Ransomware : Your Feared Information Technology Disaster
Crypto-Ransomware has become an escalating cyberplague that represents an enterprise-level danger for businesses unprepared for an attack. Versions of ransomware like the Reveton, CryptoWall, Bad Rabbit, NotPetya and MongoLock cryptoworms have been replicating for a long time and continue to cause damage. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, as well as daily unnamed newcomers, not only encrypt on-line information but also infiltrate many configured system backup. Data replicated to cloud environments can also be rendered useless. In a vulnerable system, this can render any restore operations impossible and effectively knocks the entire system back to zero.
Restoring services and data after a ransomware intrusion becomes a sprint against the clock as the victim struggles to stop the spread, clear the ransomware, and restore mission-critical activity. Due to the fact that ransomware needs time to move laterally throughout a targeted network, assaults are usually launched during nights and weekends, when successful penetrations tend to take more time to notice. This compounds the difficulty of quickly mobilizing and organizing a capable mitigation team.
Progent makes available an assortment of solutions for securing Louisville organizations from ransomware attacks. Among these are team member education to help identify and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based cyberthreat defense to identify and disable day-zero modern malware assaults. Progent in addition can provide the services of veteran ransomware recovery professionals with the talent and commitment to re-deploy a compromised system as quickly as possible.
Progent's Crypto-Ransomware Recovery Services
Subsequent to a crypto-ransomware invasion, sending the ransom in cryptocurrency does not provide any assurance that cyber hackers will respond with the codes to unencrypt any of your information. Kaspersky Labs determined that 17% of ransomware victims never restored their information after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom demand can reach millions of dollars. The other path is to setup from scratch the essential components of your Information Technology environment. Without access to complete system backups, this requires a broad complement of skills, top notch project management, and the ability to work continuously until the task is finished.
For twenty years, Progent has made available professional Information Technology services for businesses throughout the U.S. and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have attained advanced industry certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-renowned industry certifications including CISM, CISSP-ISSAP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has expertise with financial management and ERP software solutions. This breadth of experience affords Progent the capability to efficiently understand necessary systems and re-organize the surviving parts of your IT system after a ransomware penetration and rebuild them into a functioning system.
Progent's recovery team of experts deploys best of breed project management tools to coordinate the complex recovery process. Progent appreciates the urgency of working quickly and in concert with a client's management and IT team members to assign priority to tasks and to put the most important systems back online as soon as possible.
Customer Case Study: A Successful Ransomware Virus Recovery
A customer hired Progent after their organization was crashed by Ryuk crypto-ransomware. Ryuk is thought to have been deployed by North Korean government sponsored hackers, possibly adopting algorithms exposed from America's NSA organization. Ryuk attacks specific businesses with limited ability to sustain operational disruption and is one of the most lucrative examples of ransomware viruses. Major victims include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing company based in Chicago and has about 500 workers. The Ryuk attack had brought down all company operations and manufacturing capabilities. The majority of the client's data backups had been on-line at the start of the intrusion and were destroyed. The client considered paying the ransom demand (exceeding $200,000) and hoping for the best, but in the end brought in Progent.
Progent worked hand in hand the customer to quickly get our arms around and prioritize the key services that needed to be recovered in order to restart business functions:
In less than two days, Progent was able to rebuild Active Directory services to its pre-intrusion state. Progent then completed setup and hard drive recovery on needed systems. All Microsoft Exchange Server ties and configuration information were intact, which facilitated the restore of Exchange. Progent was able to locate non-encrypted OST files (Outlook Off-Line Data Files) on user PCs and laptops to recover email information. A not too old offline backup of the customer's financials/ERP software made it possible to return these essential applications back servicing users. Although a large amount of work was left to recover completely from the Ryuk event, essential services were returned to operations quickly:
During the next month key milestones in the restoration project were completed through tight cooperation between Progent engineers and the customer:
Conclusion
A potential business-ending catastrophe was dodged by dedicated experts, a wide range of technical expertise, and close teamwork. Although in analyzing the event afterwards the crypto-ransomware incident described here would have been disabled with advanced security systems and best practices, staff education, and well designed security procedures for information backup and keeping systems up to date with security patches, the fact is that state-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and will continue. If you do fall victim to a ransomware attack, remember that Progent's roster of experts has a proven track record in ransomware virus blocking, remediation, and data disaster recovery.
Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Services in Louisville
For ransomware system restoration expertise in the Louisville area, call Progent at