Ransomware : Your Worst IT Catastrophe
Ransomware  Recovery ExpertsRansomware has become an escalating cyber pandemic that represents an existential threat for organizations unprepared for an assault. Multiple generations of ransomware like the Dharma, WannaCry, Locky, Syskey and MongoLock cryptoworms have been out in the wild for years and still inflict havoc. Modern strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with additional as yet unnamed malware, not only encrypt online files but also infect many accessible system protection mechanisms. Information synched to off-premises disaster recovery sites can also be encrypted. In a poorly architected data protection solution, it can make any restore operations impossible and effectively sets the network back to square one.

Getting back services and data following a crypto-ransomware event becomes a sprint against the clock as the victim struggles to contain the damage, eradicate the crypto-ransomware, and restore mission-critical operations. Because crypto-ransomware needs time to move laterally throughout a network, assaults are often launched at night, when attacks in many cases take longer to discover. This compounds the difficulty of rapidly marshalling and orchestrating a qualified response team.

Progent offers a range of help services for securing Atlanta businesses from crypto-ransomware attacks. These include staff training to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat protection to discover and quarantine day-zero malware attacks. Progent in addition can provide the services of veteran ransomware recovery professionals with the skills and commitment to rebuild a breached system as rapidly as possible.

Progent's Crypto-Ransomware Recovery Help
After a crypto-ransomware invasion, paying the ransom demands in cryptocurrency does not provide any assurance that cyber hackers will respond with the needed codes to decipher any or all of your data. Kaspersky estimated that seventeen percent of ransomware victims never recovered their data even after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms are often a few hundred thousand dollars. For larger organizations, the ransom can be in the millions. The alternative is to re-install the vital parts of your IT environment. Absent the availability of full system backups, this calls for a wide complement of skill sets, top notch team management, and the willingness to work continuously until the task is finished.

For decades, Progent has made available professional IT services for companies throughout the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have earned high-level certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have garnered internationally-renowned certifications including CISA, CISSP-ISSAP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience in financial management and ERP application software. This breadth of expertise provides Progent the capability to knowledgably identify important systems and integrate the remaining pieces of your computer network system following a crypto-ransomware attack and configure them into an operational network.

Progent's ransomware team deploys top notch project management applications to coordinate the complex restoration process. Progent appreciates the importance of working rapidly and together with a customer's management and IT team members to assign priority to tasks and to get key applications back online as fast as possible.

Business Case Study: A Successful Ransomware Incident Recovery
A client contacted Progent after their company was brought down by Ryuk ransomware. Ryuk is believed to have been launched by North Korean government sponsored cybercriminals, suspected of using technology leaked from the U.S. National Security Agency. Ryuk seeks specific organizations with limited room for disruption and is among the most lucrative versions of ransomware. High publicized organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturing company located in the Chicago metro area and has about 500 workers. The Ryuk intrusion had disabled all essential operations and manufacturing capabilities. The majority of the client's data backups had been online at the start of the intrusion and were destroyed. The client was taking steps for paying the ransom (in excess of $200K) and wishfully thinking for the best, but ultimately engaged Progent.


"I can't tell you enough in regards to the care Progent gave us throughout the most critical period of (our) businesses survival. We may have had to pay the cyber criminals if not for the confidence the Progent experts provided us. That you were able to get our messaging and essential servers back online faster than five days was beyond my wildest dreams. Each expert I talked with or e-mailed at Progent was totally committed on getting my company operational and was working non-stop on our behalf."

Progent worked with the client to rapidly assess and prioritize the most important systems that needed to be recovered to make it possible to resume departmental functions:

  • Active Directory
  • Microsoft Exchange Server
  • MRP System
To get going, Progent followed AV/Malware Processes penetration mitigation industry best practices by stopping lateral movement and performing virus removal steps. Progent then initiated the work of bringing back online Windows Active Directory, the heart of enterprise environments built on Microsoft Windows technology. Microsoft Exchange email will not operate without Active Directory, and the businesses' accounting and MRP system used Microsoft SQL Server, which requires Active Directory services for authentication to the information.

In less than 48 hours, Progent was able to re-build Windows Active Directory to its pre-attack state. Progent then performed setup and hard drive recovery of needed systems. All Exchange Server data and configuration information were usable, which greatly helped the restore of Exchange. Progent was also able to locate local OST files (Outlook Email Off-Line Data Files) on team workstations and laptops in order to recover mail data. A not too old offline backup of the client's manufacturing systems made it possible to restore these required programs back online for users. Although a lot of work still had to be done to recover fully from the Ryuk virus, the most important services were recovered quickly:


"For the most part, the assembly line operation ran fairly normal throughout and we delivered all customer shipments."

Over the following couple of weeks important milestones in the recovery process were accomplished through tight collaboration between Progent consultants and the customer:

  • Self-hosted web applications were restored without losing any data.
  • The MailStore Microsoft Exchange Server containing more than four million archived emails was restored to operations and accessible to users.
  • CRM/Customer Orders/Invoices/Accounts Payable/Accounts Receivables (AR)/Inventory Control functions were fully functional.
  • A new Palo Alto Networks 850 firewall was deployed.
  • Most of the user workstations were functioning as before the incident.

"Much of what occurred in the initial days is nearly entirely a blur for me, but I will not forget the commitment each and every one of the team accomplished to help get our business back. I have entrusted Progent for the past ten years, possibly more, and every time Progent has come through and delivered. This time was a testament to your capabilities."

Conclusion
A possible company-ending catastrophe was averted through the efforts of dedicated professionals, a wide spectrum of technical expertise, and close collaboration. Although in retrospect the crypto-ransomware virus penetration detailed here would have been disabled with up-to-date security solutions and best practices, user training, and properly executed incident response procedures for information protection and applying software patches, the fact is that government-sponsored cybercriminals from Russia, China and elsewhere are relentless and are not going away. If you do get hit by a ransomware virus, remember that Progent's team of experts has extensive experience in crypto-ransomware virus defense, removal, and data restoration.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others that were involved), thank you for allowing me to get rested after we made it past the first week. All of you did an incredible effort, and if any of your guys is in the Chicago area, a great meal is my treat!"

Download the Crypto-Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Restoration Consulting Services in Atlanta
For ransomware system recovery consulting in the Atlanta area, call Progent at 800-462-8800 or see Contact Progent.



An index of content::

  • 24-7 Remote Workers Guidance in Atlanta - Support Assistance ATL Emergency Atlanta Teleworkers Integration Solutions Expertise
  • 24/7/365 Microsoft SharePoint Server 2010 Online Technical Support Atlanta Hartsfield-Jackson Airport ATL Atlanta, Fulton County SharePoint Server 2007 Setup and Support
  • 24x7x365 Atlanta MongoLock Crypto-Ransomware Rollback Atlanta, Fulton County Atlanta Lockbit Ransomware Removal Atlanta Hartsfield-Jackson Airport ATL
  • Atlanta Ryuk Crypto-Ransomware Virus System-Restore Case Study Fulton County Georgia, United States
  • ATL At Home Workers Consulting Services near Atlanta - Cybersecurity Systems Consulting and Support Services Atlanta At Home Workforce Network Security Solutions Consulting and Support Services Decatur - Buckhead - Norcross
  • At Home Workers Atlanta Consultants - Management Tools Expertise Marietta - Alpharetta Fulton County Georgia Remote Workforce Atlanta Assistance - Endpoint Management Systems Consulting Services
  • Atlanta Crypto-Ransomware Infection Consultation Atlanta Georgia Atlanta Ransomware Locky Preparedness Consultation Marietta - Alpharetta

  • Remote Workforce Support and Setup
    Specialists Telecommuter Services

    File summary_Work-from-Home-Support-Experts.htm.asp does not exist



  • Atlanta Georgia Atlanta Phobos Crypto-Ransomware Data-Recovery Atlanta DopplePaymer Crypto-Ransomware Rollback Atlanta Georgia, United States
  • Atlanta Hartsfield-Jackson Airport ATL SQL Server Small Business Computer Consultant Decatur - Buckhead - Norcross Small Office Computer Consulting Microsoft SQL Server
  • Atlanta Microsoft Dynamics GP Customization Support ATL Dynamics GP-Software Atlanta VAR - Implementation Support Georgia, United States

  • Cisco VoIP Outsourcing IT Support
    Cisco Firewall Outsourcing Technology

    Progent's Cisco CCIE network experts can assist you to configure, manage, upgrade and debug Cisco products. Progent offers Cisco, Meraki and Nexus switch support, ASA firewall consulting, Meraki and Aironet Wi-Fi access point support, Cisco VoIP phone support, and CUCM/CallManager software expertise.

  • Atlanta Phobos Crypto-Ransomware Mitigation Atlanta, GA
  • Atlanta Netwalker Crypto-Ransomware Repair Atlanta Atlanta Netwalker Crypto-Ransomware File-Recovery Fulton County Georgia
  • Atlanta NotPetya Ransomware Forensics Investigation ATL, America Atlanta Crypto-Ransomware Forensics Analysis Decatur - Buckhead - Norcross
  • Atlanta Staffing Help Atlanta, GA Supplemetary IT Staffing for Network Support Organizations Marietta - Alpharetta
  • Atlanta, Fulton County CISSP Network Consultant Georgia Cybersecurity Companies Firewall

  • ProSight Email Spyware Protection Consultant Services
    Email White Lists Engineer

    Progent's ProSight Email Guard uses the technology of top data security vendors to provide web-based management and world-class security for your inbound and outbound email. The hybrid structure of ProSight Email Guard managed service combines a Cloud Protection Layer with a local gateway device to offer advanced defense against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks, and other email-based threats. Email Guard's Cloud Protection Layer acts as a first line of defense and blocks most unwanted email from making it to your security perimeter. This decreases your vulnerability to external attacks and conserves system bandwidth and storage. Email Guard's onsite security gateway device adds a further level of inspection for incoming email. For outbound email, the onsite security gateway provides AV and anti-spam protection, policy-based Data Loss Prevention, and email encryption. The on-premises security gateway can also assist Microsoft Exchange Server to track and safeguard internal email that originates and ends inside your security perimeter.

  • Atlanta-Fulton County Onsite Support Configuration Atlanta

  • Microsoft Certified Partner Consolidate Desktop
    Technical Support Companies Microsoft and Mac Desktop

    Progent can deliver a wide range of cost-effective consulting and support services to help your business to deploy, integrate, repair, and administer workstations and notebooks based on Microsoft Windows, macOS and OS X, or various editions of Linux. Progent can offer on-premises or online technical support for individual computers or laptops or work with you to design and implement a company-wide migration to new or revised OS platforms and business applications. Progent can also provide engineers and technicians to help you to plan for and complete a site relocation or merger organized to cause minimal disruption of your productivity.

  • Cisco Atlanta, Georgia Migration Help Atlanta-Fulton County Tech Consultants

  • 24-Hour Windows Server Hyper-V 2016 Integration
    Hyper-V 2016 Shielded VMs IT Consultant

    Windows Hyper-V 2016 incorporates core features initially designed for and proven on Azure, one of the world's largest public clouds. This dramatically improves the suitability of the Windows Server platform to support private cloud and hybrid cloud/on-premises deployment models by improving security, availability, expandability, manageability, dependability and recoverability. Progent's Microsoft-certified consultants can assist you to evaluate the advantages of Hyper-V 2016 for your organization, set up pilot environments to verify the ability of Hyper-V 2016 to support your critical applications, design a cost-effective network architecture for a cloud-centric or hybrid installation, create and carry out a smooth upgrade strategy, educate your IT administration and support staff, and deliver as-needed consulting and troubleshooting support to make sure that your Hyper-V 2016 solution gives you maximum business benefit.

  • Citrix Virtualization Specialists Specialists Citrix XenServer
  • Atlanta Nephilim Ransomware Mitigation Atlanta
  • Consulting for Computer Support Providers near me in Atlanta - Temporary Support Staff Expansion Consultants for Network Service Providers in Atlanta - Seamless Temporary Support Staff Assistance Atlanta

  • On-site Support Windows Server 2022 and SCVMM
    Windows Server 2022 Windows Defender ATP Remote Support Services

    Progent's certified Windows Server 2022 experts can help your company to plan and carry out an efficient migration to Windows Server 2022 using a self-hosted system architecture or a hybrid model that integrates cloud-based Windows Server on Azure with an on-site implementation of Windows Server 2022.

