Ransomware : Your Crippling Information Technology Nightmare
Crypto-Ransomware  Remediation ProfessionalsCrypto-Ransomware has become a too-frequent cyberplague that presents an extinction-level danger for businesses vulnerable to an attack. Multiple generations of crypto-ransomware like the CrySIS, Fusob, Locky, NotPetya and MongoLock cryptoworms have been running rampant for a long time and continue to cause havoc. More recent versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, plus additional as yet unnamed malware, not only perform encryption of on-line data files but also infect most accessible system backup. Data synched to cloud environments can also be encrypted. In a poorly architected environment, this can render automatic recovery useless and basically knocks the network back to square one.

Retrieving programs and data after a ransomware intrusion becomes a race against time as the victim struggles to stop the spread, cleanup the ransomware, and resume business-critical operations. Due to the fact that crypto-ransomware requires time to move laterally throughout a network, attacks are usually launched on weekends and holidays, when penetrations typically take more time to uncover. This multiplies the difficulty of quickly assembling and orchestrating a qualified mitigation team.

Progent has a range of services for securing Cambridge enterprises from ransomware attacks. These include team member education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based threat defense to discover and quarantine zero-day modern malware attacks. Progent in addition can provide the services of seasoned crypto-ransomware recovery consultants with the skills and commitment to rebuild a compromised environment as quickly as possible.

Progent's Ransomware Restoration Services
Following a crypto-ransomware invasion, sending the ransom demands in cryptocurrency does not ensure that distant criminals will provide the needed keys to decrypt any or all of your data. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their information after having paid the ransom, resulting in increased losses. The gamble is also very costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom demand can be in the millions. The alternative is to setup from scratch the key components of your IT environment. Without access to essential data backups, this calls for a broad complement of skills, professional project management, and the ability to work non-stop until the job is complete.

For two decades, Progent has offered expert Information Technology services for businesses throughout the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have been awarded advanced industry certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have garnered internationally-recognized industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has experience with financial systems and ERP software solutions. This breadth of expertise affords Progent the capability to efficiently determine critical systems and re-organize the surviving components of your Information Technology environment after a crypto-ransomware attack and rebuild them into a functioning system.

Progent's recovery team deploys top notch project management applications to coordinate the complex restoration process. Progent knows the urgency of acting quickly and in concert with a client's management and Information Technology team members to prioritize tasks and to get critical applications back on line as soon as possible.

Client Case Study: A Successful Ransomware Virus Response
A small business hired Progent after their company was crashed by Ryuk ransomware. Ryuk is thought to have been created by North Korean state hackers, possibly using techniques leaked from the United States NSA organization. Ryuk goes after specific businesses with little or no tolerance for operational disruption and is one of the most lucrative instances of ransomware. Major organizations include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in Chicago with about 500 staff members. The Ryuk intrusion had brought down all essential operations and manufacturing processes. Most of the client's system backups had been directly accessible at the beginning of the intrusion and were damaged. The client was taking steps for paying the ransom (exceeding $200K) and wishfully thinking for good luck, but in the end brought in Progent.


"I can't tell you enough about the care Progent gave us throughout the most critical period of (our) company's existence. We most likely would have paid the hackers behind this attack except for the confidence the Progent team gave us. The fact that you were able to get our messaging and important applications back in less than five days was something I thought impossible. Each consultant I spoke to or texted at Progent was hell bent on getting us operational and was working 24 by 7 on our behalf."

Progent worked hand in hand the customer to quickly get our arms around and prioritize the key elements that had to be addressed to make it possible to continue business operations:

  • Active Directory
  • Exchange Server
  • Financials/MRP
To get going, Progent adhered to ransomware event mitigation best practices by stopping the spread and removing active viruses. Progent then started the steps of bringing back online Microsoft Active Directory, the core of enterprise networks built on Microsoft Windows Server technology. Exchange messaging will not operate without AD, and the customer's MRP software utilized SQL Server, which depends on Active Directory services for security authorization to the data.

In less than two days, Progent was able to re-build Active Directory to its pre-attack state. Progent then charged ahead with rebuilding and hard drive recovery on essential servers. All Exchange Server ties and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to find local OST data files (Outlook Off-Line Folder Files) on team workstations and laptops in order to recover mail information. A not too old off-line backup of the client's manufacturing systems made them able to return these required programs back on-line. Although a lot of work needed to be completed to recover totally from the Ryuk damage, essential systems were returned to operations quickly:


"For the most part, the production line operation did not miss a beat and we made all customer shipments."

During the following couple of weeks important milestones in the restoration process were achieved through close cooperation between Progent team members and the customer:

  • Self-hosted web applications were returned to operation with no loss of data.
  • The MailStore Server exceeding four million historical messages was brought online and accessible to users.
  • CRM/Orders/Invoicing/Accounts Payable/Accounts Receivables/Inventory capabilities were fully operational.
  • A new Palo Alto Networks 850 security appliance was installed.
  • Ninety percent of the desktop computers were operational.

