Ransomware : Your Crippling IT Catastrophe
Crypto-Ransomware  Remediation ConsultantsRansomware has become a too-frequent cyber pandemic that represents an extinction-level danger for organizations unprepared for an assault. Multiple generations of crypto-ransomware like the Dharma, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for a long time and continue to cause damage. More recent variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus more unnamed newcomers, not only encrypt on-line data but also infiltrate many configured system protection. Files synchronized to cloud environments can also be encrypted. In a poorly designed data protection solution, it can render automated restore operations hopeless and basically sets the entire system back to zero.

Retrieving programs and information following a ransomware event becomes a sprint against time as the targeted business struggles to contain and eradicate the virus and to resume mission-critical activity. Due to the fact that ransomware needs time to replicate, penetrations are usually launched during nights and weekends, when penetrations typically take more time to detect. This multiplies the difficulty of promptly marshalling and coordinating a knowledgeable mitigation team.

Progent provides a range of support services for protecting Beverly Hills enterprises from ransomware events. Among these are user education to help recognize and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based threat protection to detect and disable zero-day malware attacks. Progent in addition can provide the assistance of expert ransomware recovery engineers with the talent and commitment to reconstruct a breached environment as rapidly as possible.

Progent's Ransomware Restoration Services
After a crypto-ransomware attack, paying the ransom in cryptocurrency does not provide any assurance that cyber criminals will return the codes to decipher all your files. Kaspersky estimated that seventeen percent of ransomware victims never restored their data even after having sent off the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is well above the typical crypto-ransomware demands, which ZDNET estimated to be in the range of $13,000 for small businesses. The alternative is to piece back together the critical components of your IT environment. Absent access to full information backups, this requires a broad complement of skill sets, well-coordinated team management, and the ability to work 24x7 until the task is completed.

For two decades, Progent has offered professional IT services for businesses across the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned top certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have earned internationally-renowned certifications including CISA, CISSP, ISACA CRISC, and GIAC. (See Progent's certifications). Progent in addition has experience with financial management and ERP software solutions. This breadth of expertise gives Progent the capability to knowledgably understand critical systems and re-organize the surviving pieces of your network system after a ransomware attack and rebuild them into a functioning network.

Progent's security team of experts utilizes state-of-the-art project management tools to coordinate the sophisticated restoration process. Progent understands the importance of working quickly and in unison with a client's management and IT resources to assign priority to tasks and to get essential systems back on line as fast as humanly possible.

Business Case Study: A Successful Ransomware Virus Response
A business engaged Progent after their network system was taken over by the Ryuk ransomware virus. Ryuk is believed to have been deployed by Northern Korean government sponsored criminal gangs, suspected of adopting techniques exposed from the United States National Security Agency. Ryuk seeks specific companies with limited room for operational disruption and is among the most lucrative iterations of ransomware. High publicized targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer based in Chicago with around 500 staff members. The Ryuk event had disabled all company operations and manufacturing processes. Most of the client's information backups had been on-line at the start of the attack and were destroyed. The client was evaluating paying the ransom (more than $200K) and praying for the best, but in the end brought in Progent.


"I can't thank you enough in regards to the care Progent provided us throughout the most critical time of (our) businesses existence. We most likely would have paid the criminal gangs if not for the confidence the Progent group afforded us. The fact that you could get our e-mail and production applications back faster than a week was incredible. Every single person I spoke to or texted at Progent was amazingly focused on getting my company operational and was working non-stop to bail us out."

Progent worked with the customer to rapidly understand and prioritize the key areas that needed to be recovered in order to resume departmental operations:

  • Active Directory (AD)
  • Email
  • Accounting and Manufacturing Software
To get going, Progent followed AV/Malware Processes event mitigation best practices by stopping the spread and clearing infected systems. Progent then began the steps of bringing back online Microsoft AD, the foundation of enterprise systems built on Microsoft Windows technology. Microsoft Exchange Server messaging will not function without Windows AD, and the businesses' accounting and MRP applications used SQL Server, which requires Windows AD for security authorization to the databases.

In less than 48 hours, Progent was able to recover Windows Active Directory to its pre-attack state. Progent then accomplished rebuilding and hard drive recovery on the most important systems. All Exchange Server data and attributes were usable, which facilitated the rebuild of Exchange. Progent was able to find intact OST data files (Outlook Off-Line Folder Files) on various desktop computers and laptops in order to recover mail data. A recent off-line backup of the businesses financials/MRP systems made it possible to recover these vital services back available to users. Although a large amount of work needed to be completed to recover fully from the Ryuk event, the most important systems were returned to operations quickly:


"For the most part, the production manufacturing operation showed little impact and we made all customer deliverables."

During the next month key milestones in the restoration process were achieved through tight collaboration between Progent consultants and the customer:

  • Internal web applications were returned to operation with no loss of information.
  • The MailStore Exchange Server containing more than four million archived emails was brought on-line and accessible to users.
  • CRM/Orders/Invoicing/AP/Accounts Receivables/Inventory Control functions were fully operational.
  • A new Palo Alto 850 security appliance was brought on-line.
  • Nearly all of the user desktops were back into operation.

