Crypto-Ransomware : Your Feared Information Technology Disaster
Crypto-Ransomware  Remediation ExpertsRansomware has become a too-frequent cyber pandemic that poses an enterprise-level threat for businesses poorly prepared for an attack. Different iterations of ransomware like the Dharma, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been replicating for many years and still inflict harm. More recent versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as additional as yet unnamed newcomers, not only do encryption of online files but also infect any available system backup. Data replicated to off-site disaster recovery sites can also be rendered useless. In a poorly designed environment, it can render automatic restore operations impossible and basically knocks the datacenter back to square one.

Getting back online programs and data after a ransomware attack becomes a race against time as the targeted business struggles to stop the spread and cleanup the crypto-ransomware and to restore enterprise-critical activity. Because ransomware needs time to move laterally, attacks are usually sprung on weekends and holidays, when penetrations are likely to take longer to discover. This compounds the difficulty of promptly assembling and orchestrating a knowledgeable response team.

Progent makes available a variety of support services for protecting Cambridge organizations from ransomware events. These include user education to help recognize and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat protection to discover and disable day-zero malware attacks. Progent in addition provides the services of veteran ransomware recovery consultants with the track record and commitment to rebuild a breached system as soon as possible.

Progent's Crypto-Ransomware Recovery Support Services
Soon after a ransomware penetration, sending the ransom in Bitcoin cryptocurrency does not ensure that cyber hackers will return the needed keys to decrypt all your data. Kaspersky ascertained that seventeen percent of ransomware victims never restored their data even after having sent off the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is greatly higher than the typical ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The fallback is to setup from scratch the vital components of your IT environment. Absent the availability of complete system backups, this calls for a broad range of IT skills, top notch team management, and the ability to work non-stop until the recovery project is complete.

For twenty years, Progent has offered expert IT services for companies throughout the U.S. and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have been awarded top certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security engineers have earned internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (Refer to Progent's certifications). Progent in addition has experience in financial systems and ERP software solutions. This breadth of experience provides Progent the ability to efficiently understand necessary systems and integrate the surviving parts of your network environment following a crypto-ransomware event and assemble them into a functioning network.

Progent's security team uses powerful project management applications to coordinate the sophisticated restoration process. Progent appreciates the importance of acting quickly and together with a client's management and IT team members to assign priority to tasks and to get critical applications back online as soon as humanly possible.

Client Story: A Successful Ransomware Intrusion Response
A small business contacted Progent after their network was attacked by Ryuk ransomware virus. Ryuk is believed to have been deployed by North Korean government sponsored criminal gangs, possibly using techniques exposed from the U.S. NSA organization. Ryuk seeks specific organizations with little or no ability to sustain disruption and is one of the most lucrative examples of crypto-ransomware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a small manufacturing company headquartered in the Chicago metro area with around 500 employees. The Ryuk penetration had frozen all business operations and manufacturing capabilities. The majority of the client's system backups had been directly accessible at the time of the attack and were damaged. The client considered paying the ransom (in excess of $200,000) and praying for good luck, but ultimately made the decision to use Progent.


"I cannot speak enough about the care Progent provided us throughout the most stressful time of (our) businesses life. We may have had to pay the cybercriminals except for the confidence the Progent team gave us. That you were able to get our messaging and important applications back into operation in less than a week was something I thought impossible. Every single expert I spoke to or texted at Progent was amazingly focused on getting us working again and was working all day and night to bail us out."

Progent worked hand in hand the client to quickly assess and prioritize the most important systems that needed to be restored in order to resume company operations:

  • Windows Active Directory
  • Microsoft Exchange Server
  • Accounting/MRP
To start, Progent followed Anti-virus event response industry best practices by stopping lateral movement and cleaning systems of viruses. Progent then began the process of bringing back online Microsoft AD, the core of enterprise environments built upon Microsoft Windows technology. Exchange messaging will not work without Active Directory, and the client's financials and MRP applications used SQL Server, which depends on Windows AD for access to the database.

Within 2 days, Progent was able to restore Windows Active Directory to its pre-penetration state. Progent then charged ahead with reinstallations and storage recovery of needed systems. All Microsoft Exchange Server data and attributes were intact, which accelerated the rebuild of Exchange. Progent was also able to find local OST data files (Outlook Offline Data Files) on various desktop computers to recover email messages. A not too old offline backup of the client's accounting/ERP software made it possible to recover these required services back on-line. Although a large amount of work was left to recover completely from the Ryuk damage, critical services were restored rapidly:


"For the most part, the production manufacturing operation survived unscathed and we produced all customer deliverables."

