Ransomware : Your Worst Information Technology Nightmare
Ransomware  Recovery ExpertsRansomware has become a too-frequent cyber pandemic that presents an enterprise-level threat for businesses of all sizes unprepared for an attack. Multiple generations of ransomware such as Dharma, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for many years and still inflict damage. Modern strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with more unnamed viruses, not only encrypt on-line data but also infect any configured system protection mechanisms. Data synchronized to off-site disaster recovery sites can also be corrupted. In a poorly designed system, this can render any restoration hopeless and basically knocks the entire system back to zero.

Restoring programs and information following a ransomware intrusion becomes a sprint against the clock as the targeted business tries its best to contain the damage and eradicate the virus and to restore mission-critical activity. Since ransomware takes time to spread, penetrations are usually sprung on weekends and holidays, when attacks are likely to take more time to detect. This multiplies the difficulty of quickly mobilizing and coordinating a qualified response team.

Progent provides a variety of help services for protecting Beverly Hills businesses from crypto-ransomware attacks. Among these are team member training to help recognize and not fall victim to phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based cyberthreat defense to detect and extinguish zero-day malware attacks. Progent also offers the services of seasoned crypto-ransomware recovery professionals with the talent and commitment to re-deploy a breached system as soon as possible.

Progent's Ransomware Recovery Help
Subsequent to a ransomware event, even paying the ransom demands in Bitcoin cryptocurrency does not ensure that merciless criminals will return the codes to unencrypt any of your data. Kaspersky Labs determined that seventeen percent of ransomware victims never restored their data even after having paid the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is well higher than the usual crypto-ransomware demands, which ZDNET determined to be around $13,000 for small organizations. The other path is to re-install the mission-critical parts of your IT environment. Without access to full data backups, this requires a wide range of skill sets, top notch project management, and the willingness to work continuously until the recovery project is done.

For twenty years, Progent has offered expert Information Technology services for businesses throughout the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have been awarded high-level industry certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity engineers have garnered internationally-recognized certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has experience in financial management and ERP software solutions. This breadth of experience gives Progent the capability to rapidly identify critical systems and consolidate the surviving parts of your computer network environment following a ransomware penetration and rebuild them into a functioning network.

Progent's ransomware group has powerful project management applications to orchestrate the sophisticated recovery process. Progent appreciates the importance of working rapidly and in concert with a client's management and Information Technology staff to prioritize tasks and to put key applications back online as soon as humanly possible.

Case Study: A Successful Ransomware Virus Response
A small business contacted Progent after their organization was penetrated by Ryuk crypto-ransomware. Ryuk is thought to have been launched by North Korean government sponsored criminal gangs, possibly using techniques exposed from the U.S. NSA organization. Ryuk seeks specific companies with limited ability to sustain disruption and is among the most lucrative examples of ransomware viruses. Major targets include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing company headquartered in the Chicago metro area with about 500 employees. The Ryuk event had disabled all company operations and manufacturing processes. The majority of the client's backups had been online at the beginning of the attack and were damaged. The client was evaluating paying the ransom demand (more than two hundred thousand dollars) and hoping for the best, but in the end brought in Progent.


"I cannot say enough in regards to the care Progent gave us throughout the most stressful time of (our) company's life. We may have had to pay the criminal gangs if not for the confidence the Progent experts afforded us. The fact that you were able to get our messaging and production servers back sooner than one week was beyond my wildest dreams. Each person I got help from or texted at Progent was totally committed on getting us back on-line and was working 24/7 to bail us out."

Progent worked hand in hand the client to quickly understand and prioritize the mission critical services that needed to be addressed in order to continue departmental operations:

  • Active Directory (AD)
  • Microsoft Exchange
  • MRP System
To get going, Progent adhered to ransomware penetration response industry best practices by halting lateral movement and disinfecting systems. Progent then started the process of recovering Microsoft AD, the heart of enterprise networks built upon Microsoft Windows Server technology. Exchange messaging will not operate without Windows AD, and the businesses' MRP system used Microsoft SQL, which needs Active Directory for authentication to the information.

In less than two days, Progent was able to recover Windows Active Directory to its pre-penetration state. Progent then helped perform reinstallations and storage recovery of needed systems. All Exchange ties and attributes were intact, which accelerated the rebuild of Exchange. Progent was also able to assemble non-encrypted OST files (Outlook Email Off-Line Data Files) on user workstations to recover email data. A not too old off-line backup of the client's accounting systems made them able to restore these required applications back on-line. Although major work still had to be done to recover totally from the Ryuk attack, core services were recovered quickly:


"For the most part, the assembly line operation showed little impact and we produced all customer sales."

