Ransomware : Your Worst Information Technology Catastrophe
Ransomware  Recovery ProfessionalsRansomware has become an escalating cyberplague that poses an enterprise-level danger for businesses of all sizes unprepared for an attack. Versions of ransomware such as Reveton, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been out in the wild for a long time and still inflict havoc. More recent versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, along with daily unnamed newcomers, not only do encryption of on-line data files but also infiltrate all configured system backups. Data replicated to the cloud can also be corrupted. In a poorly designed system, this can render automatic restoration impossible and effectively sets the entire system back to zero.

Recovering programs and data after a ransomware outage becomes a race against time as the targeted business struggles to contain and clear the virus and to resume mission-critical activity. Since ransomware needs time to spread, assaults are often sprung during nights and weekends, when successful penetrations tend to take longer to discover. This compounds the difficulty of quickly mobilizing and organizing a qualified response team.

Progent makes available a variety of services for securing Cambridge businesses from ransomware events. Among these are team member training to help recognize and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's AI-based cyberthreat protection to identify and disable zero-day malware attacks. Progent also offers the services of seasoned ransomware recovery engineers with the talent and perseverance to rebuild a compromised network as urgently as possible.

Progent's Crypto-Ransomware Restoration Help
Subsequent to a ransomware penetration, paying the ransom demands in cryptocurrency does not guarantee that merciless criminals will return the keys to decipher any of your files. Kaspersky Labs ascertained that seventeen percent of crypto-ransomware victims never restored their data after having sent off the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is well above the average ransomware demands, which ZDNET determined to be approximately $13,000 for small businesses. The other path is to setup from scratch the mission-critical components of your Information Technology environment. Absent the availability of complete system backups, this calls for a wide complement of skills, professional team management, and the willingness to work non-stop until the task is done.

For decades, Progent has offered professional IT services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have been awarded advanced certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have garnered internationally-renowned certifications including CISA, CISSP, CRISC, and SANS GIAC. (See Progent's certifications). Progent also has experience with accounting and ERP applications. This breadth of expertise gives Progent the ability to knowledgably ascertain important systems and integrate the surviving pieces of your computer network system following a ransomware attack and rebuild them into an operational network.

Progent's recovery team of experts has top notch project management tools to orchestrate the complicated recovery process. Progent understands the importance of acting rapidly and in concert with a customer's management and Information Technology team members to prioritize tasks and to put the most important applications back online as soon as possible.

Business Case Study: A Successful Ransomware Penetration Recovery
A client contacted Progent after their organization was crashed by Ryuk ransomware. Ryuk is generally considered to have been launched by Northern Korean government sponsored hackers, possibly using techniques leaked from the United States NSA organization. Ryuk goes after specific companies with limited room for operational disruption and is one of the most lucrative versions of ransomware viruses. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturing company headquartered in the Chicago metro area with about 500 employees. The Ryuk intrusion had brought down all business operations and manufacturing capabilities. Most of the client's data backups had been on-line at the beginning of the intrusion and were damaged. The client was pursuing financing for paying the ransom (in excess of $200,000) and praying for the best, but ultimately engaged Progent.


"I can't say enough about the care Progent provided us throughout the most critical period of (our) company's life. We had little choice but to pay the cybercriminals except for the confidence the Progent team afforded us. The fact that you could get our e-mail and essential servers back into operation in less than one week was incredible. Each expert I spoke to or texted at Progent was absolutely committed on getting us back online and was working 24/7 on our behalf."

Progent worked together with the client to quickly get our arms around and prioritize the critical applications that needed to be recovered to make it possible to resume departmental operations:

  • Active Directory
  • Microsoft Exchange Email
  • MRP System
To get going, Progent adhered to ransomware event mitigation industry best practices by halting lateral movement and disinfecting systems. Progent then initiated the process of bringing back online Windows Active Directory, the key technology of enterprise environments built on Microsoft Windows technology. Microsoft Exchange Server email will not operate without Active Directory, and the customer's MRP applications utilized Microsoft SQL, which depends on Active Directory for access to the database.

