Ransomware : Your Crippling IT Catastrophe
Crypto-Ransomware  Recovery ConsultantsCrypto-Ransomware has become an escalating cyber pandemic that represents an extinction-level threat for organizations unprepared for an assault. Different versions of crypto-ransomware such as Dharma, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been running rampant for many years and continue to cause havoc. Newer strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, plus frequent as yet unnamed newcomers, not only do encryption of on-line data but also infiltrate most available system restores and backups. Files synchronized to off-site disaster recovery sites can also be ransomed. In a vulnerable data protection solution, it can render automated recovery useless and effectively knocks the datacenter back to zero.

Getting back programs and information after a ransomware outage becomes a sprint against the clock as the targeted business tries its best to contain and remove the virus and to restore business-critical activity. Since ransomware takes time to move laterally, attacks are often launched during weekends and nights, when penetrations typically take longer to detect. This compounds the difficulty of promptly mobilizing and orchestrating an experienced response team.

Progent has a range of services for securing Atlanta organizations from ransomware penetrations. Among these are team education to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based threat protection to identify and extinguish zero-day malware assaults. Progent in addition offers the assistance of seasoned ransomware recovery professionals with the skills and commitment to re-deploy a compromised system as soon as possible.

Progent's Crypto-Ransomware Restoration Help
Following a ransomware penetration, even paying the ransom in cryptocurrency does not ensure that cyber criminals will return the codes to decrypt any of your data. Kaspersky Labs estimated that seventeen percent of ransomware victims never restored their data even after having paid the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is well above the average ransomware demands, which ZDNET estimated to be around $13,000 for smaller businesses. The alternative is to setup from scratch the critical parts of your IT environment. Without the availability of essential data backups, this requires a wide complement of skill sets, top notch project management, and the capability to work continuously until the task is over.

For twenty years, Progent has provided professional IT services for businesses across the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have earned advanced certifications in key technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security engineers have garnered internationally-recognized industry certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has experience in financial systems and ERP applications. This breadth of expertise provides Progent the ability to knowledgably understand necessary systems and integrate the surviving components of your computer network system following a ransomware event and assemble them into a functioning network.

Progent's ransomware group uses best of breed project management applications to coordinate the complicated recovery process. Progent understands the urgency of working swiftly and in unison with a customer's management and IT team members to assign priority to tasks and to put essential applications back online as soon as humanly possible.

Client Story: A Successful Crypto-Ransomware Attack Recovery
A customer engaged Progent after their company was attacked by Ryuk ransomware. Ryuk is believed to have been launched by Northern Korean state sponsored cybercriminals, possibly adopting techniques exposed from America's National Security Agency. Ryuk goes after specific companies with little or no ability to sustain operational disruption and is one of the most profitable versions of ransomware. High publicized organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturer based in Chicago with around 500 workers. The Ryuk attack had paralyzed all essential operations and manufacturing processes. Most of the client's backups had been on-line at the start of the attack and were eventually encrypted. The client was evaluating paying the ransom demand (more than $200K) and praying for good luck, but in the end engaged Progent.


"I cannot thank you enough in regards to the support Progent provided us throughout the most critical period of (our) company's existence. We had little choice but to pay the cyber criminals if not for the confidence the Progent experts gave us. That you could get our e-mail and essential applications back sooner than 1 week was beyond my wildest dreams. Each expert I got help from or texted at Progent was laser focused on getting us restored and was working 24/7 on our behalf."

Progent worked together with the client to quickly determine and assign priority to the key elements that had to be restored to make it possible to continue departmental functions:

  • Microsoft Active Directory
  • Microsoft Exchange Server
  • MRP System
To start, Progent followed ransomware event response industry best practices by halting the spread and clearing infected systems. Progent then started the steps of recovering Active Directory, the core of enterprise networks built upon Microsoft Windows Server technology. Exchange messaging will not work without Windows AD, and the businesses' financials and MRP applications utilized Microsoft SQL, which requires Active Directory services for authentication to the database.

Within 48 hours, Progent was able to re-build Active Directory services to its pre-penetration state. Progent then completed reinstallations and storage recovery of key servers. All Exchange ties and attributes were intact, which greatly helped the rebuild of Exchange. Progent was able to locate intact OST files (Microsoft Outlook Offline Data Files) on user desktop computers and laptops to recover mail information. A recent off-line backup of the client's manufacturing software made it possible to recover these required applications back available to users. Although significant work needed to be completed to recover fully from the Ryuk virus, critical services were recovered quickly:


"For the most part, the production line operation showed little impact and we produced all customer deliverables."

