Crypto-Ransomware : Your Crippling IT Nightmare
Ransomware  Recovery ExpertsRansomware has become a modern cyber pandemic that represents an existential danger for organizations vulnerable to an attack. Different iterations of ransomware like the Reveton, CryptoWall, Locky, SamSam and MongoLock cryptoworms have been replicating for years and continue to inflict havoc. More recent versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, plus frequent as yet unnamed newcomers, not only encrypt on-line data but also infiltrate many accessible system restores and backups. Information synchronized to the cloud can also be corrupted. In a poorly designed data protection solution, this can render automated recovery impossible and effectively knocks the network back to zero.

Recovering applications and data after a crypto-ransomware attack becomes a race against the clock as the targeted business tries its best to contain the damage and cleanup the virus and to resume mission-critical activity. Due to the fact that ransomware needs time to move laterally, assaults are frequently launched at night, when successful penetrations tend to take more time to uncover. This compounds the difficulty of rapidly assembling and organizing a knowledgeable response team.

Progent has a variety of services for securing Atlanta enterprises from crypto-ransomware events. These include user education to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based cyberthreat defense to discover and quarantine day-zero malware assaults. Progent also offers the assistance of experienced ransomware recovery engineers with the track record and commitment to re-deploy a breached environment as rapidly as possible.

Progent's Ransomware Recovery Help
Soon after a ransomware attack, even paying the ransom in Bitcoin cryptocurrency does not provide any assurance that cyber criminals will provide the codes to unencrypt any of your information. Kaspersky determined that 17% of ransomware victims never recovered their files even after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly above the typical ransomware demands, which ZDNET estimated to be in the range of $13,000 for small businesses. The other path is to re-install the vital elements of your Information Technology environment. Absent the availability of essential data backups, this requires a wide complement of skill sets, top notch project management, and the capability to work 24x7 until the job is complete.

For decades, Progent has made available professional Information Technology services for businesses across the United States and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes engineers who have earned advanced industry certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security experts have garnered internationally-recognized certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has experience with financial systems and ERP software solutions. This breadth of experience provides Progent the skills to quickly determine necessary systems and consolidate the surviving parts of your Information Technology system following a ransomware event and rebuild them into an operational system.

Progent's security team utilizes state-of-the-art project management tools to orchestrate the complex recovery process. Progent appreciates the importance of acting rapidly and together with a client's management and Information Technology resources to assign priority to tasks and to put critical applications back on line as soon as possible.

Customer Story: A Successful Ransomware Attack Restoration
A customer hired Progent after their company was taken over by Ryuk ransomware. Ryuk is believed to have been created by Northern Korean state sponsored hackers, suspected of using techniques leaked from the United States NSA organization. Ryuk targets specific organizations with little ability to sustain operational disruption and is one of the most lucrative iterations of ransomware malware. High publicized targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing company located in Chicago and has around 500 staff members. The Ryuk penetration had paralyzed all company operations and manufacturing capabilities. Most of the client's data backups had been on-line at the time of the intrusion and were destroyed. The client was actively seeking loans for paying the ransom demand (exceeding $200K) and praying for the best, but ultimately made the decision to use Progent.


"I cannot tell you enough about the support Progent provided us throughout the most stressful time of (our) company's survival. We may have had to pay the criminal gangs if it wasn't for the confidence the Progent group provided us. That you were able to get our e-mail and important applications back online sooner than one week was beyond my wildest dreams. Each expert I interacted with or e-mailed at Progent was urgently focused on getting our company operational and was working all day and night to bail us out."

Progent worked hand in hand the customer to quickly understand and assign priority to the mission critical elements that needed to be addressed to make it possible to resume business functions:

  • Active Directory (AD)
  • E-Mail
  • Accounting and Manufacturing Software
To start, Progent followed Anti-virus event mitigation industry best practices by stopping the spread and clearing infected systems. Progent then initiated the work of bringing back online Microsoft AD, the heart of enterprise systems built on Microsoft Windows Server technology. Microsoft Exchange Server email will not function without Active Directory, and the customer's financials and MRP software used SQL Server, which requires Active Directory for authentication to the databases.

In less than 2 days, Progent was able to re-build Windows Active Directory to its pre-attack state. Progent then assisted with reinstallations and storage recovery on mission critical servers. All Microsoft Exchange Server ties and attributes were intact, which facilitated the restore of Exchange. Progent was also able to find local OST files (Outlook Email Off-Line Data Files) on user workstations and laptops to recover email data. A recent offline backup of the client's accounting software made it possible to return these essential programs back available to users. Although major work still had to be done to recover totally from the Ryuk attack, critical services were recovered rapidly:


"For the most part, the production line operation never missed a beat and we delivered all customer sales."