Within 2 days, Progent was able to restore Active Directory to its pre-attack state. Progent then assisted with setup and hard drive recovery of critical applications. All Exchange ties and configuration information were intact, which greatly helped the rebuild of Exchange. Progent was also able to find intact OST files (Outlook Off-Line Data Files) on staff PCs in order to recover mail data. A not too old off-line backup of the customer's financials/MRP systems made it possible to recover these essential applications back online for users. Although significant work needed to be completed to recover completely from the Ryuk damage, core services were returned to operations quickly:


"For the most part, the production manufacturing operation ran fairly normal throughout and we produced all customer deliverables."

Throughout the next couple of weeks key milestones in the restoration project were completed in close collaboration between Progent engineers and the customer:

  • In-house web applications were brought back up with no loss of data.
  • The MailStore Server containing more than 4 million historical emails was restored to operations and accessible to users.
  • CRM/Product Ordering/Invoicing/Accounts Payable (AP)/Accounts Receivables/Inventory Control modules were completely restored.
  • A new Palo Alto 850 firewall was installed.
  • Most of the user desktops were being used by staff.

"Much of what went on that first week is mostly a fog for me, but my management will not soon forget the dedication each and every one of your team accomplished to give us our company back. I have entrusted Progent for the past ten years, possibly more, and every time Progent has come through and delivered as promised. This time was a life saver."

Conclusion
A possible business-ending disaster was evaded through the efforts of hard-working experts, a broad spectrum of subject matter expertise, and tight collaboration. Although in post mortem the crypto-ransomware virus incident detailed here could have been blocked with up-to-date security technology solutions and security best practices, team training, and well thought out incident response procedures for backup and keeping systems up to date with security patches, the reality is that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are relentless and will continue. If you do get hit by a ransomware attack, feel confident that Progent's team of professionals has a proven track record in ransomware virus defense, mitigation, and information systems recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Tony and Chris (and any others that were contributing), thanks very much for making it so I could get some sleep after we made it over the most critical parts. All of you did an amazing effort, and if anyone that helped is in the Chicago area, dinner is the least I can do!"

Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Restoration Consulting in Cambridge
For ransomware system recovery consulting in the Cambridge metro area, phone Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24-7 Fault Tolerant OSPF Configuration Consultancy Cisco Certified Expert On-site Technical Support Redundant Connectivity
  • Cambridge Lockbit Crypto-Ransomware Recovery
  • 24-Hour Failover Clustered Servers Onsite Technical Support High-Availability Failover Clustered Servers Consultant
  • After Hours SQL Expert Development MS SQL Server Contract Development
  • After Hours Small and Midsize Office Migration Help 24 Hour Small and Midsize Business Network Consultation

  • Windows 2012R2 Online Help
    Windows Server 2012 R2 Configuration Manager Remote Support

    Progent's certified professionals can help you to evaluate the benefits of Microsoft Windows Server 2012 R2 for your organization, create pilot environments and rollout plans, optimize your infrastructure for local, multi-site, cloud-based, and hybrid environments, train your IT support team, develop an enterprise-wide security plan, automate network administration, assist with application development, and generate and validate a disaster recovery/business continuity plan.

  • Apple OS X Technology Consulting Services Macintosh OS X Consultants
  • At Home Workers Cambridge Assistance - Solutions Expertise St Neots, United Kingdom At Home Workers Cambridge Consultants - Set up Consultants Huntingdon, Britain
  • At Home Workers Cambridge Guidance - Backup Technology Consulting Cambridge Teleworkers Consultants in Cambridge - Backup/Recovery Technology Consulting and Support Services Cambridge, Great Britain
  • Bedford Exchange 2016 Small Office Network Consultant Exchange 2003 Server Onsite Support Cambridge
  • Biggest Remote Workers Guidance in Cambridge - Cloud Integration Systems Assistance Cambridge At Home Workforce Cambridge Guidance - Cloud Integration Technology Consulting and Support Services Cambridge

  • Remote Technical Support Exchange 2019
    24x7 Microsoft Exchange 2016 Network Engineer

    Progent's Microsoft-certified consultants have 20 years of background planning, integrating, and supporting messaging solutions for businesses in the and across the United States. Progent provides affordable Microsoft Exchange Servers consulting services to make sure that your email system offers protection, high uptime, easy access for off-site and wireless users, efficient management tools, and productive integration with telephony. Progent offers expertise and integration services for Microsoft Exchange 2016, Microsoft Exchange 2013, Microsoft Exchange 2010, Exchange 2007 Server, Exchange 2003 Server, and MS Exchange 2K Server. Progent can also assist small or mid-size businesses to upgrade to MS Exchange 2016 or Microsoft Exchange 2013 Server.