Throughout the next couple of weeks critical milestones in the recovery project were accomplished through tight collaboration between Progent team members and the customer:

  • Internal web applications were brought back up without losing any information.
  • The MailStore Microsoft Exchange Server exceeding four million archived messages was restored to operations and accessible to users.
  • CRM/Orders/Invoicing/Accounts Payable/Accounts Receivables (AR)/Inventory Control modules were fully functional.
  • A new Palo Alto Networks 850 firewall was installed.
  • Most of the user PCs were fully operational.

"So much of what happened in the early hours is nearly entirely a fog for me, but my management will not soon forget the urgency each and every one of your team accomplished to help get our business back. I've entrusted Progent for the past 10 years, maybe more, and each time I needed help Progent has come through and delivered as promised. This situation was a stunning achievement."

Conclusion
A likely business-killing disaster was averted through the efforts of top-tier professionals, a broad array of IT skills, and close collaboration. Although in analyzing the event afterwards the ransomware virus penetration detailed here should have been prevented with current security solutions and NIST Cybersecurity Framework best practices, staff education, and well thought out incident response procedures for data backup and proper patching controls, the fact is that state-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are relentless and will continue. If you do fall victim to a crypto-ransomware incident, feel confident that Progent's roster of experts has substantial experience in ransomware virus defense, remediation, and file restoration.


"So, to Darrin, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others who were involved), I'm grateful for letting me get some sleep after we got over the initial fire. Everyone did an amazing effort, and if anyone is around the Chicago area, a great meal is on me!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Recovery Expertise in Cambridge
For ransomware cleanup expertise in the Cambridge area, call Progent at 800-462-8800 or visit Contact Progent.



An index of content::

  • 24-Hour Exchange 2013 Collaboration Technology Consulting Services Exchange 2013 DAG Professional
  • 24-Hour Hornetsecurity Altaro VM Backup Integration Online Support Urgent Hornetsecurity Altaro VM Backup Local Remote Consulting
  • 2500 Wireless Controller Network Engineer CCIE Expert Certified Wave 2 wireless controller Online Support Services
  • 64-bit Upgrade Specialists 64-bit Migration Consultants
  • After Hours Cambridge Remote Workforce Support Consulting and Support Services Cambridge At Home Workforce Consulting Services near Cambridge - Integration Consulting Experts Bedford

  • 24-Hour Engineers Azure hybrid cloud solutions
    Microsoft Azure hybrid cloud integration Consulting

    Progent can assist companies of any size to migrate any part of their network infrastructure to Microsoft Azure. This can simplify network administration and lower hardware expense. Microsoft Azure includes a comprehensive library of public cloud services and Progent can help you to understand the benefits and limitations of different cloud networking architectures supported by Azure. Progent can help you administer cloud-resident or hybrid cloud and on-premises apps and resources and make sure that you sidestep the typical errors small organizations make when moving to the cloud. Progent can help you to configure VMs on Azure Virtual Machines, utilize VHD storage with Azure Storage, manage authentication with Azure Active Directory, and create transparent backup services with Azure Backup. Progent can also show you how to configure perimeter firewalls and VPN tunnels and also to manage Apple iOS devices and Google Android smartphones and tablets.

  • BlackBerry Smartphone Information Technology Management Cambridge BlackBerry BES Server Technology Consulting Cambridge
  • Cambridge At Home Workers Help Desk Outsourcing Consulting Experts Cambridge Huntingdon At Home Workers Consulting Services nearby Cambridge - Help Desk Call Center Augmentation Consultants
  • Cambridge At Home Workforce Conferencing Technology Consulting Services Cambridge Cambridge 24 Hour Cambridge Offsite Workforce Voice/Video Conferencing Solutions Consultants
  • Cambridge Avaddon Ransomware Restoration Cambridge, United Kingdom Cambridge WannaCry Crypto-Ransomware Remediation Bedford

  • Development Group Accounting System
    Visual Basic Development Firms

    For custom application creation, Progent can provide software design experts to produce business software in areas such as eCommerce, web development, Microsoft Business Solutions packages including Microsoft Dynamics GP, and specialized management reports produced by Crystal Reports, Access Report, or FRx Reports. Progent's consultants can use Microsoft IIS to create custom eCommerce applications based on Microsoft ASP.NET. Also, Progent can provide experts in a wide array of custom program development environments including SQL Server and Delphi. For made-to-order e-Commerce software, Progent also offers specialists in custom Microsoft Access, custom Microsoft Visual Basic, custom Excel, and any other specialized development based on any Microsoft development platform.

