Ransomware : Your Worst Information Technology Nightmare
Ransomware  Remediation ProfessionalsRansomware has become a modern cyberplague that represents an extinction-level threat for businesses vulnerable to an assault. Different versions of crypto-ransomware such as Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been replicating for a long time and still inflict damage. More recent versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, along with more unnamed viruses, not only encrypt on-line information but also infect many configured system protection. Files synchronized to the cloud can also be ransomed. In a vulnerable system, it can render any restore operations impossible and effectively knocks the network back to zero.

Retrieving programs and data following a ransomware intrusion becomes a race against time as the victim struggles to stop lateral movement, eradicate the ransomware, and restore enterprise-critical operations. Because ransomware needs time to replicate throughout a network, attacks are often sprung at night, when successful attacks tend to take more time to uncover. This compounds the difficulty of quickly mobilizing and organizing a capable mitigation team.

Progent provides an assortment of help services for securing Cambridge enterprises from crypto-ransomware events. These include staff education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's AI-based threat defense to detect and suppress zero-day modern malware assaults. Progent in addition provides the assistance of veteran crypto-ransomware recovery engineers with the talent and commitment to restore a compromised environment as soon as possible.

Progent's Ransomware Recovery Help
After a crypto-ransomware event, even paying the ransom demands in cryptocurrency does not guarantee that criminal gangs will return the needed codes to decipher any or all of your files. Kaspersky determined that 17% of ransomware victims never restored their files even after having sent off the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms are typically several hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The other path is to re-install the critical elements of your IT environment. Without access to essential data backups, this calls for a wide range of skill sets, well-coordinated project management, and the ability to work 24x7 until the recovery project is finished.

For twenty years, Progent has offered professional Information Technology services for companies throughout the U.S. and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have earned top certifications in leading technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have earned internationally-recognized certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has experience in accounting and ERP software solutions. This breadth of experience affords Progent the skills to knowledgably determine important systems and re-organize the surviving pieces of your network system after a ransomware event and assemble them into a functioning network.

Progent's recovery team of experts deploys best of breed project management systems to orchestrate the complex restoration process. Progent understands the urgency of acting quickly and in unison with a client's management and IT staff to assign priority to tasks and to put essential systems back online as fast as possible.

Client Case Study: A Successful Ransomware Incident Response
A client sought out Progent after their network system was penetrated by Ryuk ransomware. Ryuk is thought to have been created by North Korean state sponsored hackers, possibly adopting technology exposed from the U.S. National Security Agency. Ryuk attacks specific organizations with little or no room for disruption and is one of the most lucrative incarnations of ransomware. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturer headquartered in Chicago with around 500 staff members. The Ryuk attack had disabled all business operations and manufacturing processes. Most of the client's data protection had been on-line at the time of the attack and were encrypted. The client was evaluating paying the ransom demand (exceeding $200,000) and wishfully thinking for the best, but in the end utilized Progent.


"I can't thank you enough about the help Progent gave us throughout the most fearful time of (our) businesses existence. We may have had to pay the cyber criminals except for the confidence the Progent experts afforded us. The fact that you were able to get our messaging and production servers back online in less than one week was amazing. Every single expert I spoke to or texted at Progent was totally committed on getting us working again and was working non-stop to bail us out."

Progent worked together with the customer to rapidly assess and assign priority to the essential systems that needed to be recovered in order to restart company functions:

  • Active Directory
  • Electronic Messaging
  • Accounting/MRP
To begin, Progent followed AV/Malware Processes event response industry best practices by halting lateral movement and clearing infected systems. Progent then began the process of recovering Microsoft AD, the heart of enterprise environments built on Microsoft Windows Server technology. Microsoft Exchange Server email will not function without AD, and the customer's MRP applications leveraged SQL Server, which requires Active Directory services for authentication to the data.