  • BlackBerry BES Server Express Services BlackBerry Enterprise Server Express Network Engineer
  • Cambridge 24/7/365 Ransomware Removal Cambridge Cambridge WannaCry Ransomware Assessment and Recovery Cambridge, Cambridgeshire
  • Cambridge Avaddon Ransomware Data-Recovery Bedford Cambridge Maze Crypto-Ransomware Removal Cambridge
  • Cambridge Cambridge Nephilim Ransomware Forensics Analysis After Hours Cambridge Dharma Ransomware Forensics Investigation Cambridge
  • Cambridge Cambridge Telecommuters VoIP Solutions Consulting and Support Services Cambridge At Home Workforce IP Voice Solutions Guidance Cambridge
  • Cambridge Computer Specialist Cambridge-Northampton Outsourcing Technical Support
  • Cambridge Conti Crypto-Ransomware Settlement Consultants Cambridge Cambridge 24 Hour Cambridge Avaddon Crypto-Ransomware Settlement Services
  • Cambridge Offsite Workforce Help Desk Call Center Augmentation Consultants Cambridge, Great Britain Cambridge Remote Workforce Help Desk Call Center Augmentation Assistance Cambridge
  • Cambridge Ransomware Hot Line 24-7 Ransomware Hot Line Cambridge
  • Cambridge Remote Workers Security Systems Consulting Experts Cambridge, Cambridgeshire Work from Home Employees Consulting Services in Cambridge - Network Security Systems Consulting Experts
  • Cambridge Remote Workforce Conferencing Systems Consultants Cambridge Cambridge Teleworkers Conferencing Solutions Consulting Services Cambridge
  • Cambridge Snatch Crypto-Ransomware Mitigation Cambridge Cambridge Snatch Ransomware System-Restoration Peterborough
  • Cambridge Dharma Ransomware Mitigation
  • Cambridge Software Outsourcing Consultant Cambridge-Coventry IT Outsourcing Firm

  • Engineer Virtual Server Technology
    Server Virtualization On-site Technical Support

    By using virtual servers, companies are able to operate many virtual machines on one physical server. Virtual server technology allows businesses to gain all the benefits of server isolation, but without the costs that goes with purchasing extra server hardware. Virtualization is also the enabling technology for building private clouds, which provide important advantages including reducing the costs of capital equipment, datacenter facilities, and management while improving information protection, network reliability, and disaster recovery. Other key server management options include network monitoring software, Microsoft WSUS, and remote system management hardware. Progent's professional server management consultants can assist you in all areas of server consolidation and administration to enable your company to contain costs and conserve time.

  • Cambridge, Great Britain Cambridge DopplePaymer Crypto-Ransomware Repair Cambridge Ryuk Crypto-Ransomware Cleanup Experts Cambridgeshire, East of England

  • 24/7 Network Skills Transfer
    Education Operating System

    Progent practices knowledge transfer from Progent's support experts to customers. By educating clients to resolve technical issues that are within their comfort zone, Progent is able to concentrate on providing hard-to-find skills where Progent has little competition. Medium-size businesses who utilize familiar freelance consultants or who maintain in-house IT personnel benefit when Progent passes on knowledge about critical technology and tested processes to make their networks more robust, protected, and productive.

