Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become a too-frequent cyberplague that presents an enterprise-level danger for businesses poorly prepared for an assault. Different iterations of crypto-ransomware like the Reveton, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for years and continue to cause harm. Modern strains of crypto-ransomware like Ryuk and Hermes, as well as frequent as yet unnamed viruses, not only do encryption of on-line critical data but also infect any configured system backups. Data synched to off-site disaster recovery sites can also be corrupted. In a poorly designed system, it can make any restoration hopeless and basically knocks the network back to zero.
Recovering services and information following a ransomware event becomes a sprint against the clock as the targeted business tries its best to contain and cleanup the crypto-ransomware and to resume mission-critical activity. Due to the fact that crypto-ransomware needs time to move laterally, assaults are usually launched during weekends and nights, when successful penetrations in many cases take more time to identify. This compounds the difficulty of rapidly marshalling and coordinating a knowledgeable mitigation team.
Progent provides a range of solutions for securing enterprises from ransomware penetrations. These include team training to help recognize and avoid phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, along with installation of modern security gateways with AI technology to rapidly discover and quarantine day-zero threats. Progent in addition offers the assistance of veteran crypto-ransomware recovery engineers with the skills and perseverance to reconstruct a compromised environment as soon as possible.
Progent's Ransomware Recovery Support Services
Soon after a ransomware penetration, sending the ransom demands in Bitcoin cryptocurrency does not provide any assurance that cyber criminals will respond with the keys to decrypt any of your information. Kaspersky estimated that 17% of ransomware victims never recovered their data even after having sent off the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is well higher than the usual crypto-ransomware demands, which ZDNET estimates to be around $13,000. The alternative is to re-install the mission-critical parts of your Information Technology environment. Absent access to essential data backups, this calls for a wide complement of IT skills, professional team management, and the capability to work continuously until the job is finished.
For twenty years, Progent has offered expert IT services for businesses in Fort Lauderdale and throughout the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have earned advanced industry certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have earned internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent also has expertise with accounting and ERP applications. This breadth of experience provides Progent the ability to quickly understand critical systems and re-organize the surviving components of your IT environment after a crypto-ransomware attack and rebuild them into an operational system.
Progent's security team of experts has top notch project management tools to coordinate the complex restoration process. Progent understands the urgency of working rapidly and in concert with a customerís management and Information Technology resources to assign priority to tasks and to put key systems back on-line as fast as humanly possible.
Business Case Study: A Successful Crypto-Ransomware Penetration Recovery
A small business hired Progent after their company was brought down by the Ryuk ransomware virus. Ryuk is generally considered to have been developed by North Korean government sponsored criminal gangs, possibly using strategies leaked from the United States National Security Agency. Ryuk attacks specific companies with little ability to sustain disruption and is among the most lucrative versions of ransomware viruses. High publicized victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturer headquartered in the Chicago metro area with around 500 employees. The Ryuk penetration had shut down all essential operations and manufacturing capabilities. The majority of the client's system backups had been online at the time of the attack and were encrypted. The client was pursuing financing for paying the ransom demand (exceeding $200K) and praying for the best, but ultimately utilized Progent.
"I cannot thank you enough about the help Progent gave us during the most stressful period of (our) companyís existence. We would have paid the Hackers if it wasnít for the confidence the Progent experts afforded us. That you were able to get our e-mail and production servers back on-line faster than one week was incredible. Every single consultant I interacted with or communicated with at Progent was urgently focused on getting us working again and was working 24 by 7 to bail us out."
Progent worked with the client to rapidly understand and prioritize the key applications that needed to be restored to make it possible to resume business functions:
To get going, Progent adhered to AV/Malware Processes event response best practices by isolating and clearing up compromised systems. Progent then started the process of restoring Microsoft Active Directory, the foundation of enterprise networks built on Microsoft Windows technology. Exchange email will not operate without AD, and the businessesí accounting and MRP applications utilized SQL Server, which depends on Active Directory for authentication to the databases.
- Active Directory (AD)
- Electronic Mail
Within two days, Progent was able to recover Windows Active Directory to its pre-attack state. Progent then assisted with rebuilding and hard drive recovery of the most important servers. All Microsoft Exchange Server schema and attributes were intact, which greatly helped the rebuild of Exchange. Progent was also able to locate non-encrypted OST files (Microsoft Outlook Off-Line Data Files) on team desktop computers and laptops in order to recover email data. A not too old off-line backup of the businesses accounting/MRP systems made them able to return these essential programs back on-line. Although a large amount of work needed to be completed to recover completely from the Ryuk virus, core systems were restored quickly:
"For the most part, the production operation was never shut down and we did not miss any customer deliverables."
During the following couple of weeks key milestones in the restoration project were accomplished through tight cooperation between Progent team members and the customer:
- In-house web sites were returned to operation with no loss of data.
- The MailStore Server containing more than 4 million historical emails was brought on-line and accessible to users.
- CRM/Orders/Invoicing/AP/AR/Inventory functions were 100 percent restored.
- A new Palo Alto 850 security appliance was set up.
- Nearly all of the user workstations were operational.
"Much of what went on in the early hours is nearly entirely a haze for me, but we will not forget the care each of the team accomplished to give us our company back. I have utilized Progent for the past 10 years, possibly more, and every time I needed help Progent has outperformed my expectations and delivered as promised. This situation was a testament to your capabilities."
A likely enterprise-killing catastrophe was averted due to hard-working professionals, a broad spectrum of technical expertise, and tight collaboration. Although in analyzing the event afterwards the crypto-ransomware incident described here would have been disabled with advanced cyber security technology and recognized best practices, team education, and appropriate security procedures for backup and applying software patches, the fact is that government-sponsored cyber criminals from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a ransomware incident, remember that Progent's roster of professionals has extensive experience in ransomware virus defense, mitigation, and information systems disaster recovery.
"So, to Darrin, Matt, Aaron, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were involved), thanks very much for letting me get some sleep after we made it over the initial fire. Everyone did an amazing job, and if anyone is in the Chicago area, a great meal is on me!"
To review or download a PDF version of this customer story, click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Additional Ransomware Protection Services Offered by Progent
Progent offers businesses in Fort Lauderdale a portfolio of online monitoring and security assessment services designed to assist you to reduce the threat from ransomware. These services include modern artificial intelligence technology to detect new variants of ransomware that are able to escape detection by traditional signature-based security solutions.
For Fort Lauderdale 24-7 Ransomware Remediation Consultants, reach out to Progent at 800-993-9400 or go to Contact Progent.
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring is an endpoint protection solution that utilizes cutting edge behavior machine learning technology to guard physical and virtual endpoint devices against modern malware assaults such as ransomware and email phishing, which easily evade traditional signature-matching AV tools. ProSight ASM safeguards local and cloud resources and offers a unified platform to automate the complete threat lifecycle including filtering, detection, containment, cleanup, and forensics. Key features include single-click rollback using Windows VSS and real-time system-wide immunization against newly discovered threats. Learn more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection (ESP): Physical and Virtual Endpoint Security and Microsoft Exchange Filtering
ProSight Enhanced Security Protection (ESP) services offer affordable in-depth protection for physical and virtual servers, desktops, smartphones, and Exchange Server. ProSight ESP uses contextual security and modern behavior analysis for continuously monitoring and reacting to security assaults from all attack vectors. ProSight ESP delivers firewall protection, intrusion alarms, endpoint control, and web filtering via leading-edge technologies packaged within a single agent accessible from a single control. Progent's security and virtualization experts can assist your business to design and configure a ProSight ESP environment that meets your organization's unique needs and that allows you achieve and demonstrate compliance with legal and industry information protection regulations. Progent will assist you specify and implement security policies that ProSight ESP will manage, and Progent will monitor your IT environment and react to alerts that require immediate action. Progent's consultants can also help you to set up and verify a backup and disaster recovery system like ProSight Data Protection Services so you can get back in business rapidly from a destructive security attack like ransomware. Read more about Progent's ProSight Enhanced Security Protection unified physical and virtual endpoint security and Microsoft Exchange email filtering.
