Crypto-Ransomware : Your Worst IT Nightmare
Crypto-Ransomware  Recovery ProfessionalsRansomware has become a modern cyber pandemic that presents an extinction-level danger for organizations vulnerable to an assault. Different iterations of ransomware like the CrySIS, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been out in the wild for a long time and continue to inflict havoc. More recent versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, as well as frequent as yet unnamed viruses, not only do encryption of on-line critical data but also infiltrate any configured system restores and backups. Data synchronized to cloud environments can also be rendered useless. In a poorly architected environment, it can make automatic restoration hopeless and effectively sets the datacenter back to square one.

Recovering services and information following a ransomware outage becomes a race against time as the victim fights to contain and remove the ransomware and to resume mission-critical activity. Because ransomware requires time to spread, attacks are usually sprung at night, when successful penetrations tend to take more time to discover. This compounds the difficulty of promptly marshalling and organizing a qualified mitigation team.

Progent makes available an assortment of solutions for protecting Atlanta businesses from ransomware events. These include team member education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based threat protection to detect and extinguish zero-day modern malware assaults. Progent in addition can provide the services of experienced crypto-ransomware recovery consultants with the talent and perseverance to reconstruct a compromised environment as rapidly as possible.

Progent's Crypto-Ransomware Recovery Support Services
Soon after a ransomware event, paying the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will return the needed keys to decrypt any or all of your data. Kaspersky Labs determined that 17% of ransomware victims never restored their data after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is greatly higher than the usual crypto-ransomware demands, which ZDNET determined to be in the range of $13,000 for small organizations. The other path is to re-install the vital parts of your IT environment. Without access to full data backups, this requires a wide complement of skills, well-coordinated project management, and the ability to work continuously until the job is complete.

For decades, Progent has provided expert Information Technology services for businesses across the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have attained advanced certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, and GIAC. (Refer to Progent's certifications). Progent in addition has experience in accounting and ERP applications. This breadth of experience affords Progent the capability to knowledgably determine necessary systems and organize the surviving parts of your Information Technology environment following a ransomware event and assemble them into an operational network.

Progent's recovery team utilizes state-of-the-art project management tools to coordinate the sophisticated restoration process. Progent understands the urgency of working rapidly and in unison with a customer's management and Information Technology staff to assign priority to tasks and to put essential applications back on line as soon as humanly possible.

Client Story: A Successful Crypto-Ransomware Intrusion Recovery
A client escalated to Progent after their organization was penetrated by the Ryuk ransomware. Ryuk is thought to have been deployed by Northern Korean state sponsored cybercriminals, possibly adopting algorithms leaked from America's NSA organization. Ryuk goes after specific organizations with little ability to sustain disruption and is one of the most profitable instances of ransomware malware. Major victims include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing business based in the Chicago metro area and has around 500 employees. The Ryuk penetration had disabled all business operations and manufacturing capabilities. Most of the client's data backups had been on-line at the time of the attack and were encrypted. The client was actively seeking loans for paying the ransom demand (more than $200K) and praying for the best, but ultimately called Progent.


"I cannot speak enough in regards to the support Progent gave us during the most critical period of (our) businesses life. We may have had to pay the hackers behind this attack if it wasn't for the confidence the Progent team provided us. The fact that you could get our e-mail and critical servers back into operation sooner than one week was earth shattering. Each staff member I got help from or communicated with at Progent was urgently focused on getting my company operational and was working at all hours to bail us out."

Progent worked hand in hand the client to rapidly get our arms around and assign priority to the key services that needed to be recovered in order to restart departmental functions:

  • Windows Active Directory
  • E-Mail
  • Accounting/MRP
To begin, Progent followed AV/Malware Processes incident mitigation industry best practices by stopping lateral movement and performing virus removal steps. Progent then started the task of rebuilding Microsoft AD, the key technology of enterprise networks built on Microsoft technology. Exchange messaging will not function without AD, and the customer's MRP applications used Microsoft SQL Server, which needs Windows AD for security authorization to the data.

Within 2 days, Progent was able to rebuild Active Directory to its pre-attack state. Progent then initiated rebuilding and hard drive recovery on key applications. All Microsoft Exchange Server ties and attributes were intact, which accelerated the rebuild of Exchange. Progent was able to locate non-encrypted OST files (Outlook Email Offline Data Files) on various PCs in order to recover email messages. A not too old offline backup of the customer's financials/MRP software made them able to return these vital programs back servicing users. Although a large amount of work remained to recover completely from the Ryuk attack, essential services were recovered rapidly:


"For the most part, the manufacturing operation did not miss a beat and we produced all customer deliverables."

