Ransomware Filtering and Remediation Solutions Beverly Hills
Ransomware Remediation: An Example
Ransomware : Your Worst Information Technology Disaster
Crypto-Ransomware has become a too-frequent cyberplague that presents an existential threat for businesses poorly prepared for an assault. Versions of ransomware like the Reveton, CryptoWall, Locky, SamSam and MongoLock cryptoworms have been running rampant for many years and still inflict harm. More recent strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, plus more as yet unnamed viruses, not only encrypt on-line information but also infiltrate many configured system protection mechanisms. Files synchronized to off-site disaster recovery sites can also be ransomed. In a poorly designed data protection solution, it can render any recovery impossible and basically sets the entire system back to square one.
Recovering services and data after a crypto-ransomware outage becomes a sprint against time as the victim struggles to contain the damage and cleanup the virus and to restore business-critical operations. Since ransomware requires time to replicate, penetrations are often launched during nights and weekends, when attacks may take longer to notice. This multiplies the difficulty of rapidly assembling and coordinating a qualified mitigation team.
Progent offers an assortment of services for protecting Beverly Hills enterprises from crypto-ransomware attacks. Among these are user training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, along with setup and configuration of next-generation security gateways with AI technology to intelligently discover and disable zero-day threats. Progent in addition offers the assistance of veteran ransomware recovery professionals with the talent and perseverance to re-deploy a breached system as soon as possible.
Progent's Ransomware Restoration Help
Following a ransomware attack, paying the ransom demands in Bitcoin cryptocurrency does not ensure that merciless criminals will provide the needed codes to unencrypt all your files. Kaspersky ascertained that 17% of crypto-ransomware victims never restored their data after having paid the ransom, resulting in increased losses. The gamble is also expensive. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is well above the average ransomware demands, which ZDNET determined to be around $13,000 for small businesses. The alternative is to piece back together the essential components of your Information Technology environment. Without access to essential data backups, this requires a broad complement of skill sets, well-coordinated team management, and the willingness to work continuously until the job is completed.
For two decades, Progent has provided expert IT services for businesses across the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have earned advanced industry certifications in important technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have garnered internationally-renowned industry certifications including CISM, CISSP-ISSAP, CRISC, and GIAC. (Visit Progent's certifications). Progent also has experience with financial management and ERP applications. This breadth of expertise provides Progent the capability to efficiently identify important systems and organize the surviving components of your computer network environment following a crypto-ransomware penetration and configure them into an operational network.
Progent's recovery group utilizes top notch project management applications to orchestrate the complicated recovery process. Progent appreciates the importance of acting rapidly and together with a client's management and Information Technology staff to prioritize tasks and to put essential services back online as soon as humanly possible.
Customer Story: A Successful Crypto-Ransomware Attack Recovery
A small business escalated to Progent after their company was attacked by the Ryuk crypto-ransomware. Ryuk is thought to have been created by Northern Korean government sponsored cybercriminals, suspected of using algorithms leaked from America’s National Security Agency. Ryuk goes after specific businesses with little or no tolerance for operational disruption and is among the most lucrative iterations of ransomware. High publicized targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a single-location manufacturing company located in Chicago and has about 500 staff members. The Ryuk attack had paralyzed all essential operations and manufacturing processes. The majority of the client's system backups had been directly accessible at the beginning of the attack and were destroyed. The client was taking steps for paying the ransom demand (more than $200K) and hoping for good luck, but in the end made the decision to use Progent.
Progent worked with the customer to quickly understand and assign priority to the most important applications that needed to be restored in order to continue company functions:
- Active Directory (AD)
- Microsoft Exchange
- Financials/MRP
In less than 2 days, Progent was able to re-build Active Directory services to its pre-penetration state. Progent then helped perform rebuilding and storage recovery on the most important systems. All Microsoft Exchange Server schema and configuration information were intact, which accelerated the rebuild of Exchange. Progent was also able to assemble non-encrypted OST files (Outlook Email Off-Line Data Files) on team PCs and laptops to recover mail information. A not too old off-line backup of the businesses manufacturing software made it possible to return these vital programs back on-line. Although a large amount of work needed to be completed to recover completely from the Ryuk event, essential systems were returned to operations rapidly:
During the following month important milestones in the recovery process were completed through tight collaboration between Progent consultants and the client:
- In-house web applications were restored with no loss of data.
- The MailStore Microsoft Exchange Server containing more than 4 million historical emails was brought online and available for users.
- CRM/Customer Orders/Invoicing/AP/Accounts Receivables/Inventory capabilities were fully operational.
