Ransomware : Your Feared Information Technology Catastrophe
Ransomware has become a modern cyber pandemic that presents an existential threat for organizations unprepared for an attack. Versions of ransomware like the CrySIS, CryptoWall, Bad Rabbit, NotPetya and MongoLock cryptoworms have been replicating for many years and still inflict destruction. Newer variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, as well as frequent unnamed viruses, not only do encryption of online files but also infiltrate any configured system protection. Information synched to cloud environments can also be ransomed. In a poorly architected environment, this can make automated restore operations hopeless and effectively sets the network back to square one.
Getting back on-line applications and data following a crypto-ransomware attack becomes a race against the clock as the targeted organization tries its best to contain the damage and cleanup the crypto-ransomware and to resume mission-critical activity. Due to the fact that ransomware needs time to move laterally, attacks are usually sprung during nights and weekends, when successful attacks may take longer to uncover. This compounds the difficulty of quickly assembling and coordinating an experienced response team.
Progent has an assortment of services for protecting St. Louis organizations from ransomware penetrations. Among these are team education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response using SentinelOne's behavior-based threat defense to discover and suppress zero-day modern malware attacks. Progent also provides the assistance of veteran crypto-ransomware recovery engineers with the talent and perseverance to re-deploy a breached system as quickly as possible.
Progent's Ransomware Recovery Help
Following a ransomware attack, even paying the ransom in cryptocurrency does not provide any assurance that cyber criminals will respond with the needed codes to decrypt any or all of your data. Kaspersky determined that 17% of ransomware victims never recovered their information even after having sent off the ransom, resulting in increased losses. The gamble is also expensive. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly above the typical ransomware demands, which ZDNET determined to be approximately $13,000 for smaller organizations. The fallback is to re-install the essential parts of your Information Technology environment. Without the availability of complete information backups, this requires a broad range of skill sets, well-coordinated team management, and the willingness to work continuously until the task is complete.
For decades, Progent has made available professional IT services for companies throughout the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have been awarded advanced industry certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security consultants have earned internationally-recognized certifications including CISM, CISSP-ISSAP, CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has expertise in financial systems and ERP software solutions. This breadth of expertise affords Progent the capability to rapidly determine important systems and integrate the surviving parts of your Information Technology system after a ransomware attack and assemble them into an operational network.
Progent's security group utilizes top notch project management tools to orchestrate the complex recovery process. Progent knows the urgency of acting quickly and together with a client's management and Information Technology staff to prioritize tasks and to get critical applications back online as soon as humanly possible.
Client Story: A Successful Crypto-Ransomware Attack Restoration
A business contacted Progent after their company was brought down by the Ryuk ransomware. Ryuk is believed to have been deployed by Northern Korean state cybercriminals, suspected of adopting technology leaked from America's NSA organization. Ryuk seeks specific companies with little or no room for disruption and is among the most lucrative iterations of ransomware viruses. Major victims include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a single-location manufacturing business headquartered in the Chicago metro area and has around 500 workers. The Ryuk event had paralyzed all business operations and manufacturing processes. Most of the client's backups had been online at the time of the intrusion and were encrypted. The client was evaluating paying the ransom (exceeding two hundred thousand dollars) and hoping for good luck, but in the end brought in Progent.
Progent worked together with the customer to rapidly get our arms around and prioritize the essential areas that had to be restored to make it possible to continue departmental operations:
Within 48 hours, Progent was able to re-build Active Directory services to its pre-attack state. Progent then completed rebuilding and storage recovery on needed applications. All Microsoft Exchange Server data and attributes were usable, which accelerated the restore of Exchange. Progent was also able to assemble non-encrypted OST data files (Outlook Email Offline Data Files) on team PCs and laptops to recover mail data. A recent off-line backup of the customer's accounting software made it possible to recover these essential programs back online for users. Although major work remained to recover completely from the Ryuk damage, the most important systems were recovered rapidly:
Throughout the next few weeks critical milestones in the restoration process were achieved in close collaboration between Progent engineers and the customer:
A possible business-ending disaster was dodged with results-oriented professionals, a wide spectrum of technical expertise, and tight teamwork. Although in retrospect the ransomware virus attack described here should have been prevented with modern security technology solutions and recognized best practices, team training, and appropriate security procedures for data backup and keeping systems up to date with security patches, the reality is that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a ransomware incursion, remember that Progent's team of experts has extensive experience in ransomware virus blocking, mitigation, and information systems disaster recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware System Recovery Consulting in St. Louis
For ransomware system restoration consulting in the St. Louis metro area, call Progent at