During the next couple of weeks important milestones in the restoration process were made through tight collaboration between Progent engineers and the customer:

  • Self-hosted web applications were restored without losing any information.
  • The MailStore Microsoft Exchange Server exceeding 4 million historical emails was brought on-line and available for users.
  • CRM/Customer Orders/Invoices/AP/Accounts Receivables/Inventory Control functions were completely functional.
  • A new Palo Alto 850 firewall was installed.
  • Most of the user desktops and notebooks were operational.

"So much of what went on during the initial response is mostly a fog for me, but my management will not forget the care all of your team put in to help get our company back. I have been working together with Progent for the past ten years, maybe more, and each time I needed help Progent has impressed me and delivered. This event was a Herculean accomplishment."

Conclusion
A likely business disaster was avoided by results-oriented experts, a broad array of subject matter expertise, and close collaboration. Although in retrospect the ransomware penetration detailed here could have been shut down with up-to-date cyber security technology solutions and best practices, team training, and properly executed security procedures for data backup and keeping systems up to date with security patches, the reality is that government-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware incident, remember that Progent's team of experts has proven experience in crypto-ransomware virus defense, cleanup, and information systems disaster recovery.


"So, to Darrin, Matt, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others that were helping), thank you for letting me get rested after we made it over the initial push. All of you did an amazing job, and if any of your team is in the Chicago area, a great meal is the least I can do!"

Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Consulting Services in Atlanta
For ransomware system recovery services in the Atlanta metro area, call Progent at 800-462-8800 or visit Contact Progent.



An index of content::

  • 24 Hour SCCM 2007 Support and Setup Configuration Manager 2007 Support Outsourcing

  • WiFi 6/6E Solutions Specialists
    WiFi 6/6E Planning Professional

    Progent can show you how to plan, configure, manage, monitor, and repair an efficient Wireless LAN infrastructure, recommend sensible components, and configure access points, bridges, radio antennas, wireless controllers, and other wireless products. Progent can also show you how to put together a thorough wireless network security strategy that is well integrated with the security plan for your overall corporate network.

  • 24 Hour Work from Home Employees Consultants - Atlanta - Collaboration Systems Consulting Experts Atlanta Georgia, U.S.A. 24-Hour Atlanta Telecommuters Collaboration Technology Consultants Atlanta Hartsfield-Jackson Airport ATL
  • 24x7x365 Computer Help Atlanta, Georgia Atlanta, GA Network Manager
  • ATL 24 Hour Microsoft SQL 2008 Networking Firms Georgia Microsoft SQL Server 2016 Network Setup
  • At Home Workforce Expertise near me in Atlanta - Network Security Solutions Consulting and Support Services Atlanta, GA Atlanta Teleworkers Endpoint Security Systems Guidance Atlanta, Fulton County
  • Atlanta 24/7/365 Redhat Linux, Sun Solaris, UNIX Online Technical Support Ubuntu Linux, Sun Solaris, UNIX Consultant Services Atlanta Hartsfield-Jackson Airport ATL, United States

  • Specialist SCOM Microsoft Azure Monitoring
    SCOM Online Troubleshooting

    Progent's Microsoft-certified consultants have over 10 years of background designing, deploying, enhancing and troubleshooting SCOM solutions and can provide organizations of all sizes expert remote or onsite consulting services for SCOM 2012. Progent can help you to plan an architecture for SCOM 2012 servers that delivers the performance and availability needed to monitor your datacenter effectively, whether your datacenters are on-premises, in the cloud, or a mixed solution. Progent's SCOM consultants can also assist you to install and set up Microsoft SCOM 2012 management packs according to best practices for monitoring network infrastructure and Microsoft and 3rd-party applications and services. Also, Progent can deliver fast online or onsite technical support to assist you to remediate critical problems detected by System Center 2012 Operations Manager.

  • Atlanta Avaddon Ransomware Operational-Recovery Atlanta Hartsfield-Jackson Airport ATL Atlanta Locky Ransomware Remediation ATL
  • Atlanta Georgia Atlanta Expertise for Network Service Firms Top Rated Specialists for IT Service Organizations near Atlanta - Seamless Temporary Support Team Expansion Atlanta, Fulton County, USA
  • Atlanta Georgia Atlanta Work at Home Employees Integration Consulting and Support Services Offsite Workforce Atlanta Consulting Services - Infrastructure Consulting Services Marietta - Alpharetta
  • Atlanta IT Staff Augmentation Help Fulton County Georgia, United States Atlanta IT Staff Temps Help Fulton County Georgia

  • CCNP Certified School District Cisco Consulting
    Microsoft City Government Technology Professional

    Progent has extensive experience providing a full-spectrum of remote IT consulting and emergency troubleshooting services to local governments and schools across the U.S. Progent is one of the industry's pioneers in providing expert remote network consulting and has delivered IT solutions to organizations in every state. Online support saves travel costs and solves problems more quickly than onsite service calls.