In less than 48 hours, Progent was able to re-build Active Directory services to its pre-intrusion state. Progent then helped perform rebuilding and storage recovery of key servers. All Exchange ties and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to assemble non-encrypted OST data files (Outlook Offline Data Files) on staff workstations and laptops to recover mail information. A recent offline backup of the client's financials/MRP systems made it possible to return these essential services back available to users. Although significant work needed to be completed to recover totally from the Ryuk virus, core systems were recovered quickly:


"For the most part, the production line operation was never shut down and we did not miss any customer orders."

Throughout the next month important milestones in the recovery project were accomplished through close cooperation between Progent consultants and the customer:

  • Self-hosted web applications were brought back up without losing any information.
  • The MailStore Exchange Server exceeding 4 million historical messages was spun up and accessible to users.
  • CRM/Product Ordering/Invoicing/AP/Accounts Receivables/Inventory functions were 100 percent operational.
  • A new Palo Alto Networks 850 firewall was installed and configured.
  • Ninety percent of the user desktops and notebooks were back into operation.

"So much of what transpired in the initial days is nearly entirely a blur for me, but I will not forget the urgency each and every one of you put in to help get our business back. I've utilized Progent for at least 10 years, possibly more, and every time I needed help Progent has outperformed my expectations and delivered as promised. This situation was a Herculean accomplishment."

Conclusion
A likely business extinction catastrophe was dodged due to dedicated experts, a wide array of knowledge, and tight collaboration. Although upon completion of forensics the crypto-ransomware virus incident described here would have been disabled with advanced cyber security technology solutions and best practices, user education, and well thought out incident response procedures for information backup and proper patching controls, the fact is that state-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and are not going away. If you do get hit by a crypto-ransomware virus, remember that Progent's roster of experts has substantial experience in crypto-ransomware virus defense, remediation, and file disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were helping), thanks very much for making it so I could get some sleep after we made it past the most critical parts. All of you did an incredible job, and if any of your guys is around the Chicago area, a great meal is on me!"

Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Expertise in Cambridge
For ransomware recovery consulting services in the Cambridge metro area, call Progent at 800-462-8800 or visit Contact Progent.



An index of content::

  • 24-Hour Cambridge Ransomware Recovery Peterborough Top Quality Cambridge Critical Ransomware Cleanup Consultants Cambridge
  • Active Directory Information Technology Consulting Company MCSE Expert Certified Active Directory IT Support
  • Cambridge Ryuk Ransomware Infection Operational-Recovery Case Study Cambridge
  • After Hours Cambridge Ransomware Mitigation Cambridge Cambridge Maze Crypto-Ransomware Data-Recovery Cambridge
  • After Hours Windows Virtual Desktop for Apple Mac Computer Consulting Windows Desktop Simulation on macOS Technical Support Services
  • At Home Workforce Consulting Services in Cambridge - Management Solutions Expertise Cambridge Remote Workers Cambridge Consulting Experts - Endpoint Management Solutions Guidance Peterborough
  • Barracuda Backup Restore Technical Support Services Technical Consultant Barracuda Backup Software Appliance
  • Biggest Progent Small Office IT Service Provider Progent Small Businesses Network Installations
  • BlackBerry BES Express Specialist BlackBerry BES Server Express Professional
  • Cambridge At Home Workforce Help Desk Solutions Expertise Cambridge, Cambridgeshire Cambridge At Home Workers Call Desk Augmentation Assistance Cambridge
  • Cambridge BlackBerry Software Server Integrators Cambridge, Cambridgeshire Consultancy Services BlackBerry Professional Software
  • Cambridge Crypto-Ransomware Data-Recovery Cambridge Emergency Cambridge Ryuk Crypto-Ransomware Infection File-Recovery Case Study East of England
  • Cambridge Crypto-Ransomware NotPetya Vulnerability Report St Neots Cambridge Crypto-Ransomware Ryuk Readiness Testing Cambridge, UK
  • Cambridge Remote Workforce Cloud Solutions Expertise At Home Workers Consultants near Cambridge - Cloud Integration Systems Assistance Cambridge
  • Cambridge WannaCry Crypto-Ransomware System-Restore Cambridge
  • Cambridge Ryuk Crypto-Ransomware Settlement Guidancen Cambridge, U.K. Cambridge Phobos Crypto-Ransomware Settlement Negotiation Consulting Cambridge
  • Cambridge Snatch Ransomware Forensics Investigation Cambridgeshire Cambridge Avaddon Crypto-Ransomware Forensics Investigation Cambridge

