Ransomware : Your Crippling Information Technology Nightmare
Crypto-Ransomware  Recovery ConsultantsRansomware has become an escalating cyber pandemic that represents an enterprise-level threat for organizations vulnerable to an assault. Multiple generations of crypto-ransomware like the Dharma, Fusob, Locky, NotPetya and MongoLock cryptoworms have been running rampant for a long time and continue to cause harm. Modern versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with more unnamed viruses, not only encrypt on-line information but also infect all accessible system protection. Data replicated to off-site disaster recovery sites can also be corrupted. In a vulnerable data protection solution, this can render automatic restoration hopeless and basically sets the entire system back to zero.

Getting back on-line applications and information following a crypto-ransomware intrusion becomes a race against time as the targeted organization tries its best to contain the damage and cleanup the virus and to resume enterprise-critical operations. Because ransomware needs time to move laterally, penetrations are often sprung on weekends, when successful attacks are likely to take longer to discover. This compounds the difficulty of rapidly assembling and organizing an experienced mitigation team.

Progent has a variety of support services for protecting Atlanta organizations from ransomware attacks. These include team member training to help identify and avoid phishing scams, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of next-generation security gateways with artificial intelligence technology to automatically discover and suppress zero-day cyber attacks. Progent also can provide the services of expert ransomware recovery engineers with the track record and commitment to reconstruct a breached environment as soon as possible.

Progent's Crypto-Ransomware Recovery Support Services
Following a ransomware event, even paying the ransom in cryptocurrency does not provide any assurance that cyber criminals will respond with the needed codes to unencrypt any or all of your data. Kaspersky Labs ascertained that 17% of crypto-ransomware victims never recovered their files after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the usual ransomware demands, which ZDNET estimated to be around $13,000 for smaller businesses. The alternative is to setup from scratch the key elements of your IT environment. Absent the availability of full data backups, this calls for a wide complement of skills, well-coordinated team management, and the willingness to work non-stop until the recovery project is over.

For two decades, Progent has provided certified expert IT services for businesses throughout the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have attained high-level industry certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have earned internationally-renowned certifications including CISM, CISSP, CRISC, and GIAC. (Visit Progent's certifications). Progent also has expertise with financial systems and ERP application software. This breadth of experience gives Progent the skills to rapidly understand necessary systems and integrate the remaining pieces of your IT environment after a crypto-ransomware attack and rebuild them into a functioning network.

Progent's ransomware team of experts uses best of breed project management systems to orchestrate the sophisticated recovery process. Progent appreciates the importance of working quickly and in unison with a customerís management and Information Technology staff to prioritize tasks and to put key services back online as soon as humanly possible.

Customer Case Study: A Successful Ransomware Incident Response
A business sought out Progent after their company was taken over by the Ryuk ransomware. Ryuk is thought to have been developed by North Korean state hackers, suspected of using techniques exposed from Americaís NSA organization. Ryuk seeks specific businesses with little or no ability to sustain disruption and is one of the most lucrative incarnations of ransomware. Headline organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing company based in Chicago with about 500 workers. The Ryuk penetration had paralyzed all essential operations and manufacturing processes. Most of the client's data backups had been directly accessible at the time of the attack and were destroyed. The client was pursuing financing for paying the ransom (exceeding $200K) and wishfully thinking for good luck, but in the end reached out to Progent.


"I cannot thank you enough in regards to the expertise Progent provided us throughout the most stressful period of (our) companyís existence. We would have paid the criminal gangs except for the confidence the Progent team gave us. That you were able to get our e-mail system and essential servers back on-line quicker than seven days was incredible. Every single expert I interacted with or e-mailed at Progent was absolutely committed on getting our company operational and was working breakneck pace to bail us out."

Progent worked with the client to rapidly get our arms around and prioritize the key services that had to be restored to make it possible to resume company functions:

  • Active Directory
  • Electronic Messaging
  • Financials/MRP
To begin, Progent adhered to AV/Malware Processes penetration response best practices by isolating and performing virus removal steps. Progent then began the work of rebuilding Active Directory, the foundation of enterprise systems built upon Microsoft technology. Microsoft Exchange messaging will not function without Windows AD, and the customerís accounting and MRP system used Microsoft SQL, which requires Windows AD for security authorization to the database.

In less than 2 days, Progent was able to recover Active Directory to its pre-penetration state. Progent then helped perform rebuilding and hard drive recovery of essential systems. All Exchange schema and configuration information were usable, which accelerated the restore of Exchange. Progent was also able to locate local OST data files (Outlook Offline Folder Files) on various PCs to recover mail data. A recent off-line backup of the businesses financials/MRP systems made it possible to return these essential applications back online for users. Although significant work still had to be done to recover completely from the Ryuk attack, critical systems were restored rapidly:


"For the most part, the production line operation ran fairly normal throughout and we made all customer orders."

Over the following few weeks critical milestones in the recovery project were achieved through tight collaboration between Progent team members and the client:

  • Self-hosted web sites were restored with no loss of information.
  • The MailStore Microsoft Exchange Server with over 4 million historical messages was brought on-line and available for users.
  • CRM/Customer Orders/Invoicing/Accounts Payable (AP)/Accounts Receivables/Inventory capabilities were 100% restored.
  • A new Palo Alto 850 security appliance was set up and programmed.
  • Ninety percent of the user PCs were fully operational.

"A lot of what went on in the early hours is nearly entirely a blur for me, but my team will not forget the dedication each of the team put in to help get our company back. I have utilized Progent for the past ten years, maybe more, and each time Progent has impressed me and delivered as promised. This event was the most impressive ever."

Conclusion
A possible enterprise-killing catastrophe was averted by results-oriented professionals, a wide array of IT skills, and close collaboration. Although in hindsight the ransomware penetration described here should have been identified and prevented with modern cyber security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, team education, and properly executed security procedures for backup and keeping systems up to date with security patches, the reality is that government-sponsored criminal cyber gangs from China, North Korea and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware incident, remember that Progent's team of professionals has a proven track record in ransomware virus defense, mitigation, and file disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Tony (along with others who were helping), thanks very much for making it so I could get some sleep after we got over the initial push. Everyone did an amazing effort, and if anyone that helped is in the Chicago area, a great meal is the least I can do!"

Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this customer story, please click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist



An index of content::

  • At Home Workforce Atlanta Guidance - Collaboration Solutions Assistance Atlanta At Home Workforce Atlanta Consulting and Support Services - Collaboration Technology Guidance Atlanta Georgia
  • Atlanta Avaddon Crypto-Ransomware Settlement Expertise Atlanta Crypto-Ransomware Negotiation Services Atlanta Georgia

  • Fault Tolerant Internet Connection Integration Services
    Fault Tolerant Inter-Office Connection IT Services

    Progentís Disaster Recovery/Business Continuity (DR/BC) specialists offer extensive backgrounds helping small organizations to reduce network downtime by providing cost-effective remote consulting services for disaster recovery/business continuity planning, fault-tolerant network infrastructure, data backup and restore systems, and non-disruptive system maintenance. Progentís business continuity consultants can help your company to develop and validate an efficient business continuity plan that matches your business needs and budget. Progentís disaster recovery specialists can help you to architect, implement, and maintain fault-tolerant technologies such as redundant Internet connectivity, virtualization, fail-over clustering, load balancing, transparent online backup, and geographically dispersed hot backup centers.

  • Atlanta Crypto-Ransomware Nephilim Vulnerability Assessment Atlanta, GA Immediate Atlanta Crypto-Ransomware Preparedness Consultation Marietta - Alpharetta
  • Atlanta Dharma Crypto-Ransomware Repair Atlanta Atlanta NotPetya Crypto-Ransomware Detection and Repair Atlanta Georgia, U.S.A.
  • Atlanta Crypto-Ransomware System-Rebuild Georgia
  • Atlanta Egregor Ransomware Rollback Atlanta Georgia ATL Atlanta Ryuk Ransomware Protection
  • Atlanta Georgia Offsite Workforce Atlanta Consulting and Support Services - Cloud Systems Expertise Remote Workforce Assistance near Atlanta - Cloud Integration Solutions Consulting Services Georgia, America

  • Immediate Microsoft Exchange Upgrade Remote Support Services
    Remote Technical Support Microsoft Exchange

    Progent's Microsoft Premier professionals offer expert support for corporate-wide implementations of Microsoft Exchange 2007. Progent's experts can help you prepare for multi-location Exchange Server 2007 rollouts or updates and can provide onsite personnel to help enterprises with installations of Exchange Server in the or any area served by Progent's engineers.

  • Atlanta Georgia, USA At Home Workforce Atlanta Consulting Experts - Data Protection Systems Consulting Atlanta Georgia Top Rated Atlanta Work at Home Employees Backup/Recovery Solutions Expertise
  • Atlanta Netwalker Crypto-Ransomware Cleanup Atlanta Georgia Open Now Atlanta Phobos Ransomware Remediation Marietta - Alpharetta
  • Atlanta, Fulton County Atlanta Avaddon Ransomware Forensics Atlanta Georgia Atlanta Maze Ransomware Forensics
  • Atlanta, GA Atlanta Remote Workers Help Desk Augmentation Assistance Telecommuters Consulting near me in Atlanta - Help Desk Call Center Augmentation Guidance
  • Atlanta, GA Remote Atlanta IT Staffing Temps Support Temporary Network Support Staffing Support Consultants Fulton County Georgia
  • Atlanta, GA Small Business IT Consulting Company Atlanta Network Consulting Company
  • Atlanta, Georgia Upgrading Atlanta Designer
  • Atlanta Ryuk Crypto-Ransomware Infection Cleanup Marietta - Alpharetta
  • BlackBerry BES Technology Consultancy Firm Atlanta Information Technology Consulting Companies BlackBerry BPS Georgia
  • Cisco On-site Support Atlanta, GA Atlanta Georgia Cisco IT Management
  • Decatur - Buckhead - Norcross Atlanta Egregor Ransomware Recovery Atlanta Spora Ransomware Business Recovery Atlanta, Fulton County
  • Decatur - Buckhead - Norcross, America Atlanta Work from Home Employees Integration Solutions Assistance At Home Workers Atlanta Consulting Experts - Support Consulting Services Atlanta Hartsfield-Jackson Airport ATL
  • Atlanta, Fulton County Atlanta Maze Ransomware Recovery
  • Decatur - Buckhead - Norcross, United States SQL Server Technical Consultant Information Technology Outsourcing Firm Microsoft SQL Server 2017 ATL
  • Exchange 2016 Computer Network Support Group Decatur - Buckhead - Norcross Microsoft Exchange 2016 Small Business IT Outsourcing Firms ATL
  • Expertise for Atlanta IT Service Providers Atlanta Hartsfield-Jackson Airport ATL Decatur - Buckhead - Norcross Consulting Expertise for Atlanta Computer Support Firms
  • Fulton County Georgia 24/7/365 Atlanta Microsoft Dynamics GP-Great Plains Reporting Help Atlanta MS Dynamics GP-Great Plains Upgrade Support

  • Enterprise Windows Network Service
    Help Center Enterprise

    For corporations with branch offices in or any area served by Progent's engineers, Progent's Microsoft-Certified network support professionals and certified Cisco system specialists offer a variety of IT consulting services such as project management, SOX compliance, office moves, enterprise security, network architecture, on-site or remote branch office support, and technical support for collocation hosting environments. A Progent IT consultant can help you plan a multi-office network that makes efficient use of colocation services and Internet data centers. Progentís Microsoft Certified engineers can help large corporations design, deploy and maintain major rollouts of the latest versions of Microsoft products such as Enterprise Active Directory, Microsoft Exchange Server, SharePoint, Microsoft SQL, and Enterprise Windows. Progentís CCIE and CCNP experts can assist you to configure Cisco technology for connection solutions that incorporate basic, high-performance, integrated, and remote networking.

  • Help and Support Ubuntu Linux, Solaris, UNIX Atlanta Georgia Debian Linux, Sun Solaris, UNIX Support Services Atlanta Hartsfield-Jackson Airport ATL
  • LockBit ransomware recovery Specialist Hermes ransomware recovery Engineer
  • Lync Server 2013 Web Apps Server Engineer Consultant Lync Server 2013 Web Apps Server
  • Marietta - Alpharetta Atlanta Offsite Workforce Security Systems Assistance Immediate At Home Workers Assistance in Atlanta - Security Solutions Consulting Services Decatur - Buckhead - Norcross
  • Microsoft SharePoint 2010 Onsite Technical Support Marietta - Alpharetta Georgia SharePoint Server 2013 On-site Support
  • Offsite Workforce Guidance in Atlanta - Endpoint Management Solutions Guidance Marietta - Alpharetta Top Work from Home Employees Expertise nearby Atlanta - Endpoint Management Tools Consulting Services Atlanta Georgia
  • Open Now Teleworkers Atlanta Consultants - Video Conferencing Systems Consulting Atlanta Hartsfield-Jackson Airport ATL Atlanta Work from Home Employees Voice/Video Conferencing Solutions Consulting and Support Services Atlanta Georgia
  • Ransomware Removal and Data Recovery Immediate Ransomware Removal and Data Recovery Atlanta Georgia
  • Remote Microsoft MCP Consultant Job Opportunities Georgia Cisco CCDP Support Careers
  • Remote Support SCCM Cloud Management Gateway System Center Configuration Manager Support and Setup
  • Remote Workforce Guidance in Atlanta - Setup Consulting Atlanta, Fulton County, U.S.A. ATL Open Now Remote Workers Guidance near Atlanta - Integration Assistance
  • Security Consultant Firewall Decatur - Buckhead - Norcross Marietta - Alpharetta Cybersecurity Firms Security
  • Small Office Computer Consulting Hosting ATL Internet Colocation Center Computer System Consultant Decatur - Buckhead - Norcross
  • Atlanta Lockbit Ransomware Remediation Fulton County Georgia
  • SonicWall NSA 4650 Firewall Firewall Configure SonicWall TZ350 Firewall Computer Security Specialist
  • Teleworkers Atlanta Expertise - IP Voice Technology Consultants Atlanta 24 Hour Remote Workforce Atlanta Consulting and Support Services - IP Voice Technology Consultants Atlanta, Fulton County
  • Windows Server 2019 Designer Atlanta, Fulton County Windows Server 2016 Network Administration
  • Wyoming Service Oregon Computer Network Consultant

  • © 2002-2021 Progent Corporation. All rights reserved.