Ransomware Protection and Restoration Consulting Brooklyn

Ransomware : Your Feared IT Nightmare
Ransomware has become a too-frequent cyberplague that poses an extinction-level danger for businesses of all sizes vulnerable to an assault. Different iterations of crypto-ransomware like the CrySIS, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been replicating for many years and still cause havoc. Modern strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, as well as daily as yet unnamed newcomers, not only perform encryption of on-line data but also infiltrate all accessible system restores and backups. Information synchronized to cloud environments can also be corrupted. In a poorly architected environment, this can make automated restoration impossible and basically sets the network back to square one.

Recovering programs and information following a crypto-ransomware event becomes a sprint against time as the victim tries its best to contain the damage, clear the virus, and restore business-critical activity. Since ransomware needs time to move laterally across a targeted network, attacks are often sprung at night, when successful attacks tend to take longer to recognize. This compounds the difficulty of quickly mobilizing and organizing an experienced mitigation team.

Progent provides a range of services for securing Brooklyn organizations from ransomware attacks. Among these are user training to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat defense to detect and extinguish day-zero malware assaults. Progent also offers the assistance of veteran ransomware recovery engineers with the track record and perseverance to restore a compromised system as urgently as possible.

Progent's Crypto-Ransomware Recovery Services
Subsequent to a crypto-ransomware invasion, paying the ransom demands in cryptocurrency does not provide any assurance that merciless criminals will return the needed codes to unencrypt all your data. Kaspersky Labs determined that seventeen percent of crypto-ransomware victims never restored their information even after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms are often a few hundred thousand dollars. For larger organizations, the ransom can be in the millions of dollars. The alternative is to re-install the vital elements of your Information Technology environment. Without the availability of full information backups, this calls for a broad complement of IT skills, well-coordinated project management, and the capability to work non-stop until the job is done.

For decades, Progent has provided expert Information Technology services for businesses across the United States and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded high-level certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security consultants have garnered internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has expertise in accounting and ERP software solutions. This breadth of experience gives Progent the capability to quickly ascertain important systems and re-organize the remaining pieces of your Information Technology system after a crypto-ransomware attack and configure them into a functioning system.

Progent's ransomware group deploys state-of-the-art project management applications to coordinate the complicated restoration process. Progent appreciates the importance of working quickly and in unison with a customer's management and Information Technology team members to prioritize tasks and to get the most important systems back on-line as soon as possible.

Client Case Study: A Successful Ransomware Attack Restoration
A customer engaged Progent after their network system was attacked by Ryuk ransomware. Ryuk is thought to have been developed by North Korean state sponsored cybercriminals, suspected of using approaches exposed from the U.S. NSA organization. Ryuk goes after specific companies with little tolerance for operational disruption and is one of the most profitable iterations of crypto-ransomware. Headline targets include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturing company headquartered in the Chicago metro area and has around 500 employees. The Ryuk penetration had brought down all company operations and manufacturing processes. The majority of the client's system backups had been online at the start of the attack and were destroyed. The client was actively seeking loans for paying the ransom (in excess of $200K) and wishfully thinking for the best, but in the end utilized Progent.

Progent worked with the customer to rapidly understand and assign priority to the essential systems that had to be recovered to make it possible to resume business functions:

• Active Directory (AD)
• Electronic Mail
• Accounting/MRP

In less than two days, Progent was able to recover Active Directory services to its pre-penetration state. Progent then helped perform setup and hard drive recovery of mission critical servers. All Exchange ties and attributes were intact, which greatly helped the restore of Exchange. Progent was able to assemble intact OST files (Microsoft Outlook Offline Data Files) on team PCs to recover email data. A recent offline backup of the client's financials/MRP systems made them able to return these essential applications back online. Although significant work needed to be completed to recover completely from the Ryuk attack, core services were recovered rapidly:

Throughout the following couple of weeks key milestones in the recovery project were achieved through tight collaboration between Progent engineers and the client:

• Internal web sites were brought back up with no loss of information.
• The MailStore Microsoft Exchange Server with over 4 million archived messages was brought on-line and available for users.
• CRM/Product Ordering/Invoicing/Accounts Payable/Accounts Receivables/Inventory functions were fully recovered.
• A new Palo Alto Networks 850 firewall was installed.
• Ninety percent of the desktops and laptops were operational.

Conclusion
A possible business-killing disaster was dodged by results-oriented experts, a wide array of subject matter expertise, and close collaboration. Although in retrospect the ransomware virus attack described here would have been prevented with modern security technology and NIST Cybersecurity Framework best practices, staff education, and well thought out incident response procedures for data backup and keeping systems up to date with security patches, the fact is that state-sponsored cyber criminals from Russia, China and elsewhere are relentless and are an ongoing threat. If you do get hit by a ransomware attack, remember that Progent's team of experts has proven experience in ransomware virus defense, remediation, and information systems recovery.

Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Services in Brooklyn
For ransomware system recovery consulting services in the Brooklyn area, call Progent at 800-462-8800 or go to Contact Progent.