During the next couple of weeks key milestones in the recovery project were completed in close cooperation between Progent consultants and the client:

  • In-house web applications were restored without losing any information.
  • The MailStore Server exceeding 4 million historical messages was brought on-line and available for users.
  • CRM/Orders/Invoices/Accounts Payable (AP)/AR/Inventory capabilities were 100 percent restored.
  • A new Palo Alto Networks 850 security appliance was deployed.
  • Nearly all of the user desktops and notebooks were operational.

"A huge amount of what was accomplished that first week is mostly a blur for me, but my management will not soon forget the countless hours each of the team put in to give us our company back. I have utilized Progent for at least 10 years, maybe more, and every time Progent has come through and delivered. This situation was no exception but maybe more Herculean."

Conclusion
A possible business-ending disaster was evaded with top-tier experts, a broad array of knowledge, and tight teamwork. Although in retrospect the ransomware attack detailed here would have been shut down with up-to-date cyber security technology and ISO/IEC 27001 best practices, user and IT administrator training, and well designed security procedures for backup and applying software patches, the fact is that state-sponsored cyber criminals from China, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware incident, feel confident that Progent's roster of professionals has a proven track record in ransomware virus blocking, mitigation, and information systems restoration.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Chris (and any others that were involved), thank you for allowing me to get some sleep after we got through the initial push. All of you did an fabulous job, and if anyone that helped is around the Chicago area, dinner is the least I can do!"

Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Restoration Expertise in Atlanta
For ransomware recovery consulting services in the Atlanta area, phone Progent at 800-462-8800 or see Contact Progent.



An index of content::

  • 24x7x365 Telecommuters Assistance near Atlanta - Network Security Solutions Consulting Work at Home Employees Consultants nearby Atlanta - Endpoint Security Solutions Consulting Experts Decatur - Buckhead - Norcross
  • Amazon Marketplace Web Service integration Integration Companies 24/7 Amazon Marketplace Web Service integration Integration Firm
  • At Home Workforce Atlanta Consulting - Cloud Integration Systems Consulting Atlanta Hartsfield-Jackson Airport ATL Teleworkers Assistance near Atlanta - Cloud Integration Systems Consulting Services Fulton County Georgia
  • Atlanta At Home Workforce Atlanta Consulting Services - Call Desk Solutions Guidance Atlanta, GA Work at Home Employees Consultants nearby Atlanta - Help Desk Call Center Augmentation Consulting
  • Atlanta Atlanta Immediate Crypto Repair Services Atlanta Urgent Ransomware Remediation Atlanta, Fulton County
  • Atlanta Egregor Ransomware Forensics Atlanta Georgia Decatur - Buckhead - Norcross Atlanta WannaCry Ransomware Forensics Analysis
  • Atlanta Hartsfield-Jackson Airport ATL Atlanta Ransomware Ryuk Preparedness Evaluation Atlanta Ransomware Locky Susceptibility Assessment Georgia
  • Atlanta Hartsfield-Jackson Airport ATL Windows Server 2012 Information Technology Installation Service Atlanta Hartsfield-Jackson Airport ATL Windows Server 2012 Small Business IT Outsourcing Firm
  • Atlanta Maze Ransomware Mitigation Georgia Biggest Atlanta Sodinokibi Ransomware Data-Recovery Georgia
  • Atlanta Offsite Workforce Connectivity Consulting Atlanta Georgia Atlanta Telecommuters Integration Solutions Assistance ATL
  • Atlanta Offsite Workforce Endpoint Management Solutions Consultants Marietta - Alpharetta Teleworkers Consulting and Support Services nearby Atlanta - Management Tools Expertise Atlanta, GA
  • Atlanta Phobos Ransomware Negotiation Support Atlanta, GA, United States 24 Hour Atlanta Sodinokibi Crypto-Ransomware Settlement Help
  • Atlanta Short Term IT Staffing Services Atlanta, Fulton County, USA IT Staff Temps for Computer Support Groups
  • Atlanta Software Consultants On Site service Atlanta, Georgia

  • School District Professional
    Small Government Cisco Services

    Progent has extensive experience providing a full-spectrum of online IT consulting and urgent repair services to local governments and schools throughout the United States. Progent is one of the pioneers in delivering advanced online network consulting and has delivered network support to organizations in all 50 states. Online support eliminates travel costs and resolves issues more quickly than on-premises service calls.