"So much of what happened those first few days is mostly a haze for me, but my team will not soon forget the countless hours all of you put in to help get our company back. I have been working together with Progent for at least 10 years, possibly more, and each time Progent has impressed me and delivered as promised. This time was a life saver."

Conclusion
A probable business-killing disaster was evaded due to top-tier professionals, a broad array of subject matter expertise, and tight teamwork. Although in analyzing the event afterwards the ransomware incident described here should have been blocked with current security solutions and NIST Cybersecurity Framework best practices, user education, and well designed security procedures for information backup and keeping systems up to date with security patches, the reality remains that government-sponsored hackers from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware attack, remember that Progent's roster of experts has a proven track record in crypto-ransomware virus defense, removal, and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Chris (along with others who were involved), thank you for allowing me to get some sleep after we made it past the initial push. Everyone did an amazing effort, and if any of your guys is in the Chicago area, a great meal is my treat!"

Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Restoration Consulting in Cambridge
For ransomware recovery services in the Cambridge metro area, phone Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24/7/365 Microsoft 365 Word Integration Network Consulting Microsoft 365 Management Onsite Technical Support
  • 24x7 MySQL RDBMS Programming MySQL database Upgrade

  • Virtual Server Technology Consult
    Technology Professional Virtual Server Technology

    Server proliferation wreaks havoc on network budgets and management resources. Server consolidation via a virtual infrastructure offers lower total cost of ownership of hardware and quicker return on investment, more efficient use of physical computers, simplified operations, enhanced network uptime, and easier management. Typical usage scenarios for virtual servers include resource consolidation, economical hosts for mission-critical legacy software running on obsolete operating systems, and affordable isolation of software development or pilot testing environments from production systems.

  • At Home Workforce Cambridge Consulting - Management Tools Expertise Bedford Cambridge Cambridge At Home Workforce Management Solutions Guidance
  • Award Winning Cambridge At Home Workforce Cloud Integration Solutions Consultants East of England Cambridge At Home Workers Cloud Solutions Consulting and Support Services
  • BlackBerry Network Security Consulting BlackBerry Email Network Providers St Neots
  • Cambridge Cambridge Ransomware Negotiation Expertise Cambridge Egregor Crypto-Ransomware Settlement Consulting Cambridge

  • Meraki 802.11ax AP Computer Consulting
    Meraki MR66 Access Point On-site Technical Support

    Progent's Cisco Meraki Wi-Fi access point experts offer online and onsite support services to help businesses of all sizes to plan, install, maintain, expand or debug Wi-Fi systems that utilize Cisco Meraki APs. Progent can help you to configure and support Meraki-based Wi-Fi networks for environments that range from a teleworker's home or a remote office all the way to a campus or a multi-site enterprise. Progent can also assist you to integrate other Cisco technology including switches, routers and firewalls to create a cohesive ecosystem that delivers identical access, responsiveness, security, ease of management and uptime for wired and wireless users regardless of their location or computing device.

  • Cambridge Crypto-Ransomware Hermes Susceptibility Audit Cambridge Cambridge Ransomware Snatch Vulnerability Evaluation Cambridge
  • Cambridge Crypto-Ransomware Recovery Experts Cambridge Cambridge CryptoLocker Cleanup Consultants Cambridge
  • Cambridge Exchange Software Outsourcing Consultant 24/7/365 Server Help Microsoft Exchange Server 2013 Cambridge

  • Windows Server 2022 Security and Compliance Computer Engineer
    Windows Server 2022 Hybrid Integration Remote Troubleshooting

    Progent's certified Windows Server 2022 experts can help your organization to design and carry out an efficient upgrade to Windows Server 2022 using a self-hosted system architecture or a hybrid deployment model that combines cloud-based Windows Server on Azure with an on-site installation of Windows Server 2022.

  • Cambridge Hermes Ransomware Removal Cambridge 24x7 Cambridge Maze Crypto-Ransomware Data-Recovery Cambridge
  • Cambridge Offsite Workforce Security Systems Consultants Cambridge Cambridge Teleworkers Cambridge Expertise - Endpoint Security Solutions Expertise
  • Cambridge Ryuk Crypto-Ransomware Detection Cambridge Sodinokibi Crypto-Ransomware Remediation Huntingdon
  • Cambridge Spora Crypto-Ransomware Forensics Investigation Cambridge, United Kingdom Cambridge Nephilim Crypto-Ransomware Forensics Analysis Cambridge
  • Cambridge Telecommuters Infrastructure Consulting Cambridgeshire Teleworkers Consulting - Cambridge - Integration Guidance Peterborough, England

  • wireless IP phones and Aironet APs Support Outsourcing
    Aironet 3700 Access Point Professional

    Progent's Cisco-certified wireless technology experts can assist you to configure, manage, and troubleshoot Cisco Wi-Fi devices such as Aironet and Meraki Wave 2 Wi-Fi access points (APs) plus Cisco's Wireless Network Controllers.

