Crypto-Ransomware : Your Crippling Information Technology Nightmare
Ransomware  Recovery ConsultantsRansomware has become an escalating cyberplague that presents an extinction-level danger for businesses vulnerable to an assault. Different iterations of crypto-ransomware such as CryptoLocker, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been out in the wild for years and still inflict damage. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, along with more as yet unnamed malware, not only do encryption of on-line files but also infect any accessible system protection mechanisms. Files synched to the cloud can also be corrupted. In a vulnerable system, this can render any restore operations useless and basically sets the entire system back to square one.

Getting back on-line applications and data after a ransomware attack becomes a race against the clock as the targeted organization tries its best to stop the spread and eradicate the virus and to restore business-critical activity. Because crypto-ransomware needs time to replicate, attacks are usually sprung at night, when penetrations typically take longer to identify. This multiplies the difficulty of quickly marshalling and orchestrating an experienced mitigation team.

Progent provides a range of services for securing Atlanta enterprises from ransomware penetrations. Among these are user training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring for remote monitoring and management, along with deployment of modern security solutions with AI technology to automatically detect and disable zero-day cyber threats. Progent in addition provides the services of seasoned crypto-ransomware recovery engineers with the skills and commitment to re-deploy a compromised environment as rapidly as possible.

Progent's Ransomware Restoration Support Services
After a crypto-ransomware event, sending the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will provide the codes to decrypt all your files. Kaspersky Labs ascertained that 17% of crypto-ransomware victims never recovered their data after having paid the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the usual ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller businesses. The other path is to re-install the mission-critical parts of your IT environment. Absent access to complete system backups, this requires a broad complement of skills, top notch project management, and the willingness to work non-stop until the job is done.

For decades, Progent has offered expert Information Technology services for businesses across the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have been awarded top industry certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security experts have earned internationally-renowned certifications including CISA, CISSP, CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise in financial management and ERP software solutions. This breadth of experience provides Progent the capability to rapidly determine necessary systems and integrate the remaining components of your Information Technology environment following a ransomware event and rebuild them into a functioning network.

Progent's security team utilizes state-of-the-art project management tools to orchestrate the complex recovery process. Progent appreciates the importance of acting quickly and in unison with a client's management and IT staff to assign priority to tasks and to put essential applications back on line as soon as humanly possible.

Customer Case Study: A Successful Ransomware Attack Response
A customer sought out Progent after their network was penetrated by the Ryuk ransomware. Ryuk is believed to have been created by North Korean government sponsored criminal gangs, possibly adopting strategies leaked from the United States NSA organization. Ryuk seeks specific businesses with limited tolerance for disruption and is one of the most lucrative versions of ransomware malware. Well Known organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing company headquartered in the Chicago metro area with around 500 staff members. The Ryuk penetration had paralyzed all business operations and manufacturing processes. The majority of the client's data protection had been online at the start of the attack and were eventually encrypted. The client was taking steps for paying the ransom (more than two hundred thousand dollars) and hoping for good luck, but ultimately engaged Progent.


"I cannot thank you enough in regards to the expertise Progent provided us during the most critical period of (our) companyís life. We most likely would have paid the cybercriminals if it wasnít for the confidence the Progent team provided us. That you could get our e-mail and key servers back on-line quicker than one week was earth shattering. Every single expert I talked with or texted at Progent was laser focused on getting our system up and was working 24 by 7 to bail us out."

Progent worked together with the customer to rapidly understand and prioritize the mission critical areas that needed to be recovered in order to continue business functions:

  • Active Directory (AD)
  • Email
  • Accounting/MRP
To begin, Progent adhered to ransomware incident response industry best practices by halting the spread and disinfecting systems. Progent then initiated the process of rebuilding Microsoft AD, the key technology of enterprise systems built on Microsoft Windows technology. Exchange email will not operate without Active Directory, and the client's MRP system used Microsoft SQL Server, which needs Active Directory services for access to the information.

In less than 48 hours, Progent was able to recover Windows Active Directory to its pre-intrusion state. Progent then performed rebuilding and hard drive recovery on needed applications. All Microsoft Exchange Server data and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to find intact OST data files (Microsoft Outlook Offline Folder Files) on staff workstations and laptops in order to recover email messages. A not too old off-line backup of the businesses accounting/MRP software made them able to recover these essential services back available to users. Although a lot of work still had to be done to recover totally from the Ryuk virus, essential systems were recovered quickly:


"For the most part, the manufacturing operation did not miss a beat and we did not miss any customer deliverables."

