Ransomware Filtering and Recovery Solutions Brooklyn

Ransomware : Your Feared Information Technology Catastrophe
Ransomware has become a too-frequent cyber pandemic that represents an existential threat for businesses vulnerable to an assault. Different iterations of ransomware like the CrySIS, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been out in the wild for many years and continue to inflict destruction. Modern strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, as well as more as yet unnamed newcomers, not only perform encryption of on-line data files but also infect many accessible system backup. Data synched to the cloud can also be corrupted. In a poorly designed environment, this can make automatic restoration impossible and effectively knocks the datacenter back to zero.

Recovering applications and data following a ransomware event becomes a race against the clock as the targeted organization tries its best to contain the damage, eradicate the ransomware, and restore mission-critical activity. Because crypto-ransomware needs time to replicate across a targeted network, attacks are usually launched on weekends, when attacks tend to take longer to discover. This compounds the difficulty of promptly marshalling and orchestrating an experienced response team.

Progent makes available an assortment of support services for securing Brooklyn organizations from ransomware events. Among these are team member education to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat defense to detect and quarantine zero-day malware attacks. Progent in addition offers the services of expert crypto-ransomware recovery consultants with the talent and commitment to restore a breached network as soon as possible.

Progent's Ransomware Recovery Help
Subsequent to a crypto-ransomware penetration, paying the ransom demands in cryptocurrency does not ensure that cyber criminals will respond with the codes to unencrypt any or all of your data. Kaspersky estimated that 17% of ransomware victims never restored their information after having paid the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom demand can be in the millions of dollars. The alternative is to piece back together the critical parts of your IT environment. Without access to full information backups, this requires a wide range of IT skills, top notch project management, and the capability to work non-stop until the recovery project is done.

For decades, Progent has offered professional Information Technology services for businesses across the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have been awarded high-level certifications in foundation technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security consultants have earned internationally-recognized industry certifications including CISA, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience with accounting and ERP applications. This breadth of expertise affords Progent the skills to quickly ascertain critical systems and organize the surviving components of your IT system following a ransomware event and configure them into a functioning network.

Progent's security team has powerful project management applications to orchestrate the sophisticated restoration process. Progent knows the importance of acting rapidly and together with a customer's management and IT team members to assign priority to tasks and to put the most important services back on line as soon as possible.

Customer Case Study: A Successful Ransomware Incident Restoration
A small business hired Progent after their company was penetrated by the Ryuk ransomware virus. Ryuk is generally considered to have been launched by North Korean state criminal gangs, possibly adopting technology leaked from America's NSA organization. Ryuk seeks specific organizations with little tolerance for operational disruption and is among the most lucrative iterations of ransomware malware. Well Known targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer located in the Chicago metro area with about 500 workers. The Ryuk event had frozen all business operations and manufacturing capabilities. The majority of the client's system backups had been online at the time of the intrusion and were eventually encrypted. The client considered paying the ransom (more than two hundred thousand dollars) and wishfully thinking for the best, but ultimately reached out to Progent.

Progent worked hand in hand the customer to rapidly understand and prioritize the key areas that needed to be recovered in order to resume business functions:

• Windows Active Directory
• Microsoft Exchange
• Financials/MRP

Within 2 days, Progent was able to re-build Active Directory services to its pre-intrusion state. Progent then completed rebuilding and hard drive recovery of key servers. All Exchange data and attributes were intact, which facilitated the restore of Exchange. Progent was also able to assemble intact OST files (Microsoft Outlook Off-Line Folder Files) on team desktop computers to recover mail data. A not too old off-line backup of the businesses accounting/MRP systems made them able to restore these essential services back servicing users. Although a large amount of work still had to be done to recover fully from the Ryuk damage, the most important services were recovered quickly:

Over the next couple of weeks critical milestones in the recovery project were completed in tight collaboration between Progent consultants and the customer:

• Internal web sites were returned to operation with no loss of data.
• The MailStore Server exceeding four million historical emails was brought online and accessible to users.
• CRM/Orders/Invoicing/Accounts Payable/Accounts Receivables/Inventory Control capabilities were completely restored.
• A new Palo Alto 850 firewall was installed and configured.
• Nearly all of the desktop computers were fully operational.

Conclusion
A possible enterprise-killing catastrophe was evaded by hard-working experts, a wide array of knowledge, and tight teamwork. Although upon completion of forensics the ransomware virus penetration described here could have been identified and prevented with current security systems and best practices, staff education, and well designed security procedures for data protection and keeping systems up to date with security patches, the reality remains that government-sponsored hackers from China, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a ransomware incident, feel confident that Progent's roster of professionals has extensive experience in ransomware virus blocking, removal, and file disaster recovery.

Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Recovery Services in Brooklyn
For ransomware system recovery expertise in the Brooklyn area, phone Progent at 800-462-8800 or go to Contact Progent.