  • IT Services Meraki Wi-Fi Access Point
    Meraki MR62 Access Point Computer Consultants

    Progent's Meraki wireless AP consultants offer remote and on-premises support services to help organizations of any size to design, install, maintain, expand or debug Wi-Fi networks that utilize Cisco Meraki APs. Progent can assist you to set up and manage Meraki-based Wi-Fi networks for sites that range from a teleworker's home or a branch office to a campus or a nationwide enterprise. Progent can also assist you to integrate other Cisco products including switches, routers and firewalls to build a seamless network infrastructure that delivers identical access, performance, security compliance, ease of management and uptime for wired and Wi-Fi users regardless of their mobility or device.

  • Cambridge Spora Ransomware Data-Recovery Cambridgeshire, United Kingdom Cambridge Avaddon Crypto-Ransomware Operational Recovery

  • 24x7 Microsoft Project Server Developer
    Project Server Coder

    Progent's Microsoft-certified consultants offer in-depth expertise in implementing, operating and debugging all versions of Microsoft Project Server and can provide a wide range of affordable online support services based on proven best practices to help businesses of all sizes to receive all the advantages of this powerful project management solution. Services available from Progent include system design, software configuration and migration, setting up secure collaboration among local and remote or mobile users, network optimization, and customized online training.

  • Cambridge Telecommuters Video Conferencing Solutions Consultants Cambridge Cambridge At Home Workers Voice/Video Conferencing Solutions Consulting and Support Services Huntingdon
  • Cambridge Teleworkers Collaboration Solutions Consulting and Support Services St Neots Cambridge Top Rated At Home Workforce Consulting Services - Cambridge - Collaboration Systems Expertise
  • Cambridgeshire Cambridge Work from Home Employees Backup/Restore Solutions Consulting Cambridge Telecommuters Backup/Recovery Technology Consulting and Support Services
  • Cisco Experts Cambridge-Northampton Computer Consultation 24/7 Cambridge, Great Britain System Consultants
  • Cisco Network Setup Huntingdon Cisco Software Consultant
  • Cisco and Microsoft Cambridge, Great Britain Network Security Consultant Cambridge-Peterborough Small Business Network Consulting Firms
  • Co-managed Support Desk Online Technical Support Virtual Helpdesk Remote Technical Support
  • Computer System Consultant Nebraska Oregon Network System Support Consultant

  • Anti-Spam Technology Consulting
    Top Rated Support and Help Anti-Spam

    E-Mail Guard is Progent's affordable antispam and anti-virus solution that gives small companies world-class protection from spam, viruses, directory harvesting, and other forms of email-borne assaults on computer systems. E-Mail Guard is based on Postini's perimeter management technology, a full suite of web-managed antispam and antivirus services that ward off email attacks before they are able to breech the corporate firewall. Perimeter Manager also lets administrators track and manage their email application, irrespective of server platform, hardware technology, or geographic location.

  • Consultants Dynamics GP Continuum Dynamics GP VBA Engineer
  • Consulting Jabber and Exchange Best Jabber and Android Online Troubleshooting

  • Biggest ProSight Email Zero Hour Protection Consultant
    Consultant Services ProSight Email Virus Filtering

    Progent's ProSight Email Guard uses the technology of top information security companies to deliver web-based control and world-class protection for your email traffic. The hybrid structure of Email Guard managed service integrates cloud-based filtering with an on-premises gateway appliance to offer complete defense against spam, viruses, Dos Attacks, DHAs, and other email-borne malware. ProSight Email Guard's Cloud Protection Layer serves as a first line of defense and blocks most threats from making it to your network firewall. This decreases your exposure to inbound threats and conserves system bandwidth and storage space. ProSight Email Guard's onsite security gateway appliance provides a deeper level of inspection for inbound email. For outbound email, the local security gateway offers anti-virus and anti-spam filtering, policy-based Data Loss Prevention, and email encryption. The onsite security gateway can also assist Exchange Server to track and protect internal email that stays inside your corporate firewall.

