Crypto-Ransomware : Your Feared Information Technology Nightmare
Ransomware has become a modern cyber pandemic that poses an existential danger for businesses unprepared for an attack. Different versions of crypto-ransomware like the CryptoLocker, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been circulating for a long time and still inflict havoc. Modern versions of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, along with frequent unnamed malware, not only do encryption of online data but also infiltrate many configured system backups. Data synchronized to the cloud can also be corrupted. In a poorly architected data protection solution, it can render automatic recovery hopeless and basically knocks the entire system back to zero.
Getting back applications and information after a ransomware attack becomes a sprint against the clock as the targeted organization struggles to contain the damage and clear the ransomware and to resume business-critical activity. Due to the fact that crypto-ransomware requires time to spread, attacks are often launched on weekends, when successful penetrations typically take more time to identify. This compounds the difficulty of promptly marshalling and organizing an experienced mitigation team.
Progent makes available an assortment of support services for securing Jacksonville enterprises from crypto-ransomware events. Among these are user education to become familiar with and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat protection to identify and quarantine day-zero modern malware assaults. Progent in addition provides the assistance of veteran crypto-ransomware recovery professionals with the track record and commitment to re-deploy a breached system as quickly as possible.
Progent's Ransomware Recovery Help
Following a ransomware penetration, even paying the ransom demands in cryptocurrency does not ensure that cyber criminals will return the keys to decipher any of your files. Kaspersky determined that seventeen percent of ransomware victims never recovered their information even after having sent off the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is greatly above the usual ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The alternative is to piece back together the essential parts of your IT environment. Absent the availability of essential data backups, this calls for a wide range of skills, top notch project management, and the ability to work non-stop until the job is completed.
For two decades, Progent has provided professional Information Technology services for companies throughout the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have attained top industry certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have earned internationally-renowned certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (Refer to Progent's certifications). Progent in addition has expertise in financial management and ERP application software. This breadth of experience gives Progent the capability to knowledgably understand necessary systems and re-organize the remaining pieces of your IT system after a crypto-ransomware event and assemble them into an operational network.
Progent's recovery group uses best of breed project management tools to orchestrate the sophisticated restoration process. Progent appreciates the importance of acting quickly and in concert with a client's management and IT staff to prioritize tasks and to get essential services back on-line as soon as possible.
Business Case Study: A Successful Ransomware Penetration Restoration
A business escalated to Progent after their company was penetrated by Ryuk ransomware. Ryuk is generally considered to have been launched by Northern Korean state criminal gangs, possibly using techniques exposed from the U.S. NSA organization. Ryuk goes after specific businesses with limited tolerance for disruption and is among the most lucrative incarnations of crypto-ransomware. Major targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing company headquartered in Chicago and has around 500 employees. The Ryuk event had shut down all business operations and manufacturing processes. The majority of the client's information backups had been online at the beginning of the attack and were eventually encrypted. The client was pursuing financing for paying the ransom (exceeding two hundred thousand dollars) and wishfully thinking for good luck, but ultimately called Progent.
Progent worked together with the customer to rapidly determine and prioritize the mission critical systems that had to be restored to make it possible to continue company operations:
In less than 2 days, Progent was able to re-build Active Directory services to its pre-penetration state. Progent then charged ahead with rebuilding and hard drive recovery on essential applications. All Microsoft Exchange Server schema and attributes were intact, which greatly helped the restore of Exchange. Progent was able to locate local OST files (Outlook Off-Line Folder Files) on user desktop computers to recover email data. A recent off-line backup of the customer's manufacturing systems made them able to restore these vital applications back available to users. Although major work still had to be done to recover fully from the Ryuk damage, core systems were restored rapidly:
During the following few weeks key milestones in the recovery project were made in tight collaboration between Progent team members and the customer:
Conclusion
A probable business catastrophe was evaded due to dedicated professionals, a wide range of technical expertise, and close collaboration. Although in hindsight the ransomware virus penetration detailed here could have been identified and prevented with current security technology solutions and NIST Cybersecurity Framework best practices, user and IT administrator education, and well designed incident response procedures for data backup and applying software patches, the reality is that government-sponsored cybercriminals from Russia, China and elsewhere are relentless and will continue. If you do get hit by a ransomware penetration, feel confident that Progent's team of experts has proven experience in ransomware virus blocking, mitigation, and data disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting Services in Jacksonville
For ransomware cleanup consulting in the Jacksonville metro area, call Progent at