  • Data Center Colocation Installer ATL Data Center Colo Outsourcing Technical Support Fulton County Georgia
  • Designer Cisco Atlanta, GA, US Cisco Information Technology Consulting Group Fulton County Georgia
  • Exchange 2016 Tech Support For Small Business Atlanta Hartsfield-Jackson Airport ATL Microsoft Exchange 2010 Small Business Network Consulting Firms
  • Expert Microsoft Certified Windows Server 2008 Hyper-VI On-site Technical Support Windows Server 2008 R2 Support and Integration
  • Fedora Linux, Sun Solaris, UNIX Onsite Technical Support Marietta - Alpharetta 24 Hour Slackware Linux, Solaris, UNIX Technology Consulting
  • Fulton County Georgia BlackBerry Wireless Network Support Consultants BlackBerry Professional Software Small Business IT Consulting Companies
  • Georgia Remote Workers Atlanta Consulting and Support Services - Setup Consulting and Support Services Atlanta Work at Home Employees Setup Consulting and Support Services ATL
  • IT Outsourcing Examples Whitepapers IT Outsourcing Model White Papers
  • Microsoft 365 Power BI Integration Support Microsoft 365 Training Professionals
  • Microsoft Certified Partner Windows 11 Security Network Engineer Microsoft Windows 11 Snap Groups Engineer
  • Microsoft Engineer Telecommuting Job Fulton County Georgia Atlanta, Fulton County Microsoft MCTS Remote Engineer Full-Time Jobs
  • Online Support Windows Server 2019 integration Windows Server 2019 Storage Replica Remote Troubleshooting

  • System Center 2016 and Windows Server 2016 Remote Troubleshooting
    System Center 2016 and Intune Remote Support

    Small to middle size companies can now get all the advantages of Microsoft System Center Operations Manager and also have quick access to Progent's Microsoft Certified IT support experts. With Progent's economically priced IT service programs, small and midsize organizations can choose a simple Microsoft System Center Operations Manager 2007-based co-sourcing package with server monitoring, reporting, Help Desk and remote troubleshooting or a complete 24x7 outsourcing solution. Progent supports Microsoft System Center Operations Manager 2007 to provide small business networks world-class availability, protection, and performance.

  • Open Now Remote Workers Atlanta Expertise - Cloud Technology Consulting and Support Services ATL Atlanta Work at Home Employees Cloud Integration Systems Assistance Marietta - Alpharetta
  • Remote Atlanta At Home Workers VoIP Systems Expertise Atlanta, GA Atlanta Teleworkers VoIP Systems Assistance Atlanta, Fulton County
  • Remote Workforce Assistance in Atlanta - Voice/Video Conferencing Solutions Guidance Atlanta, Fulton County At Home Workers Atlanta Consulting - Voice/Video Conferencing Systems Guidance Decatur - Buckhead - Norcross
  • Remote Workforce Atlanta Expertise - Backup/Recovery Systems Consultants Atlanta Georgia, U.S.A. Atlanta Remote Workforce Data Protection Technology Assistance ATL

  • Microsoft Azure hybrid cloud solutions Specialist
    Enterprise hybrid cloud integration Consult

    Progent can help your IT team to design and administer cost-effective environments that can include Windows and Linux operating systems and apps in both cloud-based systems or in hybrid topologies that utilize on-premises resources as well as one or more public clouds. To help you to integrate public cloud services with networks, Progent can provide a range of cloud integration services that include Microsoft Azure hybrid cloud planning and deployment consulting, Amazon Web Services cloud migration, and Amazon Web Marketing Service (WMS) development and debugging. Progent has 20 years of experience providing high-level consulting services remotely, and Progent can make sure you complete your cloud migration initiatives on schedule and within your budget.

  • Atlanta Conti Ransomware Business-Recovery
  • Sodinokibi Ransomware Hot Line Atlanta, United States Ransomware Business Recovery Georgia
  • Telecommuters Consulting Experts near Atlanta - Call Desk Augmentation Consulting Fulton County Georgia, United States Atlanta Teleworkers Atlanta Expertise - Help Desk Call Center Augmentation Consulting
  • Teleworkers Atlanta Consultants - Collaboration Solutions Consulting Experts Fulton County Georgia At Home Workers Atlanta Consultants - Collaboration Solutions Consultants Atlanta
  • Top Atlanta Lockbit Ransomware Settlement Guidance Decatur - Buckhead - Norcross Atlanta WannaCry Ransomware Settlement Expertise Atlanta
  • Top Rated Atlanta Ransomware Remediation Services Georgia Immediate Atlanta MongoLock Crypto-Ransomware Removal Atlanta
  • Windows Server 2012 R2 Small Business IT Outsourcing Firms Decatur - Buckhead - Norcross, United States Windows Server 2019 Migration Companies Atlanta, GA
  • macOS Phone-based Professionals Mac Technical Support Consulting Services

  • © 2002-2024 Progent Corporation. All rights reserved.