  • Cambridge WannaCry Ransomware Cleanup Peterborough, Great Britain Cambridge Spora Crypto-Ransomware Mitigation Cambridge

  • 24-Hour Altaro Microsoft 365 Total Mailbox Backup Configuration
    Largest Altaro Microsoft 365 Total Mailbox Backup Support and Setup

    Progent is a certified Hornetsecurity/Altaro partner and can design, configure, and manage an implementation of 365 Total Backup to preserve your Microsoft 365 user and group mailboxes, files stored within your organization's OneDrive Accounts and SharePoint sites, user and group Teams Chats, plus files on Windows-powered endpoints.

  • Cambridge, Great Britain Service Providers Top Rated Networking Services Cambridge, U.K.

  • Microsoft Operations Manager Case Studies
    Case Studies Microsoft Operations Manager

    Before Progent's MOM-based solution, network issues were approached reactively, once users complained about them. With the help of proactive, automated warnings and trend reports sent by Microsoft Operations Manager, Progent can now fix system issues before they grow to be serious enough to impact network uptime. Thanks to MOM, Progent can resolve potential problems before customers suspect that the problems are there. Progent has background with Microsoft Operations Manager 2005 and MOM 2000 to deliver small business networks enterprise-class availability, security and productivity.

  • Cisco Small Business Network Consulting Cambridge Service Provider Cisco St Neots

  • Top Quality Dynamics GP Software Remote Troubleshooting
    Network Consultant Dynamics GP/Great Plains

    Progent's Microsoft certified experts provide a range of consulting services for Dynamics GP/Great Plains. Microsoft Dynamics GP is a Microsoft accounting platform and corporate management tool based, like all Microsoft accounting tools, on the expandable and popular platform of Microsoft Windows technology. Dynamics GP 2010, the latest edition of Microsoft financial software in the Microsoft Dynamics GP/Great Plains family, provides a cost-effective solution for controlling and integrating finances, e-commerce, supply chain, manufacturing, project accounting, field service, customer relationships, and human resources. Microsoft Dynamics GP is simple to deploy and integrate, and with its segmented approach you can license only the functions you currently need, with the option to add clients and increase functionality when necessary. Progent's Microsoft Dynamics GP/Great Plains Software consulting experts can help you deploy, customize and administer Microsoft Dynamics GP 2010 as well as earlier editions of Microsoft Dynamics GP/Great Plains.

  • Cisco switch patch management Engineer Smartphone patch management Consultant Services

  • Microsoft Exchange Computer Consulting
    Technical Support Exchange 2019 Security

    Progent can assist you in any phase of your upgrade to Exchange 2019 such as deploying Windows Server 2019 for hosting Exchange; planning high availability (HA) architecture for a local, cloud-based or hybrid environment; moving mailboxes; designing and configuring Windows Hyper-V; setting up hardware load balancing; building Database Availability Groups (DAGs) with MCDB caching; setting up Skype for Business 2019 for voicemail services; setting up collaboration with SharePoint Server or SharePoint Online; preparing firewalls; integration with Microsoft 365 and setting up Outlook.

  • Consultancy BlackBerry Redirector BlackBerry Desktop Manager Engineer
  • Dynamics GP-Great Plains Dealer - Cambridge - Migration Consultant Cambridge MS Dynamics GP Gold Partner - Cambridge - Migration Programming and Support Cambridge
  • Cambridge Conti Ransomware Operational-Recovery Cambridge
  • East of England Cambridge Work at Home Employees Data Protection Technology Consulting Services Work from Home Employees Cambridge Guidance - Data Protection Technology Consulting Services Cambridgeshire, East of England, Britain
  • East of England Windows 2008 Server Technology Providers Urgent Windows 2019 Server IT Outsourcing Companies Cambridge
  • Exchange Migration Engineer Exchange 2007 to Exchange 2010 Upgrade Consulting Services
  • IT Consultants Upgrade to MDR 24 Hour EDR to MDR Migration Remote Consulting

  • Telecommuter Services Help and Support
    Work from Home Remote Support Services

    Progent has 20 years of background helping small and medium-size companies to plan, deploy, optimize, administer, and troubleshoot IT networks that incorporate a remote workforce.