  • Designers Microsoft SQL Server 2017 Cambridgeshire Microsoft SQL Server 2016 Integration Specialists Cambridge, Cambridgeshire
  • Emergency At Home Workers Consulting Experts near Cambridge - Integration Solutions Consulting Services Huntingdon Offsite Workforce Cambridge Consulting Experts - Support Consulting Experts Cambridge
  • Envisioning Phase: Requirements Definition Networking Specialist Enterprise Services Project Methodology Remote Consulting
  • Help Desk Small Office IT Consulting Services Cambridge Computer Network Firms Remote Help Desk Cambridge

  • Nexus Switch On-site Technical Support
    Urgent Nexus NX-OS Support Outsourcing

    Cisco Nexus switches are engineered to provide the performance, expandability, resilience, virtualization support, density, security and ease of management required to act as the heart of a world-class data center. Progent's CCIE-certified Nexus switch consultants are available to provide online and on-premises consulting and troubleshooting expertise to assist your business to create an optimal switch topology, build test systems to validate your switching solution, deploy Nexus switches, define and enforce effective policies, perform security vulnerability evaluations, set up advanced monitoring, fully utilize network resources through virtualization, troubleshoot switching and routing problems, maximize performance, plan for expected growth, and set up the advanced high-availability (HA) features incorporated into Cisco's Nexus switches. Progent can also help your business to upgrade non-disruptively from legacy Nexus switches or Cisco Catalyst switches to up-to-date Nexus switches.

  • Hermes Ransomware Hot Line Peterborough, U.K. Ransomware Hot Line Peterborough

  • Catalyst Wi-Fi 6/6E AP Planning Remote Technical Support
    Remote Catalyst Wi-Fi 6 and Wi-Fi 6E AP Layout IT Services

    Progent's Cisco-certified wireless integration experts can help you to configure, manage, and debug Cisco Wi-Fi devices including Cisco's Aironet and Meraki Wave 2 wireless access points plus Cisco's Wireless Network Controllers.

  • IT Consultant Microsoft Exchange 2016 Cambridgeshire, United Kingdom Urgent Software Consultant Microsoft Exchange 2010 Peterborough
  • IT Consulting SQL Server 2014 Backup Encryption Microsoft Expert SQL Server 2014 Azure Backup Outsourcing
  • Immediate IT Outsourcing Windows 2008 Server Cambridgeshire, East of England After Hours Microsoft Windows Server 2019 Computer Outsourcing Consultant

  • DopplePaymer ransomware hot line Consult
    ransomware removal and restore Consulting Services

    Progent's Ransomware Hot Line provides 24x7 access to a experienced ransomware recovery expert who can assist you to halt the spread of an active ransomware breach. Call 800-462-8800

  • Immediate Work from Home Employees Consulting Services nearby Cambridge - IP Voice Systems Consultants Cambridge Cambridge Telecommuters IP Voice Solutions Consulting
  • Information Technology Consulting Remote Workers Video Conferencing Work at Home Conferencing Troubleshooting
  • Mac Virus Recovery Support Outsourcing Mac and Cisco PIX Firewalls Online Support

  • On-site Support Network Consultant
    Onsite Support Computer Consultant

    For medium-size businesses looking for IT consulting services, Progent offers a variety of options including local service, on-line support, off-site Call Center, 24x7 support with automatic system monitoring, emergency staff augmentation, business relocation support, software programming, and professional consulting. For midsize companies in California or other regions covered by Progent's onsite consultants, Progent provides expert onsite support for solving network problems quickly and affordably.