  • Atlanta Maze Crypto-Ransomware Data-Recovery Atlanta Hartsfield-Jackson Airport ATL, USA Decatur - Buckhead - Norcross Atlanta NotPetya Ransomware Business Recovery

  • 24-Hour Windows Server 2016 VM Load Balancing Technical Consultant
    Windows Server 2016 Workgroup clusters Remote Technical Support

    Progent's Windows Server 2016 disaster recovery consultants can help your organization to plan and deploy a DR solution built around Microsoft's latest Failover Clustering tools such as Cluster OS Rolling Upgrade for non-disruptive migration to Windows Server 2016, Storage Replica for zero-data-loss recovery, Storage Spaces Direct for high-performance network-attached storage using low-cost hardware, VM Load Balancing for enhancing the speed and fault-tolerance of Failover Clusters while reducing capital investment and operational expenses, and Cloud Witness for easy, affordable deployment of a failover cluster quorum witness.

  • Atlanta Maze Crypto-Ransomware Forensics Analysis Georgia, U.S.A. 24/7/365 Atlanta Ransomware Forensics Atlanta, GA

  • Integration Hornetsecurity Altaro 365 Total OneDrive Backup
    Altaro Microsoft 365 Total Mailbox Backup Remote Consulting

    Progent is an authorized Hornetsecurity/Altaro partner and can plan, configure, and manage an implementation of 365 Total Backup to protect your Microsoft 365 user and group mailboxes, files stored within your company's OneDrive Accounts and SharePoint sites, Teams Chats, plus files on Windows laptops and desktops.

  • Atlanta Offsite Workforce Management Solutions Expertise Atlanta Atlanta At Home Workforce Endpoint Management Solutions Consultants Fulton County Georgia
  • Atlanta Ransomware NotPetya Readiness Checkup Atlanta Ransomware Netwalker Preparedness Testing
  • Atlanta Ransomware Settlement Consultants Atlanta Georgia Atlanta Sodinokibi Ransomware Negotiation Expertise Atlanta Georgia, US
  • Top Atlanta Ryuk Ransomware Virus Cleanup Fulton County Georgia
  • Atlanta, GA Windows Server 2012 Administration Atlanta Hartsfield-Jackson Airport ATL Windows Server 2016 Migration Companies
  • Biggest Atlanta Ryuk Ransomware Blocking Marietta - Alpharetta Atlanta Ransomware Blocking Fulton County Georgia, United States
  • Cisco Network Installation Atlanta, GA, U.S.A. Cisco IT Consulting Companies Atlanta Georgia
  • Colocation Center Network Consulting Firm Marietta - Alpharetta Small Business IT Consultants Co-Location Facility ATL
  • Computer Consulting Firms Microsoft Office 2003 Biggest Microsoft Windows Systems Consultant
  • Atlanta Sodinokibi Crypto-Ransomware Remediation Decatur - Buckhead - Norcross
  • Consulting Services Microsoft Windows 7 Upgrade 24 Hour Support Services Windows 7
  • Emergency Atlanta, Georgia Small Business IT Consulting Atlanta, Georgia Consulting Companies
  • Emergency Consulting Company Arkansas Utah Network Support Technician
  • Firewall Audit Marietta - Alpharetta Security Security Auditor Atlanta, Fulton County
  • ISA Server Services ISA Server Professional
  • Largest ISA Server Network Consultant Remote Support Microsoft ISA 2004 Server

  • Largest Microsoft Windows 11 Configuration Manager Consultant Services
    Cisco Certified Expert Microsoft Windows 11 Upgrade Technical Services

    Progent's Windows 11 consulting experts can provide an array of services to support Windows 11 including cloud and hybrid integration, mobile device management, telecommuter access, data and identity security, streamlined deployment, and Help Desk Call Center services.

  • MCSE MCSA MCDBA MCIPT MCA Remote Support Part Time Jobs Atlanta, Fulton County Contractor Jobs Microsoft MCDBA Consultant Atlanta Hartsfield-Jackson Airport ATL

  • Information Technology Consulting Remote Wireless Site Survey
    Technology Consulting Wi-Fi Site Survey

    Progent's Wi-Fi site survey services assist you to plan, deploy and troubleshoot a Wi-Fi network customized for your environment, providing you a wireless solution that delivers the reception, speed, density, security, and roaming capability your company needs.

  • MS Dynamics GP Premier Partner in Atlanta - Upgrades Consultants Atlanta Hartsfield-Jackson Airport ATL, America MS Dynamics GP (Great Plains) Reseller near Atlanta - Installation Help Atlanta, Fulton County

  • Immediate Testing Juniper SSG Series Router
    Network Consulting Juniper SSG Firewall

    Progent's Juniper-certified consultants can help your business plan the deployment of Juniper SSG integrated firewall/VPN products, configure security policies to match your operational requirements, set up network OS software to streamline management processes, migrate from legacy Juniper products, and troubleshoot infrastructure issues.

