Crypto-Ransomware : Your Worst Information Technology Catastrophe
Ransomware  Remediation ConsultantsCrypto-Ransomware has become a too-frequent cyber pandemic that presents an existential danger for businesses poorly prepared for an attack. Different versions of ransomware like the Reveton, Fusob, Locky, SamSam and MongoLock cryptoworms have been replicating for a long time and still cause destruction. More recent variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with frequent unnamed malware, not only perform encryption of online data but also infect many accessible system backup. Information synched to the cloud can also be corrupted. In a poorly designed environment, it can make automatic recovery impossible and basically sets the entire system back to zero.

Getting back online applications and information after a ransomware outage becomes a sprint against the clock as the targeted business tries its best to stop lateral movement, remove the ransomware, and restore business-critical activity. Due to the fact that crypto-ransomware takes time to move laterally across a targeted network, assaults are usually launched on weekends, when successful penetrations in many cases take more time to detect. This compounds the difficulty of promptly assembling and organizing an experienced response team.

Progent offers a variety of help services for securing Atlanta enterprises from ransomware attacks. Among these are team member training to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based threat protection to discover and quarantine day-zero modern malware assaults. Progent also offers the services of seasoned ransomware recovery consultants with the skills and commitment to reconstruct a breached network as rapidly as possible.

Progent's Ransomware Recovery Help
After a crypto-ransomware event, paying the ransom demands in cryptocurrency does not provide any assurance that merciless criminals will provide the needed keys to unencrypt all your information. Kaspersky ascertained that 17% of ransomware victims never restored their data after having paid the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms are often several hundred thousand dollars. For larger organizations, the ransom demand can reach millions of dollars. The alternative is to setup from scratch the critical parts of your IT environment. Absent the availability of essential system backups, this requires a broad complement of skills, top notch project management, and the capability to work 24x7 until the job is completed.

For twenty years, Progent has provided professional IT services for businesses across the US and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have attained advanced industry certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security consultants have garnered internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience with financial systems and ERP applications. This breadth of experience affords Progent the capability to rapidly identify critical systems and organize the remaining components of your computer network environment after a ransomware event and assemble them into an operational system.

Progent's security group has best of breed project management tools to coordinate the complicated restoration process. Progent understands the importance of acting swiftly and in concert with a client's management and Information Technology staff to assign priority to tasks and to put critical services back online as soon as humanly possible.

Client Story: A Successful Crypto-Ransomware Virus Recovery
A small business engaged Progent after their network was brought down by Ryuk crypto-ransomware. Ryuk is generally considered to have been developed by North Korean government sponsored hackers, possibly adopting techniques exposed from the U.S. National Security Agency. Ryuk attacks specific organizations with limited room for operational disruption and is among the most lucrative instances of ransomware. Well Known targets include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing company headquartered in the Chicago metro area and has about 500 employees. The Ryuk attack had brought down all essential operations and manufacturing capabilities. The majority of the client's information backups had been online at the beginning of the attack and were encrypted. The client was evaluating paying the ransom demand (in excess of two hundred thousand dollars) and hoping for good luck, but in the end brought in Progent.


"I cannot tell you enough about the expertise Progent gave us throughout the most critical period of (our) company's life. We had little choice but to pay the hackers behind this attack if not for the confidence the Progent experts provided us. That you could get our e-mail system and essential servers back online faster than a week was beyond my wildest dreams. Every single expert I spoke to or texted at Progent was hell bent on getting my company operational and was working 24/7 on our behalf."

Progent worked with the customer to quickly assess and prioritize the most important systems that needed to be restored to make it possible to continue departmental functions:

  • Windows Active Directory
  • Electronic Mail
  • Financials/MRP
To get going, Progent adhered to AV/Malware Processes penetration response industry best practices by stopping lateral movement and disinfecting systems. Progent then initiated the steps of rebuilding Active Directory, the key technology of enterprise environments built on Microsoft Windows Server technology. Exchange messaging will not operate without Windows AD, and the customer's accounting and MRP system leveraged SQL Server, which needs Active Directory for authentication to the information.

Within 2 days, Progent was able to rebuild Active Directory to its pre-attack state. Progent then accomplished setup and storage recovery on essential servers. All Exchange schema and configuration information were usable, which greatly helped the restore of Exchange. Progent was also able to find intact OST data files (Outlook Offline Folder Files) on staff desktop computers in order to recover mail information. A recent offline backup of the customer's financials/ERP software made it possible to restore these required applications back online. Although significant work remained to recover completely from the Ryuk attack, essential services were recovered rapidly:


"For the most part, the assembly line operation showed little impact and we did not miss any customer sales."