  • Microsoft Dynamics GP-Great Plains Vender in Cambridge - Implementation Outsourcing Huntingdon 24x7x365 MS Dynamics GP Cambridge VAR - SQL Server Consultant Cambridge, Cambridgeshire
  • Microsoft SQL Server 2012 AlwaysOn Failover Cluster IT Consultants SQL Server 2012 Migration Consulting
  • Network Engineer System Center 2016 Data Protection Manager Microsoft Expert Technical Consultant SCDPM 2016 Upgrade
  • ProSight DPS ECHO Backup and Recovery Services Network Consultants Offsite Managed Data Backup/Recovery Services Online Technical Support

  • Hornetsecurity Altaro 365 Total Backup Technology Consulting Services
    Altaro 365 Total Backup Information Technology Consulting

    Progent is an authorized Hornetsecurity/Altaro partner and can design, configure, and manage an implementation of 365 Total Backup to safeguard your Microsoft 365 user and group mailboxes, files stored on your organization's OneDrive Accounts and SharePoint sites, Teams Chats, plus files on Windows-powered endpoints.

  • Remote Workers Consultants near Cambridge - Integration Expertise Cambridge Telecommuters Infrastructure Guidance Cambridgeshire, East of England
  • Security Protect Huntingdon Cambridge 24 Hour Security Security Consulting

  • Whitepaper IT Outsourcing Example
    White Papers Small Business IT Outsourcing

    Progent's IT outsourcing packages provide affordable computer support for mid-size businesses. Whether it includes designing system infrastructure, setting up an internal Help Desk or outsourcing a one, rolling out a new email platform, monitoring your network, or developing a web-based eCommerce solution, outsourcing your IT technical services can smooth out expenses and minimize uncertainties, allowing network service expenses to increase in a more linear and manageable fashion than is possible by amassing a bulky, knowledgeable in-house network support staff. Progent's Outsourcing White Paper and flyers tell you how Progent can help you create a protected and highly available network architecture for your vital Windows-powered business software such as Windows 2008, Exchange Server 2007, and SQL Server.

  • SharePoint Server 2013 IT Consultant Cambridge Troubleshooting Microsoft SharePoint Bedford

  • IPsec VPN Auditing
    Intrusion Protection Systems Compliance Audit

    Progent provides organizations of any size professional consulting for Intrusion Protection products and IPsec VPN technology from leading firewall and Virtual Private Network security vendors including Palo Alto Networks, Check Point Software, Juniper Networks, Fortinet, and SonicWall. Progent can show you how to create a detailed security strategy and choose appropriate products from multiple suppliers to achieve your security objectives while sticking within your spending limits.

  • Small Business 100 AP Online Consulting Small Business WAP551 Onsite Technical Support
  • Supplemetary IT Staffing for Network Service Groups Cambridge Cambridge Temporary IT Staffing Support Services Cambridge

  • prime infrastructure Technical Support Services
    Remote Consulting prime infrastructure

    Cisco's Catalyst Wi-Fi controllers streamline the management of Wi-Fi networks by unifying the provisioning and control of wireless access points, tuning Wi-Fi performance by limiting the impact of radio frequency congestion, enhancing wireless availability with rapid auto-failover, and hardening security by detecting cyber threats and filtering network traffic based on user class and location. Progent's Wi-Fi consultants can assist you to configure Cisco wireless LAN controllers to manage Wi-Fi networks of any size. Progent can assist you to administer and debug your current Cisco Wi-Fi solution or implement a smooth migration to Cisco's latest Wi-Fi controller solutions.

  • Telecommuters Consulting - Cambridge - Security Solutions Consulting Cambridge Cambridge 24/7 Remote Workforce Cambridge Consultants - Network Security Systems Consulting Experts
  • Cambridge Spora Crypto-Ransomware Remediation Cambridge
  • Top Quality Microsoft Dynamics GP Help and Support Dynamics GP Development Engineers
  • Cambridgeshire, East of England Cambridge Ryuk Crypto-Ransomware Virus System-Rebuild
  • Troubleshooting Suse Linux, Solaris, UNIX Cambridgeshire, East of England Gentoo Linux, Solaris, UNIX Online Support Services

  • © 2002-2024 Progent Corporation. All rights reserved.