Ransomware : Your Crippling IT Disaster
Crypto-Ransomware has become a too-frequent cyberplague that presents an extinction-level threat for businesses of all sizes poorly prepared for an assault. Versions of ransomware like the Reveton, CryptoWall, Locky, SamSam and MongoLock cryptoworms have been around for many years and continue to cause damage. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, plus more as yet unnamed malware, not only perform encryption of on-line information but also infect all configured system restores and backups. Information synched to cloud environments can also be ransomed. In a poorly architected system, this can make any recovery hopeless and basically sets the network back to square one.
Getting back on-line programs and data following a crypto-ransomware outage becomes a race against time as the targeted organization struggles to contain the damage, clear the crypto-ransomware, and restore mission-critical operations. Because ransomware needs time to move laterally throughout a network, assaults are frequently sprung during weekends and nights, when successful attacks typically take more time to recognize. This compounds the difficulty of promptly marshalling and orchestrating a qualified mitigation team.
Progent has an assortment of support services for securing Lakeland businesses from crypto-ransomware penetrations. These include team member education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based cyberthreat defense to identify and extinguish day-zero modern malware attacks. Progent also offers the services of expert ransomware recovery consultants with the track record and perseverance to reconstruct a compromised system as urgently as possible.
Progent's Ransomware Recovery Services
Subsequent to a ransomware event, sending the ransom in cryptocurrency does not ensure that merciless criminals will provide the keys to unencrypt all your data. Kaspersky Labs determined that seventeen percent of crypto-ransomware victims never recovered their information even after having sent off the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms are commonly several hundred thousand dollars. For larger organizations, the ransom demand can reach millions. The alternative is to re-install the essential elements of your Information Technology environment. Without access to full system backups, this calls for a wide range of IT skills, top notch team management, and the ability to work non-stop until the task is completed.
For decades, Progent has made available professional Information Technology services for businesses across the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have attained advanced certifications in leading technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have earned internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience with financial systems and ERP applications. This breadth of expertise affords Progent the skills to knowledgably determine important systems and integrate the surviving parts of your IT system after a ransomware event and rebuild them into a functioning network.
Progent's ransomware team of experts uses best of breed project management applications to coordinate the complex restoration process. Progent understands the importance of acting swiftly and in unison with a client's management and IT staff to assign priority to tasks and to put essential applications back on line as soon as possible.
Case Study: A Successful Ransomware Attack Recovery
A customer sought out Progent after their company was taken over by Ryuk ransomware virus. Ryuk is thought to have been developed by North Korean state sponsored criminal gangs, possibly using strategies leaked from the U.S. NSA organization. Ryuk targets specific businesses with little ability to sustain operational disruption and is one of the most profitable examples of crypto-ransomware. Well Known victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturer based in the Chicago metro area and has about 500 workers. The Ryuk event had frozen all essential operations and manufacturing processes. Most of the client's backups had been directly accessible at the beginning of the attack and were destroyed. The client considered paying the ransom (in excess of two hundred thousand dollars) and praying for good luck, but in the end called Progent.
Progent worked with the customer to quickly assess and assign priority to the critical systems that had to be restored in order to resume company operations:
In less than 2 days, Progent was able to recover Active Directory services to its pre-intrusion state. Progent then helped perform setup and hard drive recovery of critical applications. All Exchange data and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to find local OST files (Outlook Email Offline Data Files) on user workstations to recover mail information. A recent offline backup of the customer's accounting/MRP systems made them able to recover these required applications back online for users. Although a large amount of work was left to recover fully from the Ryuk damage, essential systems were recovered quickly:
Throughout the following month critical milestones in the recovery process were completed through close cooperation between Progent engineers and the customer:
Conclusion
A potential business-killing disaster was avoided by dedicated professionals, a broad range of IT skills, and close collaboration. Although in retrospect the crypto-ransomware penetration detailed here could have been disabled with advanced cyber security solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, staff training, and well designed incident response procedures for information protection and applying software patches, the reality remains that state-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a crypto-ransomware virus, remember that Progent's team of experts has proven experience in crypto-ransomware virus blocking, remediation, and data disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Expertise in Lakeland
For ransomware cleanup consulting in the Lakeland metro area, call Progent at