Ransomware Protection and Removal Solutions Beverly Hills

Crypto-Ransomware : Your Worst Information Technology Disaster
Ransomware has become a modern cyberplague that represents an existential danger for organizations poorly prepared for an assault. Different versions of ransomware such as CrySIS, Fusob, Locky, Syskey and MongoLock cryptoworms have been running rampant for a long time and continue to inflict harm. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, along with additional as yet unnamed newcomers, not only encrypt online critical data but also infect many available system restores and backups. Data synched to cloud environments can also be ransomed. In a poorly architected environment, it can make automatic restoration hopeless and basically knocks the datacenter back to square one.

Recovering services and information following a ransomware intrusion becomes a sprint against time as the targeted organization tries its best to stop the spread, eradicate the ransomware, and restore mission-critical operations. Due to the fact that ransomware needs time to replicate across a targeted network, assaults are frequently launched on weekends and holidays, when successful attacks are likely to take longer to identify. This multiplies the difficulty of promptly mobilizing and coordinating a knowledgeable response team.

Progent has a variety of help services for protecting Beverly Hills organizations from ransomware attacks. Among these are staff training to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based cyberthreat defense to detect and quarantine day-zero modern malware assaults. Progent also provides the services of seasoned ransomware recovery consultants with the skills and perseverance to re-deploy a compromised network as rapidly as possible.

Progent's Crypto-Ransomware Restoration Services
Subsequent to a ransomware attack, even paying the ransom demands in cryptocurrency does not ensure that cyber criminals will return the codes to decrypt any of your information. Kaspersky Labs estimated that seventeen percent of ransomware victims never restored their information even after having paid the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms are commonly a few hundred thousand dollars. For larger enterprises, the ransom can be in the millions of dollars. The alternative is to setup from scratch the key elements of your Information Technology environment. Absent the availability of essential information backups, this calls for a wide complement of skill sets, top notch project management, and the ability to work 24x7 until the job is finished.

For decades, Progent has offered professional Information Technology services for businesses throughout the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned advanced industry certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally-recognized industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has expertise with financial management and ERP applications. This breadth of expertise affords Progent the ability to quickly understand important systems and integrate the surviving components of your IT environment after a ransomware event and configure them into a functioning network.

Progent's ransomware team of experts uses powerful project management applications to coordinate the sophisticated restoration process. Progent appreciates the urgency of acting rapidly and in unison with a client's management and IT staff to prioritize tasks and to get critical services back on line as soon as possible.

Business Case Study: A Successful Crypto-Ransomware Incident Response
A client hired Progent after their network system was crashed by the Ryuk ransomware. Ryuk is believed to have been created by North Korean state sponsored criminal gangs, suspected of adopting algorithms leaked from the United States NSA organization. Ryuk targets specific companies with little or no ability to sustain operational disruption and is one of the most lucrative versions of ransomware malware. Headline victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in the Chicago metro area with about 500 employees. The Ryuk penetration had shut down all company operations and manufacturing processes. The majority of the client's data backups had been online at the time of the attack and were destroyed. The client was pursuing financing for paying the ransom demand (in excess of $200K) and hoping for good luck, but in the end engaged Progent.

Progent worked with the client to quickly assess and prioritize the most important areas that needed to be addressed to make it possible to restart business operations:

• Active Directory
• Exchange Server
• Accounting and Manufacturing Software

Within 2 days, Progent was able to recover Active Directory to its pre-virus state. Progent then charged ahead with setup and hard drive recovery of essential systems. All Exchange schema and attributes were intact, which facilitated the restore of Exchange. Progent was also able to collect intact OST files (Outlook Email Off-Line Data Files) on team PCs to recover email messages. A recent off-line backup of the businesses accounting/ERP software made them able to return these essential applications back servicing users. Although a lot of work was left to recover fully from the Ryuk event, essential services were recovered rapidly:

Over the next few weeks important milestones in the recovery process were accomplished through tight collaboration between Progent engineers and the client:

• Internal web sites were restored without losing any information.
• The MailStore Server containing more than 4 million archived messages was brought on-line and available for users.
• CRM/Customer Orders/Invoicing/Accounts Payable/Accounts Receivables (AR)/Inventory functions were completely restored.
• A new Palo Alto Networks 850 firewall was set up.
• 90% of the user desktops were back into operation.

Conclusion
A possible business extinction catastrophe was evaded by results-oriented experts, a wide spectrum of knowledge, and close teamwork. Although upon completion of forensics the ransomware penetration described here should have been disabled with up-to-date security solutions and NIST Cybersecurity Framework best practices, user training, and well thought out incident response procedures for data backup and keeping systems up to date with security patches, the fact remains that government-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do fall victim to a ransomware attack, feel confident that Progent's team of experts has proven experience in ransomware virus defense, cleanup, and file restoration.

Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Recovery Consulting Services in Beverly Hills
For ransomware system recovery consulting in the Beverly Hills metro area, phone Progent at 800-462-8800 or go to Contact Progent.