During the following couple of weeks critical milestones in the restoration process were made through close collaboration between Progent engineers and the client:

  • Internal web applications were restored with no loss of data.
  • The MailStore Exchange Server exceeding 4 million historical messages was brought online and accessible to users.
  • CRM/Product Ordering/Invoices/Accounts Payable/AR/Inventory modules were completely operational.
  • A new Palo Alto 850 firewall was brought online.
  • Most of the desktop computers were being used by staff.

"A huge amount of what occurred in the early hours is mostly a fog for me, but my management will not soon forget the urgency each and every one of you accomplished to help get our business back. I've trusted Progent for the past 10 years, possibly more, and each time I needed help Progent has outperformed my expectations and delivered as promised. This event was a testament to your capabilities."

Conclusion
A potential enterprise-killing catastrophe was dodged by hard-working professionals, a broad range of knowledge, and tight teamwork. Although upon completion of forensics the crypto-ransomware incident described here should have been stopped with current security technology solutions and NIST Cybersecurity Framework best practices, team education, and properly executed incident response procedures for information backup and keeping systems up to date with security patches, the fact remains that state-sponsored cybercriminals from China, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware penetration, feel confident that Progent's roster of experts has a proven track record in ransomware virus blocking, remediation, and information systems disaster recovery.


"So, to Darrin, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others who were contributing), thanks very much for making it so I could get some sleep after we made it past the most critical parts. Everyone did an incredible effort, and if any of your guys is in the Chicago area, a great meal is on me!"

Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Services in Atlanta
For ransomware system recovery consulting in the Atlanta area, phone Progent at 800-462-8800 or visit Contact Progent.



An index of content::

  • 24-Hour Specialists for Atlanta Computer Support Companies Atlanta, Fulton County, U.S.A. 24x7 Consultants for Atlanta Network Support Providers Decatur - Buckhead - Norcross, US

  • 24x7x365 SharePoint Consulting
    SharePoint Server Computer Consultants

    Progent's Microsoft-certified consultants offer small and midsize companies computer consulting, support, and troubleshooting services for Microsoft SPS 2003. Microsoft Office SharePoint Portal Server is an enterprise portal platform for efficiently connecting people, teams and data. SharePoint Portal Server offers a common spot for your workers or clients to access, organize, distribute and manipulate useful data, files, and applications and to communicate with one another. It enables faster and more intelligent decisions, more effective access across teams and more streamlined business practices. The main objective of SharePoint Server is to gather together, in a relevant way, all of the many sources of knowledge accessible within and outside a business network. Windows SharePoint Services connect workers, customers, teams and projects with the data they've created in a manner that makes data convenient to find, retrieve and re-use.

  • ATL Server Administration Windows 2019 Server Windows Server 2019 IT Specialists Fulton County Georgia

  • ProSight Outbound Email Filtering Specialists
    ProSight Email Zero Hour Protection Services

    Progent's ProSight Email Guard uses the technology of top information security companies to deliver web-based control and comprehensive security for your inbound and outbound email. The powerful structure of Progent's Email Guard combines cloud-based filtering with a local gateway device to provide complete protection against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks (DHAs), and other email-borne malware. The cloud filter serves as a preliminary barricade and blocks most threats from reaching your security perimeter. This reduces your exposure to external attacks and saves network bandwidth and storage space. ProSight Email Guard's onsite security gateway appliance adds a further layer of analysis for incoming email. For outgoing email, the on-premises gateway provides anti-virus and anti-spam protection, protection against data leaks, and encryption. The on-premises security gateway can also assist Microsoft Exchange Server to track and protect internal email that originates and ends inside your corporate firewall.

  • At Home Workforce Atlanta Consulting and Support Services - Conferencing Technology Consulting Experts Atlanta, GA Atlanta, Fulton County, America Telecommuters Atlanta Consulting - Video Conferencing Technology Consulting

  • SUS Services
    Microsoft Software Update Services Technical Support Services

    Microsoft WSUS enables IT managers to deploy and monitor the latest Microsoft patches and security releases to Windows Server 2000, Microsoft Windows Server 2003, and Windows XP platforms. By using Microsoft Windows Server Update Services, network support personnel can fully and effortlessly manage the installation of updates that are published through Microsoft Update to servers and desktops in an organization. Progent can assist you with technical details of the initial setup of Microsoft Windows Server Update Services such as planning the Microsoft Windows Server Update Services deployment, setting up user's workstations, defining the Group Policy parameters, and ensuring your Microsoft Windows Server Update Services GPO is associated with an Active Directory container appropriate for your network environment.