  • Atlanta Spora Ransomware Recovery Atlanta Hartsfield-Jackson Airport ATL Atlanta Snatch Crypto-Ransomware Cleanup ATL
  • Atlanta Teleworkers Collaboration Solutions Consulting and Support Services Fulton County Georgia At Home Workforce Atlanta Consulting Services - Collaboration Systems Guidance
  • Atlanta WannaCry Ransomware System-Restoration ATL After Hours Atlanta Maze Ransomware Mitigation Atlanta
  • CISSP Auditor Atlanta Hartsfield-Jackson Airport ATL CISSP Security Audit Services Atlanta, Fulton County
  • Colo Remote Technical Support Decatur - Buckhead - Norcross, U.S.A. Internet Colocation Center Server Consultants Decatur - Buckhead - Norcross
  • Consult Internet Carrier Selection Specialists Internet Carrier Selection
  • Consulting Support for IT Support Providers near Atlanta - Temporary IT Support Assistance Fulton County Georgia Specialists for Atlanta Network Service Firms Decatur - Buckhead - Norcross

  • Ekahau Predictive Wi-Fi Site Modeling Online Support Services
    Ekahau Wi-Fi Planning Help and Support

    Progent's Ekahau-certified Wi-Fi experts can assist you to plan, install, enhance, manage and troubleshoot a Wi-Fi network optimized for your facilities. Progent offers online or onsite expertise for Ekahau Pro for predictive Wi-Fi design and Ekahau Sidekick for onsite RF signal measurement.

  • Atlanta Egregor Crypto-Ransomware File-Recovery Georgia
  • Contract Development DotNET Software Expert Microsoft Certified DotNET Framework Integration Companies
  • Exchange Server 2013 Technology Consultants Atlanta, GA, U.S.A. Exchange Server 2019 Software Consulting Services Fulton County Georgia

  • Microsoft Onsite Technical Support Exchange 2013
    Open Now Exchange 2003 Server Computer Consulting

    Progent's Microsoft-certified consultants have 20 years of background planning, integrating, and maintaining email solutions for clients in the and across the United States. Progent offers affordable Microsoft Exchange Servers consulting support to ensure that your email environment features security, high uptime, easy connectivity for off-site and wireless users, efficient administrative utilities, and seamless integration with telephony. Progent provides expertise and support services for Exchange 2016 Server, Exchange 2013 Server, Exchange 2010, MS Exchange 2007, Microsoft Exchange 2003 Server, and Microsoft Exchange 2K Server. Progent can also assist small or mid-size companies to migrate to Microsoft Exchange 2016 or Microsoft Exchange 2013.

  • IT Services Aironet WiFi Management Specialist Aironet Wi-Fi Access Point

  • ProSight Windows Desktop Management Technology Consulting
    24-Hour Automated Desktop Monitoring Information Technology Consulting

    ProSight LAN Watch is Progent's server and endpoint monitoring service that incorporates state-of-the-art remote monitoring and management (RMM) techniques to keep your network running at peak levels by checking the state of critical devices that drive your IT network. When ProSight LAN Watch uncovers an issue, an alarm is sent automatically to your designated IT management staff and your assigned Progent consultant so any potential problems can be resolved before they can impact your business.

  • MCSE Expert Certified Atlanta System Engineers Atlanta, Georgia Integration Consulting
  • MCSE Remote Engineer Contract Job Atlanta Microsoft MCTS Remote Consulting Part-Time Job Fulton County Georgia
  • Microsoft Dynamics GP Vendor - Atlanta - Business Intelligence Expert Fulton County Georgia Immediate Microsoft Dynamics GP Supplier in Atlanta - Migration Experts Atlanta Georgia
  • Microsoft SQL Server 2016 IT Consulting Companies Decatur - Buckhead - Norcross Microsoft SQL 2008 Network Integration Marietta - Alpharetta
  • Offsite Workforce Expertise near Atlanta - Voice/Video Conferencing Technology Consulting Experts Teleworkers Assistance in Atlanta - Conferencing Solutions Consulting Services Atlanta Hartsfield-Jackson Airport ATL

  • Consultant Services Full Service Outsourcing
    CIO Outsourcing Engineer

    Progent is structured to provide in-depth remote consulting for all technical areas common to today's small company IT networks and allows you to outsource an array of vital, as-needed support services including a part-time Chief Information Officer to offer advanced planning and budgeting skills, a Call Center for help desk support, 24x7 remote monitoring, spam/virus protection as an outside-the-firewall service, project management help for major projects such as site moves orOS upgrades, connectivity consultants for designing fast and reliable infrastructure, security engineers to ensure data safety and regulatory compliance, disaster recovery experts to help design business continuity plans, and software developers to create, customize, or troubleshoot mission-critical applications.