During the following few weeks important milestones in the restoration process were accomplished through tight collaboration between Progent team members and the customer:

  • Self-hosted web sites were restored without losing any information.
  • The MailStore Server exceeding 4 million archived messages was brought on-line and accessible to users.
  • CRM/Customer Orders/Invoices/Accounts Payable/Accounts Receivables/Inventory Control modules were fully recovered.
  • A new Palo Alto 850 firewall was brought online.
  • Most of the desktop computers were back into operation.

"A lot of what went on that first week is nearly entirely a blur for me, but my management will not forget the commitment each of you accomplished to help get our business back. I have trusted Progent for at least 10 years, possibly more, and each time Progent has impressed me and delivered. This time was no exception but maybe more Herculean."

Conclusion
A possible business-killing catastrophe was avoided due to results-oriented professionals, a broad spectrum of technical expertise, and close collaboration. Although upon completion of forensics the crypto-ransomware virus penetration described here could have been identified and stopped with modern security technology and ISO/IEC 27001 best practices, user training, and appropriate security procedures for information backup and proper patching controls, the reality remains that state-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do fall victim to a ransomware penetration, remember that Progent's team of experts has extensive experience in crypto-ransomware virus defense, mitigation, and file restoration.


"So, to Darrin, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others who were involved), Iím grateful for allowing me to get rested after we got over the most critical parts. Everyone did an fabulous job, and if anyone that helped is around the Chicago area, a great meal is on me!"

Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist



An index of content::

  • 24-Hour Atlanta DopplePaymer Crypto-Ransomware Forensics Atlanta, GA, United States Atlanta Locky Crypto-Ransomware Forensics Analysis Atlanta Hartsfield-Jackson Airport ATL

  • Juniper SRX210 Router Firewall Configure
    Technology Consulting Juniper SRX220 Router

    Progent's Juniper-certified network engineers can help you evaluate the business case for adopting Juniper's SRX Series gateways, plan and execute cost-effective deployments, configure equipment to reflect your security strategy, and provide ongoing consulting services to help you monitor, manage, update, and troubleshoot your environment in order to maximize the business value of your SRX gateway solution.

  • 24/7 Microsoft SharePoint Server 2010 Online Troubleshooting Atlanta Hartsfield-Jackson Airport ATL SharePoint 2013 Information Technology Consulting ATL
  • 24x7 Atlanta Consulting Services for Network Service Companies Atlanta Georgia Immediate Specialists for Atlanta IT Support Companies Atlanta, Fulton County, United States
  • 24x7 Locky Ransomware Hot Line Atlanta, U.S.A. Ransomware Data Recovery
  • Atlanta Ryuk Ransomware Malware System-Rebuild Atlanta, GA, United States
  • Altaro O365 SharePoint Backup Online Technical Support Altaro O365 OneDrive Backup Support

  • Software Outsourcing Consultant Microsoft Certified
    Computer Specialists Microsoft Partner

    Progent is a Microsoft Certified Partner with accredited competencies that include Information Worker Solutions. Microsoft Certified Partners are the most successful organizations who receive the highest client satisfaction and are afforded the tightest operational relationship with Microsoft. The understanding, skills, and dedication needed to earn the status of Microsoft Certified Partner benefits Progent's customers by allowing Progent to provide your business better support for your information system.

  • At Home Workforce Atlanta Assistance - Network Security Systems Expertise Fulton County Georgia Work at Home Employees Consulting Services - Atlanta - Security Systems Consultants Georgia
  • At Home Workforce Atlanta Consulting - Endpoint Management Tools Assistance ATL Georgia Remote Workers Atlanta Guidance - Endpoint Management Tools Assistance

  • Exchange 2000 Upgrade Help
    Exchange 2000 Upgrade Consultant

    Progent is among the most qualified network consulting companies for integrating e-mail solutions powered by Exchange 2000 Server. Progent is skilled in helping small companies get all the benefits of Microsoft Exchange 2000 under typical scenarios such as updating from Exchange 5.5 Server, moving from an ISP-based or POP3 e-mail system, and using managed services for your Exchange 2000 support.