- ProSight Data Protection Services: Managed Backup and Disaster Recovery
ProSight Data Protection Services offer small and medium-sized organizations a low cost and fully managed service for secure backup/disaster recovery (BDR). For a low monthly price, ProSight Data Protection Services automates and monitors your backup activities and enables fast restoration of critical data, applications and VMs that have become unavailable or damaged as a result of hardware breakdowns, software bugs, natural disasters, human mistakes, or malicious attacks such as ransomware. ProSight DPS can help you protect, recover and restore files, folders, apps, system images, as well as Microsoft Hyper-V and VMware images/. Critical data can be backed up on the cloud, to an on-promises storage device, or to both. Progent's backup and recovery specialists can deliver advanced support to set up ProSight DPS to be compliant with regulatory requirements such as HIPPA, FIRPA, and PCI and, whenever needed, can assist you to recover your business-critical data. Find out more about ProSight DPS Managed Backup and Recovery.
- ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
ProSight Email Guard is Progent's spam filtering and email encryption service that incorporates the infrastructure of top information security companies to deliver centralized control and world-class protection for your inbound and outbound email. The powerful architecture of Progent's Email Guard integrates a Cloud Protection Layer with a local security gateway device to provide complete defense against spam, viruses, Dos Attacks, Directory Harvest Attacks (DHAs), and other email-based threats. The cloud filter serves as a first line of defense and keeps the vast majority of threats from making it to your security perimeter. This reduces your vulnerability to inbound threats and conserves system bandwidth and storage. Email Guard's onsite gateway device provides a deeper layer of analysis for incoming email. For outbound email, the local security gateway offers AV and anti-spam protection, DLP, and email encryption. The on-premises security gateway can also help Exchange Server to monitor and safeguard internal email traffic that originates and ends within your corporate firewall. For more details, see ProSight Email Guard spam and content filtering.
- ProSight WAN Watch: Infrastructure Management
ProSight WAN Watch is a network infrastructure management service that makes it easy and affordable for small and mid-sized businesses to diagram, monitor, enhance and troubleshoot their connectivity hardware such as routers, firewalls, and load balancers as well as servers, printers, endpoints and other networked devices. Using state-of-the-art Remote Monitoring and Management technology, ProSight WAN Watch makes sure that network maps are always current, copies and manages the configuration of almost all devices on your network, monitors performance, and sends alerts when issues are discovered. By automating time-consuming network management processes, ProSight WAN Watch can knock hours off common chores like network mapping, expanding your network, finding appliances that require critical updates, or resolving performance problems. Learn more about ProSight WAN Watch network infrastructure monitoring and management services.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progentís server and desktop remote monitoring managed service that uses state-of-the-art remote monitoring and management (RMM) techniques to help keep your IT system operating at peak levels by tracking the health of critical assets that power your business network. When ProSight LAN Watch detects an issue, an alarm is sent immediately to your specified IT management staff and your assigned Progent consultant so any potential problems can be addressed before they have a chance to impact your network. Learn more about ProSight LAN Watch server and desktop remote monitoring services.
- ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
With ProSight Virtual Hosting service, a small or mid-size business can have its key servers and apps hosted in a protected Tier III data center on a high-performance virtual machine host configured and managed by Progent's IT support professionals. Under the ProSight Virtual Hosting model, the customer owns the data, the operating system platforms, and the applications. Since the system is virtualized, it can be moved easily to an alternate hosting solution without a time-consuming and technically risky reinstallation procedure. With ProSight Virtual Hosting, you are not tied one hosting provider. Learn more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to create, update, find and protect information about your network infrastructure, procedures, business apps, and services. You can instantly find passwords or serial numbers and be warned automatically about impending expirations of SSL certificates or domains. By cleaning up and organizing your IT documentation, you can save as much as 50% of time thrown away looking for vital information about your IT network. ProSight IT Asset Management features a common repository for holding and collaborating on all documents related to managing your business network such as recommended procedures and How-To's. ProSight IT Asset Management also supports advanced automation for gathering and relating IT data. Whether youíre planning enhancements, doing regular maintenance, or responding to a crisis, ProSight IT Asset Management delivers the knowledge you require as soon as you need it. Read more about ProSight IT Asset Management service.