Over the next few weeks critical milestones in the restoration project were accomplished through close collaboration between Progent consultants and the customer:

  • In-house web sites were restored with no loss of data.
  • The MailStore Microsoft Exchange Server with over 4 million archived messages was restored to operations and accessible to users.
  • CRM/Customer Orders/Invoices/AP/Accounts Receivables/Inventory Control capabilities were fully functional.
  • A new Palo Alto Networks 850 firewall was set up and programmed.
  • Most of the user desktops and notebooks were functioning as before the incident.

"So much of what happened in the initial days is mostly a blur for me, but my team will not soon forget the urgency all of you accomplished to give us our company back. I have been working with Progent for the past ten years, maybe more, and each time Progent has shined and delivered. This event was the most impressive ever."

Conclusion
A likely business extinction catastrophe was dodged due to dedicated experts, a broad array of IT skills, and tight collaboration. Although in post mortem the crypto-ransomware virus incident detailed here could have been prevented with modern security technology and ISO/IEC 27001 best practices, user education, and well thought out security procedures for information backup and applying software patches, the fact remains that state-sponsored hackers from China, Russia, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a crypto-ransomware attack, remember that Progent's team of experts has a proven track record in ransomware virus blocking, remediation, and file disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Tony (and any others who were helping), I'm grateful for letting me get some sleep after we got past the initial push. All of you did an impressive job, and if any of your guys is in the Chicago area, a great meal is on me!"

Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Consulting Services in Beverly Hills
For ransomware system recovery consulting services in the Beverly Hills metro area, call Progent at 800-462-8800 or see Contact Progent.



An index of content::

  • 24-Hour Expertise for Network Support Providers nearby Beverly Hills - Short-Term Support Staff Help Beverly Hills-West Hollywood Beverly Hills Consultants for IT Service Organizations Beverly Hills-West Hollywood
  • 24-Hour Network Installation Microsoft Exchange Beverly Hills, CA 24x7 Phone Support Microsoft Exchange Server 2007 Beverly Hills-Century City, CA

  • XenDesktop On-site Support
    Citrix virtual Windows desktops Engineers

    For Windows desktop virtualization, Progent offers the support of a Citrix XenDesktop consultant who can help you to plan a XenDesktop solution that maximizes the business value of your information system; configure XenDesktop software with your servers, user devices, and peripherals; upgrade your older virtual desktop software to current releases of XenDesktop; and provide advanced remote technical support. Progent can also train your network managers to follow best practices to manage your XenDesktop solution efficiently.

  • 24x7 Beverly Hills Ransomware Remediation Help Beverly Hills-West Hollywood Top Ranked Beverly Hills Crypto-Ransomware Removal Consultants Beverly Hills
  • 24x7 Idaho Information Technology Support Solution Providers Kentucky
  • At Home Workers Beverly Hills Expertise - Infrastructure Consultants Beverly Hills, CA Beverly Hills-Bel Air At Home Workers Beverly Hills Consulting Services - Setup Consulting Services
  • At Home Workers Beverly Hills Guidance - Network Security Systems Consulting Experts Beverly Hills Telecommuters Guidance - Beverly Hills - Cybersecurity Solutions Expertise Beverly Hills-Bel Air, California
  • Beverly Hills Crypto-Ransomware Ryuk Readiness Testing Beverly Hills-Westwood, California Beverly Hills Crypto-Ransomware Ryuk Vulnerability Testing
  • Beverly Hills Egregor Crypto-Ransomware Settlement Negotiation Consulting Beverly Hills-West Hollywood, CA Beverly Hills Egregor Crypto-Ransomware Negotiation Consulting
  • Beverly Hills Ransomware Malware Removal Beverly Hills-Bel Air, CA, United States Best Beverly Hills Crypto-Ransomware Business Recovery Beverly Hills, CA
  • Beverly Hills Remote Workforce Beverly Hills Consultants - VoIP Systems Assistance Remote Workforce Consulting - Beverly Hills - IP Voice Solutions Consulting Experts
  • Beverly Hills Remote Workforce Management Tools Guidance Beverly Hills-Bel Air, CA Beverly Hills Telecommuters Consulting and Support Services nearby Beverly Hills - Endpoint Management Solutions Consulting Services

  • Progent Cybersecurity Press Relations Consultants
    Progent Cybersecurity Experts in the News Consulting Services

    Progent in the News is hosted by cybersecurity expert Darrin Johnson.