  • Atlanta Crypto-Ransomware Dharma Susceptibility Assessment Marietta - Alpharetta, U.S.A. Atlanta, Fulton County 24x7 Atlanta Crypto-Ransomware NotPetya Readiness Report
  • Atlanta Hartsfield-Jackson Airport ATL MS Dynamics GP (Great Plains) Atlanta Partner - Implementation Consultant Atlanta, Fulton County Microsoft Dynamics GP (Great Plains) Supplier near me in Atlanta - Implementation Experts

  • Mobile Laptop Small Business Network Consulting Services
    Desktop VPN Consolidation

    Progent's remote connectivity and smartphone synchronization specialists can assist your business to plan and deploy secure access solutions for off-site desktop PCs, notebooks, and smartphones so they integrate tightly with your IT network, enabling you to optimize the productivity of your remote workers.

  • Atlanta Offsite Workforce Video Conferencing Technology Assistance Atlanta, GA Atlanta At Home Workers Conferencing Solutions Consulting and Support Services Decatur - Buckhead - Norcross
  • Atlanta Small Office IT Consulting Services Atlanta-Fulton County Tech Consultant
  • Atlanta Teleworkers Integration Assistance Atlanta, Fulton County Atlanta Remote Workers Setup Consulting Atlanta Hartsfield-Jackson Airport ATL, U.S.A.
  • Atlanta Teleworkers VoIP Technology Guidance Atlanta, US Atlanta Work from Home Employees IP Voice Solutions Expertise Marietta - Alpharetta
  • Atlanta WannaCry Crypto-Ransomware Operational-Recovery Fulton County Georgia, United States Atlanta MongoLock Ransomware Business-Recovery Atlanta, GA
  • Atlanta, Fulton County Atlanta Ryuk Ransomware Negotiation Consultingn Atlanta Netwalker Ransomware Settlement Services Atlanta
  • Atlanta, Fulton County Award Winning Microsoft SQL Server 2017 Integration Specialists Microsoft SQL Server 2017 Engineer
  • Atlanta, Georgia Network Installation Technical Support Firms Atlanta
  • BlackBerry BPS Small Office IT Support Atlanta Georgia IT Service Providers BlackBerry Professional Software Atlanta, Fulton County
  • CRISC Security Tech Services CRISC Certified Risk and Information Systems Control Services
  • Cisco CCNA Consultant Jobs Atlanta Computer Security Consultant Remote Support Job Decatur - Buckhead - Norcross

  • VMware Security Online Consulting
    Emergency iPhone Security Consultant

    Progent's ProSight Enhanced Security Protection (ESP) services offer economical in-depth protection for physical and virtual servers, desktops, smartphones, and Microsoft Exchange. ProSight ESP utilizes contextual security and advanced machine learning for round-the-clock monitoring and reacting to cyber threats from all attack vectors. ProSight ESP provides two-way firewall protection, penetration alerts, device management, and web filtering through leading-edge tools incorporated within one agent accessible from a single console. Progent's security and virtualization consultants can assist you to design and configure a ProSight ESP environment that addresses your organization's unique needs and that helps you prove compliance with government and industry information security regulations. Progent will assist you specify and configure security policies that ProSight ESP will enforce, and Progent will monitor your network and respond to alarms that call for urgent attention. Progent can also help your company to set up and test a backup and disaster recovery solution like ProSight Data Protection Services (DPS) so you can get back in business quickly from a potentially disastrous security attack such as ransomware.

  • Cisco Tech Support Outsource Technology Consultancy Firm Cisco Atlanta, Fulton County
  • Consulting CentOS Linux, Solaris, UNIX Atlanta Hartsfield-Jackson Airport ATL Red Hat Linux, Sun Solaris, UNIX Computer Consulting Atlanta
  • Decatur - Buckhead - Norcross Atlanta Locky Crypto-Ransomware Data-Recovery Atlanta Avaddon Ransomware Operational Recovery Atlanta, Fulton County
  • Emergency Atlanta Maze Ransomware System-Rebuild ATL Ryuk Remote Crypto-Ransomware Repair Consultants Atlanta Fulton County Georgia, America
  • Firewall Protecting CISSP Security Firms Fulton County Georgia

  • Online Support Services Virtual Help Desk
    CISSP Certified Security Shared Network Support Help Desk Network Engineer

    Progent's Standard Help Desk Services provide a comprehensive service desk solution that manages all facets of online Level 1 desktop support from service requests through trouble ticket generation, screen sharing, status tracking, problem solving, and management reports. Support services are provided at a significant discount off Progent's regular Level 1 desktop support rates, and Progent can provide the option of rapid as-needed escalation to Level 2 and Level 3 experts to handle challenging problems.