"So much of what went on in the early hours is nearly entirely a blur for me, but we will not forget the urgency all of your team accomplished to give us our business back. I have entrusted Progent for the past 10 years, possibly more, and every time I needed help Progent has impressed me and delivered as promised. This situation was a life saver."

Conclusion
A possible enterprise-killing catastrophe was dodged by top-tier experts, a wide range of subject matter expertise, and tight teamwork. Although in hindsight the ransomware penetration detailed here could have been blocked with advanced security technology and best practices, user training, and well thought out security procedures for backup and keeping systems up to date with security patches, the fact remains that state-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware virus, remember that Progent's roster of professionals has a proven track record in crypto-ransomware virus defense, remediation, and information systems disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Jesse, Arnaud, Allen, Tony and Chris (and any others that were contributing), thank you for letting me get some sleep after we made it through the initial push. Everyone did an fabulous effort, and if any of your guys is in the Chicago area, dinner is on me!"

Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Services in Beverly Hills
For ransomware system recovery expertise in the Beverly Hills area, call Progent at 800-462-8800 or visit Contact Progent.



An index of content::

  • 24-7 Exchange Server 2010 Small Business IT Outsourcing Services Beverly Hills-Westwood Exchange Server 2013 Designers Beverly Hills-Bel Air, California
  • 24-Hour Ransomware Forensics Computer Consultants Ransomware Rollback Consulting
  • Beverly Hills Lockbit Ransomware Business-Recovery Beverly Hills
  • At Home Workforce Expertise near Beverly Hills - Backup Technology Consulting Services Beverly Hills-West Hollywood, CA Beverly Hills Teleworkers Backup Technology Assistance Beverly Hills-Bel Air, United States
  • Award Winning Email Configuration Services 24/7 Microsoft EMail Information Technology Outsourcing

  • ERP, MRP, Accounting System Integration Companies
    ERP, MRP, Accounting System Programming

    Progent's team of application experts can provide in-depth consulting, custom development, integration help, and online training for popular applications that address vital areas including ERP, general accounting, management reporting, web commerce application design, and the Microsoft Office suite of business productivity solutions. As a Microsoft Partner with years of experience providing advanced consulting services remotely, Progent can assist clients anywhere in the U.S. to save the time and expense related to travel and on-premises visits without compromising the high quality of consulting support.

  • Beverly Hills At Home Workers Integration Consulting Services At Home Workforce Consulting and Support Services near Beverly Hills - Integration Assistance
  • Beverly Hills Critical Ransomware Removal Crypto Recovery Consultants Beverly Hills-Westwood, CA
  • Beverly Hills Crypto-Ransomware Avaddon Susceptibility Review Beverly Hills-Century City, CA Beverly Hills Crypto-Ransomware Egregor Preparedness Audit Beverly Hills-Westwood, CA
  • Beverly Hills IT Staffing Temps Support Beverly Hills-West Hollywood, CA IT Staffing Temps for IT Service Teams
  • Beverly Hills Maze Crypto-Ransomware Forensics Investigation Beverly Hills-Century City, CA Beverly Hills Beverly Hills Avaddon Ransomware Forensics Investigation
  • Beverly Hills NotPetya Crypto-Ransomware Repair Beverly Hills-Westwood, CA Beverly Hills Beverly Hills Netwalker Ransomware Removal
  • Beverly Hills Ransomware Settlement Negotiation Experts Beverly Hills-West Hollywood Beverly Hills-Westwood, CA Beverly Hills Ryuk Ransomware Settlement Negotiation Consultants
  • Beverly Hills Remote Workforce Cloud Technology Guidance Beverly Hills-West Hollywood, California Beverly Hills-Westwood, CA Teleworkers Beverly Hills Consulting Services - Cloud Integration Technology Guidance
  • Beverly Hills Ryuk Ransomware Detection Beverly Hills-Westwood, CA, United States Beverly Hills-Century City, CA Beverly Hills Netwalker Crypto-Ransomware Remediation
  • Beverly Hills MongoLock Ransomware File-Recovery Beverly Hills-West Hollywood, CA
  • Beverly Hills Top Ranked Remote Workers Consulting and Support Services - Beverly Hills - Collaboration Technology Assistance Work at Home Employees Consulting Services nearby Beverly Hills - Collaboration Systems Consulting Services Beverly Hills-Bel Air
  • Beverly Hills-Bel Air, CA BlackBerry Wireless Computer Companies BlackBerry BES Server Implementation Beverly Hills-Westwood, CA
  • Beverly Hills-Century City 24x7 Beverly Hills Spora Crypto-Ransomware Recovery Beverly Hills Nephilim Crypto-Ransomware System-Rebuild
  • Beverly Hills-Century City Small Business IT Outsourcing Group Networking Organization Beverly Hills
  • Beverly Hills-Century City, CA Gentoo Linux, Solaris, UNIX Online Troubleshooting Beverly Hills-Westwood, California IT Consulting Slackware Linux, Solaris, UNIX
  • Beverly Hills MongoLock Crypto-Ransomware System-Restore
  • Beverly Hills-Century City, California Beverly Hills At Home Workforce Endpoint Management Solutions Assistance Beverly Hills Work at Home Employees Management Solutions Consulting Experts Beverly Hills-Century City, CA
  • Beverly Hills-Westwood, California Telecommuters Beverly Hills Consulting and Support Services - Cybersecurity Systems Consulting Services Beverly Hills-West Hollywood, CA At Home Workers Beverly Hills Consulting and Support Services - Network Security Solutions Consulting
  • Cisco Integration Firms Beverly Hills Cisco Systems Consultant
  • Beverly Hills Crypto-Ransomware Data-Recovery Beverly Hills-Bel Air, California
  • Cisco Meraki Network Management Tools Technical Support Companies Cisco Cloud Network Management Networking Consultant

