable, which accelerated the rebuild of Exchange. Progent was also able to assemble intact OST data files (Microsoft Outlook Offline Folder Files) on staff desktop computers to recover email data. A recent offline backup of the customer's financials/ERP systems made it possible to restore these vital applications back on-line. Although a lot of work still had to be done to recover completely from the Ryuk damage, the most important systems were returned to operations rapidly:
During the next few weeks important milestones in the restoration project were made through close collaboration between Progent team members and the customer:
Conclusion
A possible business catastrophe was dodged with dedicated professionals, a wide range of knowledge, and tight collaboration. Although in post mortem the ransomware incident detailed here could have been blocked with advanced security systems and security best practices, staff education, and well thought out incident response procedures for backup and applying software patches, the fact is that government-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a crypto-ransomware attack, remember that Progent's team of professionals has proven experience in crypto-ransomware virus blocking, mitigation, and data restoration.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Removal Expertise
For 24x7x365 crypto-ransomware cleanup consulting, call Progent at