Atlanta 24-7 Urgent Ransomware
Computer Malware Identification and Removal Experts

Crypto-Ransomware : Your Crippling Information Technology Disaster
Ransomware has become an escalating cyberplague that represents an enterprise-level danger for businesses of all sizes poorly prepared for an attack. Multiple generations of ransomware such as CryptoLocker, CryptoWall, Locky, SamSam and MongoLock cryptoworms have been replicating for many years and still inflict destruction. Recent strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch or Egregor, as well as more as yet unnamed newcomers, not only do encryption of on-line data files but also infiltrate any available system restores and backups. Files synchronized to the cloud can also be corrupted. In a poorly designed data protection solution, this can make any restore operations useless and basically knocks the network back to square one.

Restoring programs and information after a ransomware outage becomes a sprint against time as the victim struggles to stop the spread, clear the crypto-ransomware, and resume enterprise-critical operations. Because ransomware takes time to move laterally, penetrations are often sprung during nights and weekends, when successful attacks tend to take longer to uncover. This compounds the difficulty of promptly marshalling and orchestrating a qualified mitigation team.

Progent provides a range of solutions for protecting businesses from ransomware events. These include staff education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for remote monitoring and management, plus setup and configuration of modern security gateways with artificial intelligence capabilities from SentinelOne to detect and quarantine new threats intelligently. Progent also offers the assistance of veteran ransomware recovery professionals with the talent and commitment to restore a compromised network as quickly as possible.

Progent's Crypto-Ransomware Recovery Help
Following a ransomware penetration, paying the ransom demands in cryptocurrency does not provide any assurance that criminal gangs will return the keys to decrypt any of your data. Kaspersky determined that seventeen percent of ransomware victims never recovered their data after having paid the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom demand can reach millions of dollars. The alternative is to setup from scratch the vital elements of your IT environment. Absent access to essential information backups, this calls for a broad complement of skills, well-coordinated project management, and the capability to work continuously until the job is done.

For two decades, Progent has made available professional IT services for businesses across the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have attained high-level industry certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have garnered internationally-recognized certifications including CISA, CISSP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience in accounting and ERP software solutions. This breadth of expertise affords Progent the skills to rapidly understand critical systems and organize the surviving components of your IT system following a ransomware attack and configure them into a functioning network.

Progent's ransomware group has top notch project management tools to coordinate the complicated restoration process. Progent appreciates the urgency of working quickly and in concert with a customer's management and Information Technology resources to prioritize tasks and to get the most important services back on line as fast as humanly possible.

Business Case Study: A Successful Crypto-Ransomware Intrusion Response
A client engaged Progent after their company was brought down by Ryuk ransomware. Ryuk is generally considered to have been deployed by Northern Korean state criminal gangs, suspected of adopting algorithms exposed from the U.S. National Security Agency. Ryuk attacks specific organizations with limited tolerance for disruption and is one of the most lucrative instances of ransomware malware. High publicized victims include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing company headquartered in Chicago and has around 500 workers. The Ryuk event had frozen all essential operations and manufacturing processes. The majority of the client's data protection had been online at the beginning of the attack and were destroyed. The client was evaluating paying the ransom (in excess of two hundred thousand dollars) and praying for the best, but in the end utilized Progent.

Progent worked together with the customer to rapidly understand and assign priority to the key areas that needed to be addressed in order to continue departmental functions:

• Active Directory (AD)
• Microsoft Exchange
• Accounting and Manufacturing Software

Within two days, Progent was able to rebuild Active Directory services to its pre-intrusion state. Progent then assisted with reinstallations and storage recovery on essential systems. All Exchange data and configuration information were usable, which accelerated the rebuild of Exchange. Progent was able to collect intact OST data files (Outlook Off-Line Data Files) on team workstations and laptops in order to recover email messages. A not too old off-line backup of the customer's financials/MRP systems made them able to recover these vital applications back servicing users. Although a lot of work needed to be completed to recover fully from the Ryuk attack, core services were restored rapidly:

Over the next few weeks key milestones in the recovery project were accomplished through tight cooperation between Progent consultants and the client:

• Internal web applications were restored without losing any information.
• The MailStore Server with over 4 million archived emails was brought online and available for users.
• CRM/Orders/Invoices/Accounts Payable (AP)/Accounts Receivables (AR)/Inventory Control functions were completely restored.
• A new Palo Alto 850 firewall was installed and configured.
• 90% of the user desktops and notebooks were back into operation.

Conclusion
A possible business extinction disaster was dodged through the efforts of top-tier experts, a wide range of knowledge, and tight collaboration. Although upon completion of forensics the crypto-ransomware virus incident detailed here could have been prevented with up-to-date cyber security solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, staff education, and properly executed security procedures for information backup and proper patching controls, the fact is that state-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a ransomware attack, feel confident that Progent's roster of professionals has substantial experience in ransomware virus blocking, removal, and information systems recovery.