  • Atlanta WannaCry Crypto-Ransomware System-Restore Marietta - Alpharetta
  • At Home Workforce Atlanta Guidance - Network Security Systems Consultants Marietta - Alpharetta Atlanta Hartsfield-Jackson Airport ATL Work at Home Employees Guidance near me in Atlanta - Endpoint Security Solutions Consultants
  • At Home Workforce Consulting Experts near Atlanta - Call Desk Augmentation Consulting and Support Services ATL 24x7 Atlanta At Home Workforce Help Desk Solutions Consulting Experts Atlanta Georgia
  • Atlanta At Home Workers Integration Solutions Consulting Atlanta At Home Workforce Atlanta Consulting Experts - Set up Consultants

  • Outsourcing Windows Server 2022
    Online Help Windows Server 2022 Hybrid Solutions

    Progent's Microsoft Gold-certified Windows Server 2022 experts can assist your organization to plan and implement a cost-effective upgrade to Windows Server 2022 using a self-hosted system architecture or a hybrid model that combines cloud-based Windows Server on Azure with a self-hosted implementation of Windows Server 2022.

  • Atlanta Crypto-Ransomware Remediation Help Decatur - Buckhead - Norcross Atlanta Urgent CryptoLocker Recovery Decatur - Buckhead - Norcross
  • Atlanta Crypto-Ransomware Ryuk Preparedness Review Fulton County Georgia, United States Atlanta Ransomware Malware Readiness ATL
  • Atlanta Phobos Crypto-Ransomware Repair ATL
  • Atlanta Dharma Ransomware Forensics Analysis Atlanta, Fulton County Fulton County Georgia Atlanta Spora Ransomware Forensics Analysis

  • 24x7x365 Aironet Wave 2 Wi-Fi Access Point Support Outsourcing
    Aironet 802.11ac AP Upgrade Technical Support

    Progent's Cisco certified Wi-Fi experts can provide economical remote and on-premises support for both end-of-life and current 802.11ac Aironet Wi-Fi APs and Progent can help your business to plan and manage wireless environments that incorporate indoor and outside/industrial Aironet APs.

  • Atlanta Implementation Atlanta, Georgia Outsourced IT Management Services
  • Atlanta Locky Crypto-Ransomware Remediation Atlanta Hartsfield-Jackson Airport ATL Atlanta WannaCry Ransomware Mitigation Atlanta Hartsfield-Jackson Airport ATL
  • Atlanta NotPetya Ransomware Mitigation Fulton County Georgia Atlanta Georgia Atlanta Ryuk Ransomware Protection
  • Atlanta Offsite Workforce Integration Consultants Atlanta Hartsfield-Jackson Airport ATL, America Atlanta Work at Home Employees Setup Expertise Atlanta Georgia
  • Atlanta Ryuk Ransomware Settlement Negotiation Support Decatur - Buckhead - Norcross Atlanta Ransomware Settlement Negotiation Consultants Decatur - Buckhead - Norcross
  • Marietta - Alpharetta Atlanta Nephilim Crypto-Ransomware System-Restore
  • Atlanta Work from Home Employees Data Protection Solutions Consulting Experts Marietta - Alpharetta Atlanta Remote Workers Backup/Restore Technology Assistance Georgia
  • Atlanta, Fulton County 24/7 Teleworkers Consulting Experts nearby Atlanta - VoIP Systems Consultants At Home Workers Guidance near Atlanta - VoIP Solutions Guidance Fulton County Georgia, United States

  • SQL Server 2012 Performance Tuning Remote Troubleshooting
    SQL Server 2012 Performance Tuning Support

    Progent can provide the expertise of certified consultants and experienced software programmers, DBAs, project management experts, Cisco-certified network architects, disaster recovery planning specialists, and security professionals to help you to evaluate the potential benefits of Microsoft SQL Server 2012 for your organization, install test systems at your datacenter or at Progent's lab, design and carry out a smooth migration to SQL Server 2012 from previous releases of SQL Server or from legacy RDBMS solutions, and define an efficient and safe IT infrastructure that lets you maximize the strategic benefit of SQL Server 2012.