- A new Palo Alto 850 firewall was set up.
- Nearly all of the user desktops were operational.
Conclusion
A likely enterprise-killing catastrophe was averted due to hard-working experts, a wide range of knowledge, and tight teamwork. Although upon completion of forensics the crypto-ransomware incident detailed here would have been blocked with modern cyber security technology and best practices, staff training, and well thought out incident response procedures for data backup and applying software patches, the fact is that state-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do get hit by a crypto-ransomware virus, remember that Progent's roster of experts has substantial experience in ransomware virus blocking, remediation, and data disaster recovery.
Download the Crypto-Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)
File body_ransomware_recovery_contact_city.asp does not exist
An index of content::
Microsoft ISA 2004 Server Integration Support
Online Support Services ISA 2004 Enterprise Edition Server
Progent's certified ISA Server 2004 consultants have extensive backgrounds with Internet Security and Acceleration Server configuring ISA Server-based security installations for information systems with many sites, remote workers, and mission-critical web applications. Progent's Microsoft Firewall consultants can assist your small business in planning and implementing a configuration of ISA 2000 Server or ISA Server 2004 that supports your network security needs without adversely limiting your IT system accessibility. Progent's consulting professionals can help you migrate from Microsoft Proxy Server from ISA 2000 Server to ISA 2004 Enterprise Edition Server, Microsoft ISA 2004 Standard Edition Server, or other up-to-date versions of Internet Security and Acceleration Server.
Top VMware Data Recovery Engineer
Engineers CrashPlan Backup
Progent can provide affordable remote support from engineers skilled in a wide range of utilities and technologies that deliver solutions for protecting Microsoft Windows, Apple Mac, and Linux servers and workstations plus notebooks and smartphones. Progent offers expertise for leading data protection platforms such as Acronis Backup and Recovery, Barracuda Backup, Altaro VM Backup, Symantec Backup Exec, BackupAssist, CrashPlan, Double-Take Software, Mozy, Retrospect for Macintosh, Time Machine, VMware Data Recovery (VDR), and Solaris FLARs. Progent can assist your company to implement, upgrade, or troubleshoot backup systems for a variety of architectures such as local, edge to datacenter, cloud, or a mix.
Best VMware Consulting
Top VMware vRealize Orchestrator vRO Technology Professional
Progent can provide the support of a certified VMware VCDX expert to help you design, configure, administer and troubleshoot VMware vSphere and vCloud-based virtualization solution for on-premises datacenters, private and public clouds, or hybrid cloud systems. Progent offers advanced expertise for deploying and integrating VMware Site Recovery Manager (SRM) and VMware's NSX virtual network system for disaster recovery and application continuity. Progent has in-depth experience of VMware vCloud Director, VMware vRealize Automation (vRA), vRealize Orchestrator and vCloud used for managing private and hybrid cloud environments that provide high availability, data security, and application mobility.
Emergency Amazon AWS cloud services integration Engineer
Amazon hybrid cloud integration Integration Companies
Progent can provide affordable online support to help businesses of any size to integrate Amazon Web Services (AWS) cloud services such as Amazon EC2 for virtual server hosting, Amazon Simple Storage Service (Amazon S3) for scalable low-latency storage, and Glacier for value-priced archival storage. Progent can help your IT team with every aspect of Amazon AWS integration including requirements analysis, readiness assessment, system design and review, testing, configuration, centralized administration, performance optimization, software license management, backup/restore solutions, and security strategies. Progent offers advanced expertise with firewall configuration and VPN connections and can show you how to create all-cloud or hybrid cloud ecosystems that seamlessly integrate Amazon AWS services. Progent offers as-needed consulting to help you to overcome complex technical issues or Progent can deliver project management outsourcing or co-sourcing services to help you migrate to the Amazon AWS cloud on time and on budget.
Outlook for Mac Remote Support Services
Microsoft Outlook for Mac IT Consultant
Microsoft Office for Mac allows Apple Macintosh users to run the world's most popular business programs. Progent's Apple-certified Macintosh experts can show you how to set up Mac Office on a multi-vendor environment combining Apple OS X and Windows-powered computers so that Macintosh users can take advantage of the new capabilities of Microsoft Word, Excel, PowerPoint and Entourage for Mac in order to share data and system resources with co-workers who use Windows. Progent's consultants have expertise with both Mac and Windows platforms and can support networks that mix Apple Macintosh with Microsoft Windows systems with complete resource sharing, or environments which intentionally limit collaboration between Apple Mac and Windows systems.
Select Topic: