Crypto-Ransomware : Your Feared IT Disaster
Ransomware  Recovery ExpertsCrypto-Ransomware has become a modern cyber pandemic that poses an enterprise-level threat for businesses of all sizes unprepared for an assault. Different versions of crypto-ransomware such as Reveton, WannaCry, Locky, Syskey and MongoLock cryptoworms have been replicating for a long time and continue to cause damage. Modern versions of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as additional as yet unnamed viruses, not only encrypt online files but also infiltrate most accessible system backups. Data synchronized to the cloud can also be rendered useless. In a vulnerable data protection solution, this can render automatic recovery impossible and effectively knocks the datacenter back to zero.

Getting back applications and information after a ransomware outage becomes a race against the clock as the victim tries its best to stop the spread, remove the crypto-ransomware, and resume mission-critical operations. Due to the fact that ransomware takes time to replicate throughout a targeted network, attacks are often sprung during nights and weekends, when successful attacks in many cases take longer to uncover. This compounds the difficulty of promptly mobilizing and orchestrating a capable response team.

Progent offers a range of services for securing Atlanta businesses from ransomware events. These include team member education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based threat protection to identify and disable zero-day modern malware attacks. Progent also can provide the assistance of seasoned ransomware recovery consultants with the track record and perseverance to re-deploy a breached environment as soon as possible.

Progent's Crypto-Ransomware Recovery Support Services
Subsequent to a crypto-ransomware event, sending the ransom demands in cryptocurrency does not guarantee that cyber criminals will return the keys to decrypt any of your information. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their files after having sent off the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms are commonly several hundred thousand dollars. For larger enterprises, the ransom demand can reach millions. The alternative is to setup from scratch the mission-critical components of your Information Technology environment. Absent the availability of complete data backups, this calls for a broad complement of IT skills, professional project management, and the ability to work 24x7 until the job is done.

For two decades, Progent has made available expert Information Technology services for companies throughout the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have earned advanced industry certifications in important technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have garnered internationally-recognized certifications including CISA, CISSP, CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience in accounting and ERP application software. This breadth of expertise provides Progent the skills to quickly determine critical systems and integrate the surviving pieces of your computer network environment after a ransomware attack and rebuild them into a functioning system.

Progent's recovery team of experts utilizes state-of-the-art project management tools to coordinate the complex recovery process. Progent knows the urgency of acting quickly and in concert with a customer's management and IT team members to prioritize tasks and to get critical applications back on line as soon as possible.

Customer Case Study: A Successful Crypto-Ransomware Virus Recovery
A customer engaged Progent after their company was brought down by the Ryuk ransomware. Ryuk is thought to have been deployed by North Korean state criminal gangs, suspected of adopting algorithms leaked from the United States NSA organization. Ryuk targets specific businesses with limited ability to sustain disruption and is among the most lucrative iterations of ransomware. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing business located in the Chicago metro area with about 500 staff members. The Ryuk intrusion had paralyzed all company operations and manufacturing capabilities. Most of the client's data protection had been on-line at the time of the intrusion and were encrypted. The client was evaluating paying the ransom (in excess of two hundred thousand dollars) and wishfully thinking for the best, but in the end reached out to Progent.


"I cannot thank you enough about the help Progent provided us during the most stressful period of (our) businesses existence. We may have had to pay the cybercriminals if not for the confidence the Progent team gave us. That you were able to get our e-mail system and production servers back into operation sooner than 1 week was something I thought impossible. Each expert I got help from or texted at Progent was laser focused on getting our system up and was working 24/7 on our behalf."

Progent worked with the customer to quickly understand and prioritize the mission critical areas that needed to be restored to make it possible to resume business functions:

  • Windows Active Directory
  • Microsoft Exchange Server
  • Accounting/MRP
To start, Progent followed AV/Malware Processes penetration response best practices by halting the spread and cleaning up infected systems. Progent then began the task of restoring Microsoft AD, the heart of enterprise environments built on Microsoft technology. Microsoft Exchange email will not work without Active Directory, and the businesses' financials and MRP software used SQL Server, which needs Active Directory for security authorization to the database.