To review or download a PDF version of this case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Crypto-Ransomware Protection Services Offered by Progent
Progent can provide companies in Atlanta a portfolio of online monitoring and security evaluation services designed to help you to reduce the threat from crypto-ransomware. These services utilize next-generation AI capability to detect new variants of ransomware that are able to escape detection by traditional signature-based anti-virus products.

• ProSight LAN Watch: Server and Desktop Remote Monitoring
  ProSight LAN Watch is Progent's server and desktop remote monitoring managed service that incorporates advanced remote monitoring and management (RMM) techniques to keep your IT system operating efficiently by tracking the health of vital computers that power your information system. When ProSight LAN Watch detects an issue, an alarm is transmitted automatically to your specified IT management personnel and your assigned Progent engineering consultant so that all potential problems can be resolved before they can disrupt your network. Find out more about ProSight LAN Watch server and desktop monitoring consulting.

• ProSight LAN Watch with NinjaOne RMM: Centralized RMM for Networks, Servers, and Workstations
  ProSight LAN Watch with NinjaOne RMM software delivers a unified, cloud-driven solution for monitoring and managing your network, server, and desktop devices by offering tools for streamlining common tedious tasks. These include health checking, patch management, automated repairs, endpoint configuration, backup and recovery, anti-virus protection, remote access, standard and custom scripts, resource inventory, endpoint profile reports, and debugging assistance. When ProSight LAN Watch with NinjaOne RMM spots a serious incident, it sends an alarm to your designated IT management personnel and your assigned Progent consultant so potential issues can be fixed before they interfere with productivity. Learn more details about ProSight LAN Watch with NinjaOne RMM server and desktop monitoring consulting.

• ProSight WAN Watch: Infrastructure Remote Monitoring and Management
  ProSight WAN Watch is an infrastructure management service that makes it easy and inexpensive for small and mid-sized businesses to diagram, monitor, reconfigure and troubleshoot their networking hardware like switches, firewalls, and access points plus servers, client computers and other devices. Incorporating state-of-the-art Remote Monitoring and Management (RMM) technology, ProSight WAN Watch ensures that infrastructure topology maps are kept updated, captures and displays the configuration information of almost all devices connected to your network, tracks performance, and generates notices when problems are detected. By automating complex network management activities, WAN Watch can cut hours off ordinary chores such as network mapping, reconfiguring your network, finding devices that require important updates, or isolating performance problems. Learn more details about ProSight WAN Watch infrastructure monitoring and management services.

• ProSight Reporting: In-depth Reporting for Ticketing and Network Monitoring Platforms
  ProSight Reporting is an expanding family of real-time and in-depth reporting tools created to integrate with the industry's top ticketing and network monitoring platforms including ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting uses Microsoft Graph and utilizes color coding to highlight and contextualize critical issues such as inconsistent support follow-through or endpoints with missing patches. By exposing ticketing or network health concerns concisely and in near-real time, ProSight Reporting enhances productivity, lowers management overhead, and saves money. For details, see ProSight Reporting for ticketing and network monitoring applications.

• ProSight Data Protection Services (DPS): Managed Backup and Disaster Recovery Services
  Progent has partnered with advanced backup/restore software companies to create ProSight Data Protection Services (DPS), a family of subscription-based offerings that deliver backup-as-a-service. ProSight DPS services automate and track your backup operations and allow non-disruptive backup and fast restoration of critical files, apps, system images, plus virtual machines. ProSight DPS lets you avoid data loss resulting from hardware failures, natural calamities, fire, cyber attacks such as ransomware, human error, ill-intentioned insiders, or software glitches. Managed services available in the ProSight DPS product line include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup using Barracuda purpose-built hardware, and ProSight MSP360 Hybrid Backup. Your Progent consultant can assist you to identify which of these fully managed backup services are most appropriate for your network.

• ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
  ProSight Email Guard is Progent's spam and virus filtering and email encryption service that incorporates the technology of leading information security vendors to deliver web-based management and comprehensive security for all your inbound and outbound email. The hybrid architecture of Email Guard managed service integrates cloud-based filtering with a local gateway device to offer advanced protection against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks, and other email-borne malware. Email Guard's Cloud Protection Layer serves as a preliminary barricade and blocks the vast majority of unwanted email from making it to your security perimeter. This reduces your exposure to external attacks and conserves network bandwidth and storage space. Email Guard's on-premises security gateway device adds a further level of analysis for inbound email. For outbound email, the on-premises security gateway offers anti-virus and anti-spam protection, DLP, and email encryption. The local security gateway can also help Exchange Server to track and protect internal email that stays within your corporate firewall. For more details, see Email Guard spam and content filtering.

• ProSight Duo Two-Factor Authentication: ID Confirmation, Endpoint Policy Enforcement, and Protected Single Sign-on (SSO)
  Progent's Duo authentication services utilize Cisco's Duo technology to defend against password theft by using two-factor authentication. Duo enables one-tap identity confirmation with iOS, Android, and other personal devices. With Duo 2FA, when you log into a secured online account and give your password you are asked to verify your identity on a unit that only you possess and that uses a separate network channel. A broad range of out-of-band devices can be utilized as this second form of authentication such as a smartphone or watch, a hardware/software token, a landline telephone, etc. You may register multiple verification devices. For details about ProSight Duo identity validation services, refer to Cisco Duo MFA two-factor authentication (2FA) services.