  • Cambridgeshire, East of England At Home Workforce Cambridge Guidance - Endpoint Management Tools Guidance 24x7 Remote Workforce Cambridge Consulting Services - Endpoint Management Tools Consultants Cambridgeshire
  • Catalyst Wi-Fi 6 AP Management Setup and Support Catalyst Wi-Fi Access Point Online Support Services
  • Cisco Computer Support Cambridge, Cambridgeshire Cisco Software Consultants Cambridge
  • Consultancy Services Company SQL 2012 Cambridge Computer Network Service Company SQL Server 2019 Bedford
  • Cybersecurity Firm Firewall Cambridge Network Consultant Firewall Cambridge
  • East of England Support Outsourcing Microsoft SharePoint Server SharePoint Setup and Support Cambridge
  • Cambridge Dharma Ransomware Repair Cambridgeshire, East of England
  • East of England Telecommuters Cambridge Consulting Services - Setup Consulting Services Cambridge Teleworkers Integration Expertise Cambridgeshire
  • Immediate MS Dynamics GP-Software Premier Partner nearby Cambridge - Reporting Support Huntingdon Dynamics GP-Software Supplier nearby Cambridge - Training Support Services Cambridge, Britain
  • Integration Services Ekahau Sidekick Wi-Fi Network Design Ekahau Wi-Fi RF Coverage Maps Network Consultant
  • MySQL Developer Firms MySQL Enterprise Edition Development Firm
  • Network Consultant Red Hat Linux, Solaris, UNIX Cambridgeshire, East of England Fedora Linux, Solaris, UNIX Integration Support Huntingdon
  • Network Consulting SQL Server 2017 Always Encrypted Support SQL Server 2017 OLTP

  • SharePoint Server 2010 Support Outsourcing
    SharePoint Web Parts Consulting

    Progent's Microsoft consultants can provide cost-effective online technical support and programming services to help your business to plan, deploy, manage, and troubleshoot Microsoft SharePoint 2010 environments that can include web sites able to function as intranets, extranets, document management tools, blogs, data warehouses, business information systems, enterprise search, workflows, and other tools to promote and enhance information sharing. Progent can show you how to combine SharePoint 2010 with Microsoft SQL Server and with other data sources as well as with Microsoft's familiar desktop applications including Office Excel, Word, PowerPoint, and Visio. Progent can assist your business to upgrade from previous releases of SharePoint or adapt a mix of web technologies into a unified and easy-to-manage SharePoint 2010 solution.

  • Offsite Managed Data Backup Service Professionals After Hours Engineers Offsite Backup Service
  • On-site Support Windows Virtual Desktop for Mac VirtualPC for Mac Technical Consultant
  • RIM BlackBerry Technical Support Cambridge Cambridge 24/7 BlackBerry BPS Small Business IT Support Firms
  • SCCM 2016 and Windows 10 Online Help SCCM 2016 MAM Online Consulting
  • SCOM 2012 Fabric Monitoring Consultant Services Help and Support Microsoft SCOM 2012 Migration
  • Security Consultants Stealth Penetration Testing 24x7 Security Penetration Testing Consulting

  • Windows Server 2019 Windows Admin Center Consultants
    Windows 2019 Integration

    Progent's Microsoft-certified Windows Server 2019 consultants can help your organization to plan and implement a cost-effective migration to Windows Server 2019 using your current deployment architecture or a new cloud-based or hybrid model. Windows Server 2019 delivers major enhancements in scale, speed, ease of management, virtualization, security and compliance, hybrid local/cloud deployments, availability, and container support.

  • Spora ransomware hot line Consulting Open Now Snatch ransomware hot line Consulting
  • Staffing for Computer Support Teams Bedford Short-Term IT Staffing Support Expertise Huntingdon
  • Top Cambridge Ransomware Phobos ransomware recovery Cambridge Cambridge Crypto-Ransomware Conti protection and ransomware recovery Cambridge

  • On-site Support macOS and Cisco ASA Firewalls
    macOS VPN Support

    Progent's certified security staff can help you safeguard your Mac network through expert support offerings such as performing security tests, clean up after virus and denial of service attacks, configuring firewalls, implementing safe off-site and mobile access, deploying monitoring programs for protection against viruses, spam, and directory harvest attacks, and creating a company-wide security plan appropriate for the particular objectives of your corporate information system.

  • Urgent Network Integration Services Cambridge Lowell Microsoft Windows Outsourced IT Management Services Cambridge, MA
  • Windows Server 2016 Network Consultant Cambridge Windows 2008 Server Small Business Network Consulting Firm Cambridge
  • Work from Home Employees Consulting Services - Cambridge - Collaboration Technology Consulting and Support Services Peterborough Cambridge Work at Home Employees Collaboration Technology Consulting Services Cambridge
  • ransomware system rebuild Consult Consulting Locky ransomware recovery

  • © 2002-2024 Progent Corporation. All rights reserved.