Ransomware : Your Crippling IT Disaster
Crypto-Ransomware has become an escalating cyberplague that represents an existential threat for businesses vulnerable to an attack. Different versions of ransomware such as CryptoLocker, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been around for many years and still cause destruction. More recent variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, plus additional unnamed newcomers, not only encrypt on-line information but also infiltrate most accessible system protection. Data synched to the cloud can also be encrypted. In a poorly architected environment, this can make any recovery useless and basically sets the network back to zero.
Getting back on-line services and information following a ransomware attack becomes a race against time as the targeted organization struggles to stop the spread, clear the crypto-ransomware, and restore business-critical operations. Due to the fact that ransomware needs time to spread across a network, attacks are usually sprung during nights and weekends, when penetrations may take more time to notice. This compounds the difficulty of promptly assembling and orchestrating a capable mitigation team.
Progent makes available a variety of solutions for securing Jacksonville enterprises from ransomware attacks. These include team member training to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based cyberthreat defense to detect and extinguish zero-day modern malware assaults. Progent also provides the services of veteran ransomware recovery engineers with the track record and perseverance to reconstruct a compromised network as quickly as possible.
Progent's Ransomware Recovery Help
Following a ransomware penetration, sending the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will respond with the needed codes to decipher any or all of your data. Kaspersky Labs estimated that seventeen percent of ransomware victims never recovered their information even after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms are commonly a few hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions of dollars. The fallback is to piece back together the essential elements of your Information Technology environment. Absent the availability of essential information backups, this requires a broad complement of IT skills, well-coordinated team management, and the capability to work continuously until the task is over.
For two decades, Progent has provided certified expert IT services for companies across the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes consultants who have attained advanced industry certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have earned internationally-recognized certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience with financial systems and ERP application software. This breadth of experience provides Progent the skills to quickly identify necessary systems and re-organize the surviving pieces of your computer network environment after a ransomware attack and assemble them into an operational network.
Progent's ransomware group has powerful project management tools to coordinate the complex recovery process. Progent understands the importance of acting swiftly and in unison with a customer's management and Information Technology team members to assign priority to tasks and to get critical services back on line as soon as possible.
Customer Story: A Successful Ransomware Incident Response
A small business engaged Progent after their organization was crashed by Ryuk crypto-ransomware. Ryuk is generally considered to have been developed by North Korean state sponsored cybercriminals, suspected of adopting strategies leaked from the United States National Security Agency. Ryuk seeks specific businesses with little or no tolerance for operational disruption and is among the most lucrative incarnations of ransomware. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturer headquartered in Chicago with around 500 employees. The Ryuk penetration had disabled all business operations and manufacturing processes. The majority of the client's backups had been online at the start of the attack and were destroyed. The client was evaluating paying the ransom (in excess of $200,000) and wishfully thinking for the best, but ultimately engaged Progent.
Progent worked with the customer to quickly identify and prioritize the essential services that had to be restored in order to resume departmental operations:
Within 2 days, Progent was able to restore Active Directory services to its pre-attack state. Progent then assisted with rebuilding and storage recovery of critical systems. All Microsoft Exchange Server data and configuration information were usable, which accelerated the rebuild of Exchange. Progent was also able to assemble local OST files (Outlook Email Offline Data Files) on team desktop computers to recover mail information. A not too old offline backup of the client's accounting/MRP systems made them able to restore these required applications back servicing users. Although major work needed to be completed to recover totally from the Ryuk event, critical services were returned to operations quickly:
Over the next couple of weeks important milestones in the recovery project were completed through close cooperation between Progent team members and the customer:
Conclusion
A likely business extinction disaster was averted through the efforts of hard-working experts, a broad range of subject matter expertise, and tight teamwork. Although in analyzing the event afterwards the ransomware incident described here would have been identified and stopped with modern security technology solutions and best practices, staff education, and well designed security procedures for data protection and applying software patches, the fact is that state-sponsored hackers from China, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a crypto-ransomware incursion, remember that Progent's team of professionals has a proven track record in ransomware virus defense, remediation, and information systems recovery.
Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Restoration Consulting in Jacksonville
For ransomware system restoration services in the Jacksonville area, phone Progent at