• Progent's Outsourced/Shared Service Desk: Help Desk Managed Services
  Progent's Call Center services enable your IT group to outsource Support Desk services to Progent or split activity for support services transparently between your in-house network support team and Progent's extensive roster of IT support engineers and subject matter experts. Progent's Shared Help Desk Service offers a transparent supplement to your internal network support organization. End user interaction with the Service Desk, provision of support services, problem escalation, ticket creation and tracking, performance measurement, and management of the support database are cohesive regardless of whether incidents are taken care of by your core support group, by Progent, or both. Read more about Progent's outsourced/co-managed Service Desk services.

• Active Defense Against Ransomware: Machine Learning-based Ransomware Detection and Remediation
  Progent's Active Protection Against Ransomware is an endpoint protection solution that incorporates next generation behavior-based analysis technology to guard endpoints as well as physical and virtual servers against modern malware assaults like ransomware and file-less exploits, which routinely get by traditional signature-based anti-virus products. Progent ASM services protect local and cloud-based resources and offers a unified platform to address the complete malware attack progression including filtering, detection, mitigation, remediation, and post-attack forensics. Key capabilities include one-click rollback with Windows Volume Shadow Copy Service (VSS) and automatic network-wide immunization against newly discovered threats. Learn more about Progent's ransomware protection and cleanup services.

• ProSight IT Asset Management: Network Documentation Management
  Progent's ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to create, maintain, find and safeguard data about your network infrastructure, processes, applications, and services. You can quickly locate passwords or IP addresses and be alerted automatically about impending expirations of SSLs or warranties. By cleaning up and organizing your IT documentation, you can save up to half of time spent trying to find vital information about your network. ProSight IT Asset Management includes a centralized repository for holding and sharing all documents required for managing your business network such as standard operating procedures and self-service instructions. ProSight IT Asset Management also supports a high level of automation for gathering and relating IT information. Whether you're making improvements, doing maintenance, or reacting to a crisis, ProSight IT Asset Management delivers the information you require when you need it. Read more about Progent's ProSight IT Asset Management service.

• Patch Management: Patch Management Services
  Progent's managed services for patch management offer organizations of any size a versatile and cost-effective alternative for assessing, validating, scheduling, applying, and documenting updates to your dynamic IT network. In addition to optimizing the security and functionality of your computer network, Progent's patch management services allow your in-house IT staff to focus on more strategic projects and tasks that derive maximum business value from your information network. Find out more about Progent's patch management services.

• ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
  With Progent's ProSight Virtual Hosting service, a small business can have its critical servers and apps hosted in a protected Tier III data center on a high-performance virtual machine host configured and maintained by Progent's IT support experts. With Progent's ProSight Virtual Hosting model, the customer owns the data, the OS platforms, and the applications. Because the system is virtualized, it can be ported easily to a different hardware solution without requiring a lengthy and difficult reinstallation process. With ProSight Virtual Hosting, your business is not tied a single hosting provider. Learn more about ProSight Virtual Hosting services.

• ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
  Progent's ProSight Active Security Monitoring is an endpoint protection (EPP) solution that utilizes SentinelOne's next generation behavior-based machine learning technology to defend physical and virtual endpoint devices against new malware attacks like ransomware and email phishing, which easily escape legacy signature-matching AV products. ProSight ASM safeguards on-premises and cloud-based resources and offers a unified platform to address the complete malware attack lifecycle including filtering, infiltration detection, containment, remediation, and post-attack forensics. Key features include single-click rollback with Windows Volume Shadow Copy Service (VSS) and automatic system-wide immunization against new attacks. Progent is a SentinelOne Partner, reseller, and integrator. Read more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense.

• ProSight Enhanced Security Protection (ESP): Endpoint Protection and Microsoft Exchange Email Filtering
  Progent's ProSight Enhanced Security Protection managed services deliver affordable in-depth protection for physical and virtual servers, desktops, smartphones, and Exchange Server. ProSight ESP uses adaptive security and advanced machine learning for continuously monitoring and reacting to cyber assaults from all vectors. ProSight ESP offers firewall protection, penetration alerts, device control, and web filtering via cutting-edge technologies packaged within one agent managed from a single console. Progent's security and virtualization consultants can assist you to plan and configure a ProSight ESP deployment that meets your company's specific requirements and that allows you achieve and demonstrate compliance with government and industry data security regulations. Progent will assist you specify and configure policies that ProSight ESP will manage, and Progent will monitor your network and respond to alerts that require immediate action. Progent can also assist your company to install and test a backup and restore solution such as ProSight Data Protection Services so you can get back in business quickly from a destructive security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint protection and Exchange filtering.