  • Beverly Hills Snatch Crypto-Ransomware System-Restoration Beverly Hills Ryuk Remote Crypto-Ransomware Business Recovery Services Beverly Hills Beverly Hills
  • Beverly Hills Spora Crypto-Ransomware Mitigation Beverly Hills-Westwood, California Beverly Hills-Bel Air, CA After Hours Beverly Hills Sodinokibi Crypto-Ransomware Data-Recovery

  • Project 2016 Outsourced Programming
    Project Online Programming Company

    Progent's Microsoft-certified engineers can provide in-depth expertise in deploying, using and debugging all versions of Project, Microsoft Project Server, and Project Online and can deliver a wide variety of affordable online support services following industry best practices to help organizations of any size to get all the benefits of this powerful platform. Support services available from Progent include solution design, installation and migration, setting up safe file and status sharing among local and offsite users, network infrastructure optimization, and specialized online training.

  • Beverly Hills, CA Design Consultants Top Quality Beverly Hills-Westwood Consulting Service
  • Beverly Hills-Bel Air, California Top Rated Telecommuters Consulting Services nearby Beverly Hills - Collaboration Technology Consultants Offsite Workforce Consulting Experts - Beverly Hills - Collaboration Systems Assistance Beverly Hills-Bel Air, CA, US
  • Beverly Hills-West Hollywood Beverly Hills DopplePaymer Crypto-Ransomware Forensics Analysis Beverly Hills Ryuk Ransomware Incident Reporting Beverly Hills

  • Computer Engineer SCCM Endpoint Protection
    SCCM Primary Site Support and Integration

    System Center Configuration Manager automates software provisioning and updating, streamlines security and compliance settings management, keeps track of network assets, protects against company data leakage, performs network health reporting, allows safe end-user self service, and offers a single control mechanism for managing multi-OS networks based on on-premises, cloud-centric, or hybrid deployment models. Progent's Microsoft-certified Configuration Manager consultants and Microsoft Azure cloud integration specialists can assist businesses of any size with any aspect of designing, implementing, operating and repairing a SCCM deployment for local, cloud-based, or hybrid environments.

  • Beverly Hills-Westwood, California, USA Dynamics GP (Great Plains) Solution Provider in Beverly Hills - Reporting Expert Beverly Hills MS Dynamics GP (Great Plains) Vendor in Beverly Hills - Setup Development
  • Biggest Windows 2008 Server IT Consulting Firm Beverly Hills-West Hollywood 24-7 Technical Support Outsource Windows Server 2016 Beverly Hills California, America
  • Cisco Certified Expert Beverly Hills-Hollywood Network Solutions Microsoft and Cisco Beverly Hills Tech
  • Cybersecurity Tech Services CISSP Beverly Hills California Beverly Hills-Bel Air, CA, United States Firewall Cybersecurity Tech Services

  • Consulting Services Voice Over IP Phones
    CCIE Expert Certified Troubleshooting 8800 Series IP Phone

    Progent's Cisco CCIE-certified networking experts offer high-level support services for Cisco Unified Communications Manager (formerly CallManager). Progent can assist you to integrate VoIP phones, create dial plans, configure SIP trunking and PSTN support, deploy ISR G2 routers with CUBE support, and design UCS server high availability systems.

  • Beverly Hills Conti Crypto-Ransomware Data-Recovery Beverly Hills-Westwood, CA
  • Duo Zero Trust Cybersecurity Consultant Services Identity Verification Online Help
  • Microsoft Certified Partner Windows Server 2022 migration Computer Engineer Immediate Services Windows Server 2022 Encrypted Networks
  • Network Installation Cisco Beverly Hills Cisco Network Support Beverly Hills-Century City, California
  • Network Support Group Progent Start-Up Businesses Progent Small Companies Software Consultants
  • Open Now Beverly Hills Offsite Workforce Integration Solutions Consulting Beverly Hills-Westwood, California At Home Workers Beverly Hills Consultants - Support Consulting Services Beverly Hills-Century City, CA
  • Professionals Ubuntu Linux, Solaris, UNIX Beverly Hills, U.S.A. Red Hat Linux, Solaris, UNIX Consulting Services Beverly Hills-West Hollywood
  • Ransomware Data Recovery Beverly Hills-Century City Ryuk Ransomware Hot Line Beverly Hills-West Hollywood
  • Remote Troubleshooting BlackBerry BES Beverly Hills-Bel Air BlackBerry Redirector Systems Engineer Beverly Hills-Century City, California
  • SQL 2012 Small Office Computer Consultants Beverly Hills SQL 2012 Consultant Beverly Hills-West Hollywood, California
  • SharePoint 2010 Technology Consulting Beverly Hills-Century City Online Technical Support Microsoft SharePoint 2010
  • SharePoint Server 2016 Computer Consultants SharePoint Server 2007 Technical Consultant