During the next month key milestones in the recovery process were accomplished through close cooperation between Progent team members and the customer:

  • Internal web sites were brought back up with no loss of information.
  • The MailStore Exchange Server exceeding 4 million archived messages was restored to operations and accessible to users.
  • CRM/Product Ordering/Invoices/AP/AR/Inventory Control capabilities were 100 percent recovered.
  • A new Palo Alto 850 firewall was installed.
  • 90% of the user workstations were operational.

"Much of what occurred in the initial days is mostly a blur for me, but we will not soon forget the countless hours each and every one of your team put in to help get our company back. I have entrusted Progent for at least 10 years, possibly more, and each time Progent has outperformed my expectations and delivered as promised. This situation was a Herculean accomplishment."

Conclusion
A potential company-ending disaster was averted by top-tier professionals, a wide array of technical expertise, and tight collaboration. Although upon completion of forensics the ransomware attack detailed here could have been identified and blocked with current security technology and recognized best practices, staff education, and appropriate security procedures for data backup and proper patching controls, the fact is that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a crypto-ransomware incident, remember that Progent's roster of experts has a proven track record in crypto-ransomware virus defense, remediation, and file restoration.


"So, to Darrin, Matt, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others who were contributing), thank you for allowing me to get rested after we made it past the initial push. All of you did an fabulous effort, and if any of your team is in the Chicago area, a great meal is on me!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Consulting in Atlanta
For ransomware recovery consulting in the Atlanta area, phone Progent at 800-462-8800 or visit Contact Progent.



An index of content::

  • 24 Hour Expertise for IT Service Providers near Atlanta - Short-Term Support Staff Assistance Marietta - Alpharetta Atlanta Consulting Experts for Network Service Providers Atlanta, GA
  • 24-7 Careers MCSE MCSA MCDBA MCIPT MCA Remote Engineer Decatur - Buckhead - Norcross Freelance Jobs Cisco CCIE Security Network Consulting Atlanta Georgia
  • 24x7 Atlanta Telecommuters Help Desk Augmentation Consulting Services Decatur - Buckhead - Norcross Offsite Workforce Atlanta Expertise - Help Desk Call Center Outsourcing Consulting Services Atlanta Hartsfield-Jackson Airport ATL
  • At Home Workers Network Infrastructure IT Services At Home Workforce Infrastructure Support Outsourcing
  • Atlanta At Home Workforce Collaboration Solutions Consulting and Support Services Decatur - Buckhead - Norcross 24-7 Atlanta Teleworkers Collaboration Solutions Consultants Marietta - Alpharetta

  • 24-Hour Solaris Upgrade Consulting
    Sun Solaris Upgrade Consultants

    Progent can help you to plan and execute a smooth migration from a Solaris-powered information environment to a network powered by MS Windows and suited for running Microsoft's powerful office productivity software, business applications, and software development tools. Progent's Solaris, Windows and Cisco consultants and application specialists can help you preserve your information and minimize productivity disruption by designing an effective transition strategy that preserves your current investments in Solaris application and technology. UNIX-to-Windows transition consulting expertise offered by Progent include evaluation of existing environment, transition strategy and testing, Microsoft Exchange migration services, information and application transition, and server and media transition and economization.

  • Atlanta CentOS Linux, Sun Solaris, UNIX Computer Consulting Fedora Linux, Sun Solaris, UNIX Online Support Atlanta Hartsfield-Jackson Airport ATL
  • Atlanta DopplePaymer Crypto-Ransomware Forensics Fulton County Georgia, US Atlanta NotPetya Ransomware Forensics Investigation Atlanta Hartsfield-Jackson Airport ATL
  • Atlanta DopplePaymer Crypto-Ransomware Recovery Atlanta, Fulton County Atlanta Dharma Crypto-Ransomware Removal Georgia
  • Atlanta Hartsfield-Jackson Airport ATL Cisco Software Consulting Firm System Engineers Cisco Atlanta, GA
  • Atlanta Hermes Ransomware Repair Atlanta Hartsfield-Jackson Airport ATL, United States 24/7/365 Atlanta Ransomware Cleanup Services Atlanta Georgia
  • Atlanta Microsoft Dynamics GP-Great Plains Implementation Support Services Microsoft Dynamics GP (Great Plains) VAR nearby Atlanta - Installation Support Atlanta
  • Atlanta Netwalker Ransomware Business Recovery Atlanta Hartsfield-Jackson Airport ATL Atlanta Atlanta Snatch Ransomware System-Restoration

  • MCSE Expert Certified SCCM 2016 Upgrade Technical Support Services
    SCCM 2016 Reporting Online Support Services

    System Center Configuration Manager 2016 automates application and device provisioning at scale, streamlines compliance settings control, inventories network assets, protects against company data leakage, performs network health monitoring, enables secure self service, and offers a common point of control for managing multi-operating system networks running on-prem, cloud, or hybrid deployment models. Progent's Microsoft-certified Configuration Manager 2016 consultants and Azure cloud integration experts can assist you with any aspect of designing, installing, operating and troubleshooting a SCCM 2016 deployment for local, cloud, or hybrid networks.

  • Atlanta Spora Ransomware Mitigation Georgia
  • Atlanta Teleworkers Management Solutions Consulting and Support Services Decatur - Buckhead - Norcross At Home Workforce Consulting Services near Atlanta - Management Systems Assistance Atlanta Hartsfield-Jackson Airport ATL

  • Windows Server 2016 and SCVMM Professional
    Integration Support Windows Server 2016 Integration

    Progent's Microsoft-certified information technology consultants can provide Windows Server 2016 migration consulting to assist organizations of all sizes to plan and implement a smooth move to Windows Server 2016 and Windows Hyper-V 2016 using a local, cloud-centric, or hybrid architecture. Progent can help you to assess the business benefits of Windows Server 2016 for your enterprise and can help you with any facet of designing, configuring, managing or troubleshooting your Windows Server 2016 and Hyper-V 2016 solution. Progent can assist your organization to take advantage of the many innovative disaster recovery and security capabilities of Windows Server 2016 and Hyper-V 2016 like Windows Containers, Shielded Virtual Machines, Credential Guard, Just In Time (JIT) Privileged Access Management, VM load balancing, Storage Replica, plus workgroup and multi-domain clusters.

  • Atlanta WannaCry Ransomware Mitigation Atlanta, Fulton County 24-7 Atlanta Ryuk Ransomware Restoration ATL
  • Atlanta, Fulton County Atlanta Offsite Workforce Backup/Restore Technology Consultants ATL Teleworkers Atlanta Consulting - Backup/Restore Systems Assistance
  • Atlanta, GA Atlanta Ransomware Ryuk Preparedness Checkup Atlanta Ransomware Spora Vulnerability Checkup Atlanta, America
  • Atlanta, GA Tech Outsourcing Urgent Atlanta Upgrade
  • BlackBerry Software Implementation Atlanta, Fulton County 24 Hour BlackBerry Synchronization Networking Organization Atlanta Georgia

  • Meraki AP Management Integration Support
    Meraki Outdoor Wi-Fi AP Setup and Support

    Progent's Cisco-certified Wi-Fi networking consultants offer remote and onsite consulting and troubleshooting services to help your organization to plan, install, manage, optimize, and debug wireless deployments that utilize Cisco's Meraki access points. Progent's consultants can also assist your organization to plan and implement hybrid networks that integrate on-premises and cloud-based resources and that deliver seamless connectivity, enhanced protection, streamlined management, and dependable operation for all your mobile and desktop endpoints.

  • Data Center Colo Software Recovery Marietta - Alpharetta Colocation Network Consulting Georgia
  • Development DotNET Application .NET Application Contract Programming
  • Fulton County Georgia Computer Consultant Exchange Server 2016 Microsoft Exchange 2016 Network Outsource
  • Fulton County Georgia Microsoft SharePoint Server 2010 Support Services ATL Microsoft SharePoint Server Remote Technical Support
  • 24/7 Atlanta Ryuk Ransomware Malware Restoration
  • Hermes Ransomware Hot Line Atlanta, Fulton County, US DopplePaymer Ransomware Hot Line Atlanta, GA, U.S.A.
  • Immediate Outsourcing Windows Server 2016 Software Load Balancing Configuration Windows Server 2016 Cluster Operating System Rolling Upgrade
  • MCSE Expert Certified System Consultant Atlanta Atlanta Services

  • 24/7 Specialist SIP Trunking
    Cisco Unified SIP Proxy Network Consulting

    Progent's Cisco-certified SIP infrastructure consultants can assist you to plan, integrate, manage, troubleshoot and enhance Cisco's SIP (Session Initiation Protocol) connectivity technology and Cisco's CUBE (Cisco Unified Border Element)-connected SIP trunks and can provide cost-effective online or on-premises support to assist you to migrate smoothly to a modern unified communications network that delivers accelerated ROI. Progent's certified Microsoft collaboration experts can assist you to establish connections between Cisco's CUBE Session Border Controller and Microsoft's rich media applications such as Skype for Business Server and Lync for connectivity to a SIP-based IP PSTN trunk.

  • Marietta - Alpharetta 24x7 Offsite Workforce Atlanta Expertise - Solutions Consulting Experts Remote Workers Atlanta Expertise - Connectivity Assistance Atlanta
  • Microsoft Intune Remote Technical Support IT Consulting Intune and Apple iOS
  • Microsoft Windows 7 Migration Online Support Windows 7 Remote Technical Support
  • Microsoft Windows Security Consulting Services Small Business IT Consulting Microsoft Office 2003
  • Atlanta Nephilim Ransomware System-Restore Atlanta Georgia, US
  • Microsoft and Mac Desktop Computer Support Consultants Microsoft Mac and Linux Desktop Online Help
  • Network infrastructure patch management Engineers Server patch management Consulting
  • Security Consultants Atlanta, Fulton County Security Protection Atlanta
  • Small Business Server Support Microsoft SQL Server 2017 Fulton County Georgia Small Business Specialist Microsoft SQL Server 2017 Fulton County Georgia, United States
  • Specialist Infor SyteLine CloudSuite Database Tuning Specialists Infor CloudSuite 9.00
  • Support Work from Home Video Conferencing Remote Workers Video Conferencing Remote Consulting
  • Teleworkers Atlanta Assistance - Network Security Systems Consultants ATL Remote Workforce Atlanta Consultants - Security Systems Consulting Experts Marietta - Alpharetta
  • Atlanta Ransomware Removal Decatur - Buckhead - Norcross
  • Teleworkers Atlanta Guidance - Conferencing Technology Consulting Experts Atlanta Georgia Atlanta At Home Workers Conferencing Systems Guidance Atlanta
  • Temporary IT Staffing for Computer Support Teams Atlanta Georgia Supplemetary IT Staffing for Network Support Groups Atlanta
  • Top Google Cloud AI Building Blocks Consultants Best Google Cloud Security Engineer
  • Top Rated Atlanta Locky Crypto-Ransomware Settlement Guidance Decatur - Buckhead - Norcross, United States Atlanta Maze Crypto-Ransomware Negotiation Guidance Fulton County Georgia, U.S.A.

  • 24 Hour Microsoft Operations Manager Example Application
    Microsoft Operations Manager Case Study

    Before Progent's Microsoft Operations Manager solution, system problems were approached reactively, once workers complained about them. With the benefit of proactive, automated alerts and trend analyses sent by Microsoft Operations Manager, Progent is now able to fix network troubles before they becomes critical enough to disrupt network availability. Thanks to MOM, Progent can deal with looming problems before customers are aware that the problems exist. Progent offers help for MOM 2005 and MOM 2000 to offer small business networks enterprise-class service continuity, safety and productivity.

  • Windows Server 2012 Outsourced IT Services Atlanta, GA Windows 2008 Server Maintenance
  • Work at Home Employees Atlanta Consulting Services - VoIP Solutions Consulting Fulton County Georgia, America Work at Home Employees Atlanta Consulting Experts - VoIP Technology Consulting and Support Services Fulton County Georgia
  • Work at Home Employees Atlanta Expertise - Cloud Integration Technology Consulting and Support Services Atlanta Largest Teleworkers Atlanta Guidance - Cloud Integration Systems Consulting Atlanta
  • Work from Home Employees Atlanta Consultants - Setup Expertise Atlanta, Fulton County Telecommuters Atlanta Consulting and Support Services - Setup Consultants Atlanta, Fulton County

  • © 2002-2024 Progent Corporation. All rights reserved.