  • Ransomware Data Recovery Decatur - Buckhead - Norcross Spora Ransomware Hot Line

  • Local Government Exchange Consulting Services
    Immediate County Government Exchange Consulting Services

    Progent has a long background providing a full-spectrum of remote network support and emergency troubleshooting services to local governments and school districts throughout the U.S. Progent is one of the pioneers in providing advanced remote network consulting and has delivered network solutions to organizations in every state. Online support saves travel expenses and solves problems more quickly than onsite support.

  • SQL Server 2014 Backup Computer Consulting Largest SQL Server 2014 AlwaysOn Availability Groups Technical Support Services

  • Immediate Work from Home Online Consulting
    Remote Working Support and Setup

    Progent has two decades of experience assisting small and medium-size businesses to plan, install, optimize, manage, and debug information networks that incorporate teleworkers.

  • Specialist SharePoint Server 2010 Atlanta Hartsfield-Jackson Airport ATL, United States Computer Consultants SharePoint 2010 Atlanta, GA

  • After Hours IT Consultant Cisco ASA firewall VPN
    ASA Firewalls Online Help

    Progent's certified Cisco network security consultants offer expert PIX and ASA Firewall consulting support including infrastructure design, configuration, and management of Cisco firewall and Cisco security solutions. The PIX and ASA Series of Cisco firewall products delivers robust user and application policy enforcement, sophisticated attack defense, and secure access services. Ranging from economical, plug-and-play desktop devices for small and home businesses to scalable enterprise-grade appliances, Cisco PIX Firewall and ASA Firewalls provide advanced security, high throughput, and high availability for network environments of any size. PIX Firewalls and ASA Firewalls are based on a proven, specially designed operating system, eliminating possible OS-specific security gaps.

  • Suse Linux, Solaris, UNIX Online Help Atlanta, Fulton County Suse Linux, Solaris, UNIX Technical Consultant Fulton County Georgia
  • Technical Support Organizations BlackBerry Software BlackBerry Enterprise Server Computer Consultant Georgia, US
  • Atlanta Netwalker Ransomware Operational-Recovery
  • Telecommuters Consulting and Support Services in Atlanta - Setup Consulting Services Marietta - Alpharetta 24-7 Atlanta Offsite Workforce Integration Consulting Services

  • Antispam Consultants
    Postini Reseller

    E-Mail Guard is Progent's affordable antispam and virus protection service that offers small businesses enterprise-quality protection from spam, viruses, DHA attacks, and other types of email-borne attacks on computer networks. E-Mail Guard is built on Postini's perimeter management technology, a comprehensive suite of web-managed antispam and anti-virus services that stop email assaults before they can breech the corporate firewall. Perimeter Manager also lets administrators monitor and control their e-mail application, irrespective of server vendor, hardware technology, or geographic location.

  • Teleworkers Atlanta Assistance - Backup/Restore Technology Consulting ATL 24/7/365 Teleworkers Atlanta Guidance - Backup Systems Consultants Atlanta Hartsfield-Jackson Airport ATL

  • Redhat Linux On-site Technical Support
    Mandriva Linux Consultants

    If your company is developing Linux-based software on a network that has MS Windows-based processors, PCs, and office productivity products, Progent offers full-service network support outsourcing that allows you to concentrate on your field of strategic know-how while avoiding the constant distraction of managing your business network. Through the use of automated server monitoring and by providing online and on-site support as your company needs it, Progent offers an affordable way for supporting an information network that features high reliability, security, and efficiency. Progent's Linux developer assistance offerings include comprehensive network support outsourcing, virtual server infrastructure, remote and on-premises service and troubleshooting, proactive network monitoring, and Help Desk Call Center services.

  • Teleworkers Guidance nearby Atlanta - IP Voice Solutions Guidance Atlanta, GA, US Work at Home Employees Atlanta Assistance - IP Voice Solutions Consulting and Support Services Georgia
  • Urgent IT Technical Support Company Cisco Georgia Cisco Computer Consulting Group Atlanta Georgia

  • © 2002-2023 Progent Corporation. All rights reserved.