  • Google Cloud Windows Professional
    Professionals Google Cloud SQL

    Progent offers cost-effective remote and onsite consulting to assist companies to migrate any portion of their core IT infrastructure to Google Cloud Platform (GCP). This can save time and hardware expense and enable access to Google's state-of-the-art machine learning technology. Progent can help you with every phase of Google Cloud Platform migration and troubleshooting including requirements analysis, preparedness evaluation, system design and review, pilot testing, deployment, centralized administration, performance tuning, software license management, backup/restore solutions, and security.

  • Small Business Systems Consultant Small Business Solution Provider
  • Solaris to Windows Upgrade Consultants Solaris Upgrading

  • Meraki MX68 router Consultant
    1800 ISR Router Remote Technical Support

    Cisco offers an extensive product line of routers that includes routers built to provide the protection, bandwidth, and reliability required by customers ranging from small offices to worldwide enterprises and service providers. Cisco routers feature support for redundancy, transparent failover, and backup power for improved reliability and network uptime. Progent can show you how to select and configure Cisco routers to build a solid foundation for your network and to make it economical to grow as you add new users, open new offices, install new services, extend your network to customers and partners, and manage a more mobile workforce. Progent can provide help with a variety of routers powered by Cisco's IOS operating system, including the Cisco 800 family of small business VPN routers, Cisco 2800 and 3800 Integrated Services Routers, Cisco 1900 and 4000 G2 Integrated Services Routers, Cisco ASR 1000 and 9000 Aggregation Services Routers for wide area network edge environments, CRS Carrier Routing System for core Networks, as well as legacy 2500 and 2700 Routers.

  • Telecommuters Beverly Hills Consultants - Conferencing Solutions Consulting and Support Services Beverly Hills, US Beverly Hills Work from Home Employees Voice/Video Conferencing Systems Expertise Beverly Hills-Westwood

  • Solaris IT Services
    Largest Security Organization Sun Solaris

    If your business has a Solaris network or a mixed-platform network, Progent's CISM and CISSP-certified security specialists can assist your entire organization in a wide array of security topics including security management practices, security architecture and models, access management products and techniques, software development security, business processes security, hardware security, communications, infrastructure and web security, and workplace recovery planning. CISM and ISSAP stipulate the basic skills and international standards of knowledge that network security professionals are expected to master. These certification give executive management the confidence that those who have earned their CISM, CISSP or ISSAP qualification have demonstrated the experience and theory to deliver world-class security management and consulting help.

  • Telecommuters Consulting and Support Services near Beverly Hills - Cloud Integration Technology Guidance Beverly Hills-West Hollywood, CA At Home Workers Consulting and Support Services nearby Beverly Hills - Cloud Systems Consultants Beverly Hills

  • IT Services for Network Service Firms Specialist
    Consulting for IT Service Firms Setup and Support

    Progent's Support Program for IT Service Firms lets you use Progent's information technology experts under your own brand as a seamless arm of your network services staff.

  • Temporary IT Staffing Help Consulting Services Beverly Hills-Century City, CA, US Beverly Hills, United States Short Term IT Staffing for Network Support Groups

  • virtual desktop delivery Consultant
    Consultant Windows desktop virtualization

    For desktop and application virtualization, Progent can provide the expertise of a Citrix XenDesktop consultant who can help you to plan a XenDesktop solution that maximizes the business value of your information system; configure XenDesktop software with your servers, user computers, and peripherals; upgrade your older virtual desktop software to current versions of XenDesktop; and provide advanced online technical support. Progent can also train your IT staff to adhere to industry leading practices to maintain XenDesktop efficiently.

  • Work at Home Employees Beverly Hills Consultants - Call Desk Augmentation Expertise Beverly Hills-Westwood, CA At Home Workers Consulting - Beverly Hills - Call Desk Augmentation Consulting Beverly Hills
  • Work from Home Employees Expertise nearby Beverly Hills - Backup/Recovery Systems Guidance Beverly Hills-Westwood, California At Home Workers Consulting and Support Services nearby Beverly Hills - Data Protection Solutions Consultants Beverly Hills

  • © 2002-2024 Progent Corporation. All rights reserved.