Within 48 hours, Progent was able to restore Active Directory services to its pre-penetration state. Progent then performed rebuilding and storage recovery on key applications. All Microsoft Exchange Server ties and attributes were intact, which accelerated the rebuild of Exchange. Progent was also able to locate intact OST data files (Outlook Offline Folder Files) on various workstations and laptops in order to recover mail information. A recent off-line backup of the businesses financials/ERP systems made them able to restore these essential services back servicing users. Although a lot of work was left to recover fully from the Ryuk damage, the most important systems were returned to operations quickly:


"For the most part, the assembly line operation showed little impact and we delivered all customer shipments."

Throughout the following month critical milestones in the restoration project were completed through tight collaboration between Progent team members and the client:

  • Internal web sites were returned to operation with no loss of information.
  • The MailStore Server with over 4 million archived emails was brought online and available for users.
  • CRM/Orders/Invoicing/AP/Accounts Receivables/Inventory Control functions were 100 percent operational.
  • A new Palo Alto 850 firewall was installed.
  • 90% of the user desktops and notebooks were fully operational.

"A huge amount of what happened in the early hours is nearly entirely a fog for me, but my management will not soon forget the urgency all of your team accomplished to help get our business back. I've trusted Progent for the past ten years, possibly more, and every time I needed help Progent has impressed me and delivered as promised. This situation was a Herculean accomplishment."

Conclusion
A probable business extinction catastrophe was dodged through the efforts of top-tier professionals, a wide array of technical expertise, and close collaboration. Although in post mortem the ransomware virus penetration described here could have been identified and prevented with up-to-date security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator education, and well designed incident response procedures for data protection and applying software patches, the reality is that government-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a ransomware incursion, remember that Progent's team of experts has substantial experience in ransomware virus blocking, remediation, and file disaster recovery.


"So, to Darrin, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were involved), thanks very much for letting me get rested after we made it over the initial push. All of you did an amazing job, and if anyone is visiting the Chicago area, dinner is on me!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Consulting in Atlanta
For ransomware system restoration services in the Atlanta area, phone Progent at 800-462-8800 or visit Contact Progent.



An index of content::

  • 24/7 Atlanta Avaddon Crypto-Ransomware Settlement Negotiation Consulting Atlanta, Fulton County Immediate Atlanta Ryuk Ransomware Settlement Support Atlanta
  • 24/7 Consultants Microsoft SharePoint Server 2010 Marietta - Alpharetta SharePoint Server 2007 Online Help Fulton County Georgia

  • Hornetsecurity Altaro VM Backup Restore Consultant Services
    Computer Consultant Hornetsecurity Altaro VM Backup Deduplication

    Altaro VM Backup software from Hornetsecurity offers small businesses a dependable and budget-friendly platform for backing up and restoring Microsoft Hyper-V and VMware-based VMs. Altaro VM Backup can be used for local, offsite, distributed, and cloud environments and also enables cost-effective backup to Microsoft Azure Block Blob storage. Altaro VM Backup protects against ransomware by leveraging Immutable Cloud Storage. This creates tamper-proof data that cannot be erased or modified by any user including administrators. Progent is a certified Hornetsecurity/Altaro partner and offers a wide array of remote or onsite consulting services to help you to design, install, manage and debug a comprehensive backup/restore system powered by Altaro VM Backup software. With ProSight Data Protection Services Altaro VM Backup, Progent offers a managed backup/recovery service based on Altaro VM Backup software.

  • At Home Workers Atlanta Expertise - Collaboration Technology Consulting Experts Work from Home Employees Guidance near Atlanta - Collaboration Systems Consulting Services Marietta - Alpharetta, United States
  • At Home Workforce Consulting and Support Services near Atlanta - Help Desk Call Center Outsourcing Consulting Services Atlanta Hartsfield-Jackson Airport ATL Atlanta, Fulton County Remote Workforce Consultants nearby Atlanta - Call Desk Outsourcing Assistance
  • Atlanta Atlanta Lockbit Ransomware System-Restoration Atlanta Egregor Crypto-Ransomware Cleanup Decatur - Buckhead - Norcross
  • Atlanta Consulting Support for IT Support Companies Georgia Consulting Experts for Network Support Companies - Atlanta - Seamless Short-Term Staff Help
  • Atlanta Conti Crypto-Ransomware Forensics Fulton County Georgia Atlanta Conti Ransomware Forensics Investigation Georgia
  • Atlanta MongoLock Crypto-Ransomware Cleanup Decatur - Buckhead - Norcross Atlanta Dharma Ransomware System-Restoration Marietta - Alpharetta
  • Atlanta Ransomware Phobos ransomware recovery Atlanta Atlanta Crypto-Ransomware Maze Readiness Consultation Marietta - Alpharetta, U.S.A.
  • Atlanta Remote Workers Cloud Technology Assistance Atlanta Georgia Teleworkers Atlanta Expertise - Cloud Integration Solutions Consulting Services Atlanta Hartsfield-Jackson Airport ATL, USA

  • Microsoft Teams dial plans Professional
    Microsoft Teams Migration from Lync Professionals

    Progent can help your business to design a migration to Microsoft Teams from Skype for Business or Lync Server and install, manage, and debug a cloud or hybrid implementation of Microsoft Teams. Progent can help you to integrate Teams with Microsoft Office and Microsoft 365 apps, Exchange, SharePoint, and your PBX.

  • Atlanta Remote Workforce Backup/Recovery Solutions Guidance Atlanta Hartsfield-Jackson Airport ATL Georgia Telecommuters Atlanta Expertise - Backup/Recovery Systems Expertise
  • Atlanta Security Consulting Firm Atlanta, Georgia Migration Consulting
  • Atlanta WannaCry Crypto Removal Decatur - Buckhead - Norcross, United States Emergency Atlanta Crypto-Ransomware Repair
  • Atlanta WannaCry Crypto-Ransomware Removal Fulton County Georgia
  • Atlanta, GA Atlanta Work from Home Employees Integration Assistance Top Quality Remote Workforce Assistance near Atlanta - Integration Consulting Services Atlanta, Fulton County

  • Troubleshooting Fortinet 400 Series Firewalls
    Fortinet Firewall URL Filtering Consulting Services

    Fortinet next-generation firewalls (NGFWs) are industry leaders in delivering best-in-class throughput for SSL inspection. Progent's Fortinet firewall experts can help you to deploy your Fortinet FortiGate security appliances to protect your IT resources at the network edge, within the data center core, at branches, and in the cloud.

  • Atlanta, Georgia Network Consulting Group Atlanta, GA Technical Support Outsource
  • Atlanta Maze Crypto-Ransomware Cleanup Atlanta, GA, US
  • Atlanta, US Cisco Online Technical Support Cisco Remote Technical Support Atlanta Georgia, US
  • Atlanta Sodinokibi Ransomware Repair Atlanta Georgia, US
  • Barracuda Networks Firewalls Computer Security Specialist 24/7/365 Barracuda Networks F600D Series Firewalls information Systems Audit

  • Mac VoIP Specialist
    After Hours macOS Infrastructure Consultants

    Progent's Mac support consultants can assist you with a wide array of system foundation issues such as system architecture, off-site and mobile connectivity, internetwork communication, security, and new technologies such as Voice over IP and high-speed wireless connectivity. For company networks based exclusively on Apple Mac OS X or for environments incorporating a combination of Mac, Linux and Windows powered servers and workstations, Progent has the knowledge and size to deal with the complexity of planning, configuring, and supporting a system infrastructure that is reliable, safe, efficient and supportive of your business goals. Progent can help you deploy Apple's Xserve enterprise servers, Xserve RAID fault-tolerant storage systems, and Xsan SAN solution. Progent can also give you access to certified professionals to help you with Cisco routers and switches.

  • Data Center Network Consult Fulton County Georgia Atlanta Co-Location Facility Technology Support
  • Email Predictive Sender Profiling Technology Professional Email Image Spam Protection Consultants

  • Technical Support Services Microsoft Operations Manager
    Remote Monitoring and Reporting Information Technology Consulting

    Progent's Microsoft-certified consultants have over 10 years of experience designing, implementing, optimizing and fixing SCOM environments and can provide organizations of all sizes expert remote or onsite consulting support for Microsoft SCOM 2012. Progent can help you to design a topology for Microsoft SCOM 2012 servers that delivers the performance and availability required to monitor your datacenter efficiently, whether your datacenters are onsite, in the cloud, or a hybrid environment. Progent can also assist you to install and customize System Center 2012 Operations Manager management packs according to best practices for tracking network fabric and Microsoft and third-party applications and services. In addition, Progent can provide responsive online or on-premises troubleshooting to help you to fix critical issues uncovered by System Center 2012 Operations Manager.

  • Locky Ransomware Hot Line Sodinokibi Ransomware Hot Line Georgia
  • Microsoft Dynamics GP Atlanta Supplier - Migration Development MS Dynamics GP-Software Reseller nearby Atlanta - Installation Consultant Atlanta
  • Networking Firms Exchange 2003 Server Decatur - Buckhead - Norcross Microsoft Exchange 2016 Design Companies Atlanta
  • Offsite Workforce Atlanta Assistance - IP Voice Solutions Consulting Fulton County Georgia Fulton County Georgia Best Telecommuters Atlanta Consulting Services - IP Voice Systems Consulting Services
  • Offsite Workforce Atlanta Expertise - Cybersecurity Systems Consulting Services Atlanta, Fulton County Atlanta Remote Workers Endpoint Security Systems Assistance Atlanta, GA
  • Open Now Red Hat Linux, Sun Solaris, UNIX Computer Consultant Atlanta, Fulton County Immediate Fedora Linux, Sun Solaris, UNIX IT Consultant Fulton County Georgia
  • 24-Hour Atlanta Phobos Ransomware Recovery Atlanta, GA
  • Remote Workforce Consulting near me in Atlanta - Management Tools Assistance Atlanta Hartsfield-Jackson Airport ATL At Home Workers Atlanta Guidance - Endpoint Management Solutions Consulting and Support Services ATL, America
  • SQL Server 2019 Upgrade Georgia Microsoft SQL Server 2017 IT Specialist Atlanta Georgia
  • 24 Hour Atlanta Avaddon Ransomware Operational-Recovery Atlanta Georgia
  • SQL Server Replication Services Microsoft SQL Professionals
  • Security Protecting Atlanta Hartsfield-Jackson Airport ATL Decatur - Buckhead - Norcross CISSP Audit

  • Wi-Fi VoIP phone integration Remote Support Services
    wireless IP phone security Support Outsourcing

    Cisco's wireless VoIP phones are hardened wireless handsets designed for professionals who are mobile within office, hospitality, retail or other environments where management requires portable phones that offer more control, data security and durability than is achievable with the BYOD (Bring-Your-Own-Device) mode of mobile communications. Successful integration of Cisco's wireless VoIP phones usually requires that you configure and fine tune numerous components of your Wi-Fi environment including wireless access points, routers, Cisco wireless LAN controllers, and network management tools. Progent's certified consultants can provide online and onsite support to help your organization create and manage a Cisco wireless VoIP phone deployment by delivering integration services that can range from troubleshooting the configuration of a wireless IP phone or access point to offering comprehensive project management outsourcing or co-sourcing services for modernizing the wireless architecture of a campus.

  • Short Term IT Staffing for Computer Support Teams ATL IT Staffing for Computer Support Groups
  • Small Business Network Consulting Company BlackBerry Software Atlanta, Fulton County BlackBerry Smartphone Consultancies Fulton County Georgia
  • Top Quality Atlanta Sodinokibi Crypto-Ransomware File-Recovery Atlanta Hartsfield-Jackson Airport ATL Atlanta Locky Ransomware Data-Recovery Atlanta, Fulton County, United States
  • Top Ranked Computer Support Position Atlanta Microsoft MCDBA Remote Consulting Telecommuting Jobs ATL
  • Atlanta DopplePaymer Crypto-Ransomware Remediation Georgia, US
  • Windows Server 2016 Online Technical Support ATL Technical Services Windows Server 2012 Atlanta, Fulton County
  • Work from Home Employees Consulting Services near Atlanta - Voice/Video Conferencing Systems Guidance Atlanta Hartsfield-Jackson Airport ATL Georgia Work at Home Employees Consulting and Support Services in Atlanta - Conferencing Systems Guidance
  • Work from Home Employees Consulting and Support Services near me in Atlanta - Setup Consulting and Support Services Atlanta, GA, USA Urgent Work from Home Employees Atlanta Expertise - Setup Expertise Fulton County Georgia

  • © 2002-2024 Progent Corporation. All rights reserved.