  • Cambridge Cambridge Avaddon Ransomware Business Recovery Cambridge Egregor Crypto-Ransomware Recovery Cambridge
  • Cambridge Cambridge Egregor Ransomware Settlement Guidance Cambridge Hermes Ransomware Negotiation Consulting Cambridge, England
  • Cambridge Cambridge Hermes Ransomware System-Rebuild Cambridge Crypto-Ransomware Remediation and File Restore East of England, United Kingdom
  • Cambridge Crypto-Ransomware Remediation Support Services Cambridge 24x7 Cambridge Emergency Crypto Removal Consultants Cambridgeshire
  • Cambridge MS Dynamics GP Upgrade Support Services Microsoft Dynamics GP (Great Plains) Cambridge Partner - Training Support Services Bedford, Britain
  • Cambridge Ransomware WannaCry Preparedness Assessment Cambridge Cambridge Ransomware Computer-Virus Susceptibility Cambridgeshire, East of England

  • WiFi 6/6E Solutions Consulting Services
    Wireless Network Consulting Services

    Progent can help you design, configure, manage, monitor, and troubleshoot a viable Wi-Fi LAN architecture, select appropriate components, and configure wireless access points, bridges, radio antennas, wireless controllers, and other wireless accessories. Progent can also help you put together a thorough 802.11x system security plan that is well integrated with the security plan for your overall corporate network.

  • Cambridge Telecommuters Setup Consulting Services Cambridge At Home Workers Cambridge Consultants - Infrastructure Consultants

  • Remote Consulting Windows and Solaris
    UNIX with Windows Network Engineer

    If your company is developing UNIX or Linux applications in an environment that has Microsoft Windows-based servers, PCs, and office applications, Progent offers full-service information technology outsourcing that frees you to focus on your field of high-value expertise without the constant distraction of maintaining your business network. By using automated server monitoring and by providing online and on-site assistance as your company needs it, Progent offers an affordable solution for managing an information network that provides excellent availability, security, and performance. Progent's developer assistance offerings feature comprehensive information technology outsourcing, virtual server infrastructure, remote and in-person support and troubleshooting, proactive network monitoring, and Contact Center support.

  • Cambridge Windows Server 2016 Online Help 24/7 Microsoft Windows Server 2016 Networking Specialist Cambridge

  • SMS 2003 Upgrade Outsourcing
    Microsoft Certified Support and Setup SMS Server Upgrade

    Progent's Microsoft experts offer small and mid-size companies enterprise-class consulting services for Microsoft Systems Management Server and System Center Configuration Manager 2007, Microsoft's solutions for update and configuration automation. Configuration Manager 2007 is the new name for the update management platform formerly known as SMS Server. Configuration Manager 2007 offers a variety of enhancements to Microsoft Systems Management Server 2003 including full automation, built-in Windows Vista Windows Server 2008 awareness, quarantine support, and device driver management. Progent's Microsoft certified consulting professionals can show you how to use SMS 2003 or System Center Configuration Manager economically for automated OS and application software installation, security patch administration, application metering, and software license reconciliation. Progent's consultants can also assist you to move smoothly from SMS Server 2003 to Configuration Manager.

  • Cambridge Work from Home Employees Collaboration Systems Expertise Cambridge Cambridge Offsite Workforce Collaboration Systems Assistance Peterborough, United Kingdom
  • Cambridge, U.K. Network Specialists Cambridge-Colchester Consulting Services
  • Cambridgeshire Cambridge Egregor Crypto-Ransomware Forensics Analysis Immediate Cambridge DopplePaymer Ransomware Forensics Investigation East of England, Britain
  • Cambridgeshire, East of England, United Kingdom Teleworkers Assistance - Cambridge - Endpoint Management Systems Assistance At Home Workers Cambridge Consulting Experts - Management Solutions Consulting and Support Services Cambridge, Cambridgeshire
  • Conti Ransomware Hot Line Cambridge NotPetya Ransomware Hot Line Cambridgeshire
  • Engineer Microsoft Instant Messaging MS Office Communications Server 2007 Engineers
  • IT Services At Home Workers Endpoint Management Award Winning Remote Workforce Endpoint Management Remote Troubleshooting
  • Linux Online Engineers Linux Online Consulting
  • Huntingdon Cambridge Spora Crypto-Ransomware Data-Recovery
  • Microsoft Exchange Server 2007 Network Companies Cambridge Microsoft Exchange 2016 Help Cambridge
  • Microsoft Firewall Professionals After Hours ISA 2000 Server Computer Engineer
  • Microsoft Office XP Network Specialists Microsoft Office XP Integration Specialist
  • Network Consultant Fedora Linux, Solaris, UNIX Cambridge, Great Britain Slackware Linux, Sun Solaris, UNIX Support Services Cambridge
  • Network Consulting Experts IT Outsourcing Cambridge, MA Small Business Network Consulting Company Networking
  • On Demand Staffing Consultant Services Outsourcing Supplemental IT Staffing Services
  • Progent Small Enterprise Service Provider Progent Start-Up Company Server Consulting
  • Remote Technical Support Azure Active Directory MFA Active Directory Exchange Consulting

  • Progent's Management Team Service Provider
    Top Ranked Progent's Management Small Business Network Consulting Firms

    Progent's management team consists of seasoned professionals with decades of background providing network consulting services, technical support, and long-term IT planning to businesses ranging in size from startups to Fortune 500 companies. Great service calls for great personnel, and Progent is proud to have put together a management staff able to provide businesses with the best service value in the industry.

  • Remote Workforce Cambridge Consulting Services - Security Solutions Guidance Huntingdon At Home Workers Cambridge Consulting and Support Services - Security Systems Consultants Cambridge
  • SQL Server 2019 Information Technology Consulting Cambridge SQL Server 2012 Network Support Company Cambridge
  • Security Network Security Auditor Cambridge, United Kingdom Cambridge CISSP Auditor
  • SharePoint Server 2007 Help and Support On-site Technical Support Microsoft SharePoint Server 2010 Cambridge
  • Small Business IT Outsourcing Cambridge Cambridge Phone Support Services

  • Open Now Microsoft 365 Project Pro Design Firms
    Project 2010 Contract Development

    Progent's Microsoft consultants can provide advanced expertise in deploying, using and debugging any edition of Project, Project Server, and Microsoft Project Online and can deliver a broad range of cost-effective remote support services based on proven best practices to assist organizations of any size to receive all the benefits of this leading project management solution. Support services offered by Progent include system design, installation and upgrades, strategies for safe collaboration among local and remote or mobile users, network optimization, and customized online training.

  • St Neots Work from Home Employees Cambridge Consultants - IP Voice Technology Guidance Teleworkers Cambridge Consulting and Support Services - VoIP Solutions Consulting Services Cambridge
  • Supplemental Staffing Support Services Consulting Cambridgeshire Short Term IT Staffing for IT Service Organizations Cambridge
  • System Consultant Cisco Cambridge, UK Emergency Software Consultants Cisco Cambridge
  • Telecommuters Cambridge Consultants - Cloud Technology Consulting and Support Services Cambridge, England Offsite Workforce Assistance near Cambridge - Cloud Integration Systems Consultants Cambridge

  • BlackBerry BES Server Computer Consultant
    Consultant Services BlackBerry Email

    Progent can provide the expertise of BlackBerry-premier consultants who can help small organizations to design, manage, and repair BlackBerry technology economically and effectively, doing away with the requirement for an internal BlackBerry expert and minimizing the cost and distraction of supporting a mobile wireless workgroup. Progent's BlackBerry engineers offer extensive experience working with Progent's Microsoft-expert consultants, Cisco CCIE-certified engineers, and CISSP and GIAC-certified security professionals. This wide range of knowledge, combined with Progent's efficient online service delivery model, offers small and mid-size companies a cost-effective option for incorporating BlackBerry devices and software seamlessly into their IT network.

  • Top Quality VMware NSX Disaster Recovery Technology Professional VMware NSX Architecture Specialist
  • Urgent Expert Microsoft Certified Windows Server 2012 Cluster Management Outsourcing Professionals Windows 2012 R2 Cluster Shared Volumes
  • Urgent Microsoft Windows 10 Evaluation Support 24-7 Windows 10 Business Store Portal Consulting
  • Work at Home Employees Consulting Experts near Cambridge - Backup/Recovery Technology Consulting and Support Services Peterborough 24x7 Offsite Workforce Consulting - Cambridge - Backup/Restore Technology Consulting East of England

  • © 2002-2023 Progent Corporation. All rights reserved.