  • Atlanta, Fulton County, United States Telecommuters Consulting in Atlanta - Collaboration Solutions Expertise Atlanta At Home Workforce Collaboration Solutions Guidance Marietta - Alpharetta
  • Atlanta, GA Atlanta Dharma Ransomware Data-Recovery Urgent Atlanta Ryuk Ransomware File-Recovery
  • Atlanta, GA, US Colocation Center Tech Co-Location Facility Network Consulting Group Fulton County Georgia

  • ProSight IT asset documentation management Consulting
    ProSight password management Professionals

    ProSight IT Asset Management is an IT infrastructure documentation management service that makes it easy to capture, update, retrieve and safeguard data related to your network infrastructure, processes, applications, and services. You can quickly locate passwords or serial numbers and be warned automatically about impending expirations of SSLs ,domains or warranties. By updating and managing your IT infrastructure documentation, you can save as much as half of time spent looking for critical information about your IT network. ProSight IT Asset Management includes a common repository for storing and sharing all documents required for managing your business network such as standard operating procedures and How-To's. ProSight IT Asset Management also supports advanced automation for gathering and relating IT information. Whether you're making enhancements, doing maintenance, or reacting to an emergency, ProSight IT Asset Management gets you the data you need as soon as you need it.

  • Atlanta, Georgia System Repair Atlanta Software Consulting Services
  • BlackBerry Computer Network Support Companies Atlanta, GA BlackBerry Smartphone Software Consultant Atlanta, Fulton County
  • Cisco Network Consulting Company Decatur - Buckhead - Norcross Fulton County Georgia Cisco Network Security Consulting
  • Exchange Server 2019 Information Technology Consulting Company Decatur - Buckhead - Norcross Exchange 2016 Small Business Network Consulting Company Fulton County Georgia
  • Firewall Network Security Audit Atlanta, United States Firewall Cybersecurity Team ATL
  • Juniper SSL Router Network Security Test Juniper SA2500 SSL VPN Firewall Setup
  • MS Dynamics GP Solution Provider near Atlanta - Installation Support Atlanta Atlanta MS Dynamics GP (Great Plains) Implementation Expert

  • Offsite Workers Collaboration Software Setup and Support
    Troubleshooting Work from Home Collaboration Software

    Progent can assist small and medium-size companies to deploy collaboration applications to make it easy for their at-home workers to engage in positive teamwork with colleagues and clients.

  • Marietta - Alpharetta Remote Workers Consulting and Support Services near me in Atlanta - Endpoint Management Tools Assistance Work from Home Employees Consulting Experts in Atlanta - Endpoint Management Solutions Guidance Atlanta Georgia, America
  • Microsoft SharePoint 2010 Remote Support Atlanta Hartsfield-Jackson Airport ATL SharePoint 2010 Online Support
  • Nephilim Ransomware Hot Line Georgia Ransomware Rebuild Atlanta Hartsfield-Jackson Airport ATL
  • Open Now Stealth Penetration Testing Security Consultancy MS Certified Stealth Penetration Testing Compliance Audit
  • Professionals Cloud Protection for Email Open Now Email Predictive Sender Profiling Technology Professional
  • Remote Workforce Atlanta Assistance - Cloud Integration Systems Expertise Marietta - Alpharetta Remote Workers Atlanta Consulting and Support Services - Cloud Technology Consulting ATL, US
  • SQL Server Online Technical Support Atlanta Hartsfield-Jackson Airport ATL Marietta - Alpharetta SQL Server 2012 Solutions Provider
  • Small Business WAP321 Consultants Network Consultants Small Business WAP300 AP
  • Staffing for IT Support Organizations Georgia Atlanta Short Term IT Staffing Help Decatur - Buckhead - Norcross
  • Technical Support Suse Linux, Sun Solaris, UNIX Atlanta IT Consulting CentOS Linux, Solaris, UNIX Georgia
  • Technology Professional MRTG for Linux Nagios Network Consultant
  • Troubleshooting Duo MFA and Single Sign-on Duo Zero Trust Cybersecurity Support Services
  • Windows and UNIX Consulting Services Largest Windows, UNIX, Solaris Support and Setup
  • Work From Home Job Network Security Consulting Atlanta Georgia Microsoft Remote Engineer Freelance Jobs Georgia

  • © 2002-2025 Progent Corporation. All rights reserved.