  • Georgia Telecommuters Atlanta Consulting Experts - Call Desk Augmentation Guidance Decatur - Buckhead - Norcross Teleworkers Consulting and Support Services nearby Atlanta - Help Desk Call Center Augmentation Consulting Services

  • Support Windows Server 2008 Security
    Windows Server 2008 BranchCache Consultant

    Progent's Microsoft-certified consultants can assist you you to calculate the benefits of Windows Server 2008 for your business, create pilot programs and rollout strategies, integrate Windows Server 2008 with your IT environment and workload, train your support personnel how to use enhanced administration utilities, and provide ongoing consulting and tech support via affordable alternatives including Helpdesk support and remote technical support.

  • Immediate Atlanta Ransomware Cleanup Experts ATL 24/7/365 Atlanta Crypto Recovery Atlanta

  • Microsoft Certified Partner SharePoint 2013 Excel Services Remote Troubleshooting
    SharePoint 2013 PerformancePoint Services Consultant Services

    Progent has been providing SharePoint consulting services since the initial product was published more than a decade ago, and Progent has the scope of technical knowledge to assist businesses of any size to design and carry out a SharePoint Server 2013 deployment and create SharePoint Server 2013 applications that bring significant business value to your information network. Progent's Microsoft-certified consulting team can help your company to assess the risks and benefits of migrating to SharePoint Server or SharePoint Online from older versions of SharePoint or from another collaboration solution; decide if an in-house, Cloud-based or hybrid configuration is best suited for your organization; and pick the most appropriate version of SharePoint 2013 for your purposes. Progent offers comprehensive project management services or can help in specific jobs associated with your SharePoint 2013 migration.

  • MCSE MCSA MCDBA MCIPT MCA Consulting Subcontractor Job Microsoft Engineer Positions Sacramento - Folsom
  • Network Consult Data Center Colocation Atlanta Georgia 24-Hour On-site Technical Support Colocation Atlanta Hartsfield-Jackson Airport ATL
  • Atlanta Snatch Crypto-Ransomware File-Recovery Atlanta, Fulton County
  • Online Help scom 2016 reporting server Information Technology Consulting scom 2016

  • Remote Workforce VoIP Remote Support
    Offsite Employees VoIP Remote Consulting

    Progent can assist small and medium-size companies to deploy IP voice technology to give their remote workforce the advantage of virtual access to the corporate phone network.

  • Open Now Microsoft Certified Exchange 2019 Configuration On-site Support Help and Support Exchange 2019 Mailbox Migration
  • Small Business IT Consulting Firms Exchange Server 2013 Atlanta, GA Exchange 2003 Server Small Business Network Consultant Georgia
  • Staffing for Network Support Teams Atlanta, Fulton County Staffing for Network Support Organizations Georgia
  • Telecommuters Atlanta Consulting Experts - Data Protection Systems Assistance Atlanta, Fulton County Atlanta At Home Workers Backup Technology Consulting Atlanta
  • Teleworkers Consulting Experts - Atlanta - Cloud Integration Systems Assistance Marietta - Alpharetta 24/7 Work at Home Employees Atlanta Consulting - Cloud Integration Solutions Consulting Decatur - Buckhead - Norcross
  • Atlanta DopplePaymer Crypto-Ransomware Operational-Recovery Atlanta Hartsfield-Jackson Airport ATL
  • Tennessee Technical Firms Award Winning Nebraska Small Business IT Support Firm

  • Network Consultants Juniper SSG320M Router
    Firewall Network Install Juniper SSG140 Router

    Progent's Juniper-certified consultants can help your business plan the deployment of Juniper SSG integrated firewall/VPN products, configure security policies to match your operational requirements, set up network OS software to streamline management processes, migrate from legacy Juniper products, and troubleshoot infrastructure issues.

  • Urgent Atlanta Remote Workforce Collaboration Systems Consulting and Support Services Marietta - Alpharetta, US Teleworkers Atlanta Guidance - Collaboration Technology Expertise Decatur - Buckhead - Norcross
  • Urgent Remote Workers Atlanta Consulting - Integration Solutions Consulting and Support Services Atlanta, Fulton County Atlanta, GA Offsite Workforce Consulting Experts near Atlanta - Integration Consulting
  • Windows Server 2012 R2 Small Office Computer Consulting Atlanta, Fulton County Windows Server 2012 Technical Support Companies Fulton County Georgia, America

  • © 2002-2021 Progent Corporation. All rights reserved.