  • IT Services for Network Service Firms On-site Support IT Services for Service Providers Remote Troubleshooting
  • Microsoft Certified Partner Online Help Smartphone Microsoft Expert Professional Windows Mobile 7
  • Remote Cambridge Locky Ransomware Data-Recovery Cambridgeshire, East of England
  • Microsoft Experts Windows 8.1 Training Online Support Microsoft Expert Windows 8.1 Help Desk IT Services
  • Cambridge Crypto-Ransomware Business-Recovery Cambridgeshire
  • Microsoft Report Builder Programmer Power Pivot Development Companies
  • MongoLock Ransomware Hot Line Ransomware Cryptoworm Recovery Cambridge
  • Network Specialist Cambridge, England Migrations Cambridge-Coventry
  • Offsite Workforce Consulting and Support Services near me in Cambridge - Help Desk Augmentation Consulting Experts Cambridge Work from Home Employees Cambridge Consulting Services - Call Desk Augmentation Consulting Services Huntingdon

  • Consulting Services Teams
    Microsoft Teams disaster recovery Consultant Services

    Progent can assist your organization to plan a migration to Microsoft Teams from Skype for Business and install, manage, and debug a cloud or hybrid deployment of Teams. Progent can assist you to connect Teams with Microsoft Office and Microsoft 365 apps, Exchange Online, SharePoint, and your phone infrastructure.

  • PIX 500 Firewall Computer Consultants After Hours Cisco PIX Migration IT Consultants
  • Ransomware Protection Consult Small and Midsize Business Network Management Outsourcing Consulting Services
  • Remote Workforce Cambridge Consulting Services - Collaboration Solutions Expertise Cambridge Remote Workforce Consulting near me in Cambridge - Collaboration Systems Consultants
  • Router One-On-One Training Windows Training
  • SCOM 2012 Migration Network Consulting SCOM 2012 Migration Professionals
  • SQL 2012 IT Specialist Bedford SQL Server 2014 Outsourcing Technology East of England
  • Cambridge Sodinokibi Crypto-Ransomware System-Rebuild Peterborough
  • Security Consultant Enterprise Active Directory Multi-site Information Technology Consulting Firm
  • Security Intrusion Detection Cambridgeshire CISSP Security Companies Cambridgeshire
  • Small Business Network Support Microsoft and Apple Cambridge, Middlesex County 24-7 Remote Help Desk Onsite and Remote Support Cambridge Massachusetts
  • Snatch ransomware hot line Consultant Services Hermes ransomware hot line Technology Professional
  • Supplemental IT Staffing Support Services Consulting St Neots Temporary Network Support Staffing Services Consultants Bedford
  • Suse Linux, Sun Solaris, UNIX Specialist Peterborough Configuration Red Hat Linux, Solaris, UNIX Cambridge
  • Technical Consultant Wireless LAN Site Survey Wi-Fi RF Spectrum Analysis for Wi-Fi Technical Support
  • Technical Support Microsoft SharePoint Server Cambridge Award Winning Microsoft SharePoint Server 2013 Consulting Cambridge
  • Telecommuters Consulting and Support Services near Cambridge - Video Conferencing Systems Expertise Cambridge, Great Britain Cambridge Teleworkers Voice/Video Conferencing Systems Guidance East of England

  • VPN Remote Support Services
    Support and Setup Cisco VPN

    Progent's Cisco Security/VPN professionals and CCIE and CCNP certified support staff can help your small or mid-size company deploy and maintain Cisco's security and VPN technology including routers, switches, firewalls, intrusion detection systems and VPN access concentrators. Cisco Virtual Private Network solutions include both off-site connectivity and site-to-site VPNs with Cisco IOS Software and AIM hardware encryption cards, and hardware devices, such as a VPN concentrator, router, Cisco PIX Firewall, or task-specific VPN server for dial-up services. Cisco VPN products are easy to manage and provide the versatility to evolve with your growing business needs. Progent's Cisco-Certified network experts support Cisco's complete line of hardware and software targeted at preventing data pilfering, virus and worm assaults, DDoS attacks, and other threats to your information system. Progent can show you how to integrate Cisco products to achieve secure connectivity, intrusion protection, and comprehensive Identity services based on Cisco Access Control Server using RADIUS security and TACACS to create a central client access control foundation for user authentication, authorization, and tracking from an easy-to-use Web interface.

  • Urgent Cambridge Remote Workforce Solutions Consulting Experts Cambridge At Home Workforce Cambridge Assistance - Connectivity Consultants East of England

  • Endpoint patch management Specialist
    iOS patch management Specialists

    File summary_Prosight-Patch-Management-Consultants.asp does not exist



  • Urgent Small Business Network Consulting Experts Server Troubleshoot Expert Small Office
  • Urgent Teleworkers Cambridge Guidance - IP Voice Solutions Consulting Cambridgeshire, East of England Cambridge Remote Workers VoIP Technology Consulting Experts St Neots, Britain
  • Windows 7 Integration Remote Support Windows 7 Migration On-site Support
  • macOS Outsourced IT Management Services macOS Technical Support Consult

  • © 2002-2025 Progent Corporation. All rights reserved.