  • Ransomware Cleanup Experts Decatur - Buckhead - Norcross Immediate Atlanta CryptoLocker Recovery Support Services Georgia, United States
  • Ransomware Removal and Restore Atlanta Georgia Ryuk Ransomware Hot Line Atlanta Georgia
  • Remote Atlanta At Home Workforce Conferencing Technology Consulting Atlanta Georgia Atlanta Georgia Telecommuters Atlanta Consulting and Support Services - Video Conferencing Systems Consultants

  • Cisco Firepower 4000 Series Firewalls Support Services
    Online Support Cisco Firepower AMP

    Cisco's Firepower Next Generation Firewalls provide a major performance improvement over Cisco's previous-generation ASA 5500-X firewalls and include unified control of advanced cybersecurity features like application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), DDoS mitigation, and multi-node sandboxing. Progent's Cisco CCIE firewall experts can help you to design and carry out an efficient upgrade to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower appliances with Cisco's cloud-based services to build and centrally control IT environments that include local offices, data centers, private clouds and public clouds.

  • Remote Work from Home Employees Consulting Services near me in Atlanta - Cloud Integration Technology Consulting Georgia Atlanta Remote Workforce Cloud Integration Systems Consulting Experts Marietta - Alpharetta
  • Remote Workers Atlanta Consulting and Support Services - Data Protection Technology Consultants Teleworkers Atlanta Expertise - Backup/Recovery Technology Consulting Experts Decatur - Buckhead - Norcross, United States
  • Atlanta Conti Ransomware System-Rebuild Georgia
  • Remote Workforce Atlanta Consulting and Support Services - Call Desk Augmentation Assistance Fulton County Georgia Open Now Work from Home Employees Consulting and Support Services near me in Atlanta - Help Desk Outsourcing Expertise Atlanta, GA, United States

  • Oracle 10g Help and Support
    Consultants Oracle Recovery Manager

    Progent can provide fast and affordable remote access to an authorized Oracle database administration consultant or an Oracle application programmer. Progent offers advanced database administration services for any version of Oracle's RDBMS platform and can also help plan, build, update, or troubleshoot Oracle database applications based on SQL and PL/SQL stored procedure programming language. Progent also provides consulting for Data Guard and Streams replication tools and Oracle Database Resource Manage.

  • Atlanta Egregor Ransomware Data-Recovery Atlanta Georgia
  • Remote Workforce Atlanta Expertise - IP Voice Technology Consultants Fulton County Georgia Work at Home Employees Atlanta Guidance - VoIP Technology Consulting Services
  • SharePoint 2019 SMTP Authentication Online Support SharePoint 2019 Modern Search Online Troubleshooting
  • SharePoint Server 2010 Network Consultants Microsoft SharePoint Server 2007 Professional Atlanta, Fulton County

  • Datacenter Monitoring Professionals
    System Center Operations Manager Integration

    Progent's Microsoft-certified consultants have more than 10 years of experience designing, deploying, optimizing and troubleshooting Microsoft SCOM environments and offer companies of any size advanced online or onsite consulting services for System Center 2012 Operations Manager. Progent can help you to design an architecture for System Center 2012 Operations Manager servers that provides the responsiveness and resilience required to monitor your IT resources effectively, whether your infrastructure are onsite, in the cloud, or a mixed environment. Progent's SCOM consultants can also help you to import and set up SCOM 2012 management packs according to leading practices for tracking network infrastructure and both Microsoft and third-party apps and services. Also, Progent can deliver fast online or on-premises technical support to help you to fix serious problems uncovered by System Center 2012 Operations Manager.

  • Software Support Microsoft Exchange Server 2013 Exchange Server 2013 Solutions Provider
  • Top Rated Work at Home Employees Atlanta Consulting Services - Integration Solutions Consulting and Support Services Atlanta Georgia Immediate Atlanta Offsite Workforce Support Expertise Atlanta Georgia
  • Urgent BlackBerry Wireless Systems Consultant Fulton County Georgia BlackBerry Wireless Computer Network Support Atlanta, Fulton County

  • Immediate Extended Call Center Computer Consultants
    Support Desk Sharing Network Consultants

    Progent's Standard Help Desk Services offer an end-to-end solution that handles all aspects of online Level 1 desktop support from service requests through trouble ticket generation, screen sharing, progress tracking, problem solving, and management reports. Help Desk services are offered at a significant discount from Progent's normal desktop support rates, and Progent offers the option of rapid as-needed escalation to subject matter experts to resolve the most issues.

  • Windows 8.1 Migration Migration Help Windows 8.1 Client Hyper-V Network Consult
  • Wireless Link Remote Support 24x7x365 Technical Consultant Proxim

  • © 2002-2023 Progent Corporation. All rights reserved.