  • Microsoft Certified Partner .NET Web Application Designer
    Integration Firm .NET Framework

    If you want to revamp your corporate web site, create internal webs for purposes such as human resources or employee training, design a powerful web presence for a new business, or write line-of-business, data-driven custom web applications, Progent can supply talented and experienced web developers. Progent's consultants can also show you how to build and maintain a safe, fault-tolerant server and communications network, including off-site and wireless connectivity, to run your web solutions.

  • Consultants for Beverly Hills Network Service Companies Beverly Hills-Bel Air, California Beverly Hills Consulting Expertise for IT Support Providers Beverly Hills-Century City, CA, United States
  • Consulting Support for IT Service Providers Remote Technical Support Top Ranked Support for IT Service Firms Specialists
  • Dynamics GP-Great Plains Vender nearby Beverly Hills - Setup Outsourcing Beverly Hills-Bel Air, California Beverly Hills MS Dynamics GP Migration Support Beverly Hills-West Hollywood
  • Juniper SRX Series Firewall Forensics Services Juniper SRX Firewall Firewall Audit
  • Microsoft Certified Partner Clustered Windows Remote Support Services Award Winning Professionals Clustered Windows
  • Microsoft SQL Server Onsite and Remote Support Beverly Hills-Bel Air SQL Server 2012 Small Office IT Consulting Services Beverly Hills, CA
  • Microsoft Windows Server 2019 Network Solutions Beverly Hills-West Hollywood, CA Windows Server 2016 Computer Companies Beverly Hills-Westwood, California, United States
  • Online Help Beverly Hills Beverly Hills, CA Computer Systems Consulting
  • Online Technical Support Branch Office Consultants Remote Office
  • Onsite Technical Support Microsoft SharePoint Server Beverly Hills-Century City, United States Microsoft SharePoint Server 2013 Consulting Beverly Hills-Bel Air, CA

  • System Center 2016 Orchestrator Online Support Services
    System Center 2016 and Hyper-V Integration On-site Technical Support

    Progent's Microsoft-certified consultants have more than 10 years of background planning, deploying, optimizing and fixing Microsoft SCOM environments and can provide companies of any size expert remote or on-premises consulting support for Microsoft SCOM 2012. Progent can assist your company to design a topology for SCOM 2012 servers that delivers the responsiveness and resilience needed to monitor your IT resources effectively, whether your datacenters are onsite, in the cloud, or a mixed solution. Progent can also help you to install and customize Microsoft SCOM 2012 management packs according to industry best practices for monitoring network infrastructure and both Microsoft and 3rd-party apps and services. In addition, Progent can deliver responsive remote or on-premises troubleshooting to help you to fix critical issues detected by Microsoft SCOM 2012.

  • Ransomware Hot Line Ransomware System Rebuild Beverly Hills-Bel Air, CA
  • Security Firewall Configuration Beverly Hills-West Hollywood, CA Firewall Security Consultants Beverly Hills
  • Setup and Support Zero Downtime Internet Network Fault Tolerant ISP Integration
  • Teleworkers Consulting and Support Services near me in Beverly Hills - Help Desk Outsourcing Expertise Beverly Hills Teleworkers Consulting Services near Beverly Hills - Call Desk Solutions Consulting Services Beverly Hills-Bel Air
  • Top Rated Office 365 Online Support Services Office 365 Word Integration Online Support Services
  • Work at Home Employees Beverly Hills Consulting - Voice/Video Conferencing Solutions Consulting Beverly Hills-Westwood Telecommuters Consulting and Support Services near me in Beverly Hills - Voice/Video Conferencing Technology Expertise Beverly Hills-Century City, CA
  • Work at Home Employees Beverly Hills Consulting and Support Services - IP Voice Solutions Consultants Beverly Hills, CA Telecommuters Beverly Hills Assistance - IP Voice Systems Consulting Experts Beverly Hills-Westwood, CA
  • Work from Home Employees Beverly Hills Consulting - Support Expertise Beverly Hills-Bel Air, CA At Home Workforce Assistance in Beverly Hills - Set up Consulting Experts Beverly Hills-West Hollywood

  • © 2002-2023 Progent Corporation. All rights reserved.