Crypto-Ransomware : Your Worst Information Technology Disaster
Crypto-Ransomware  Remediation ExpertsRansomware has become an escalating cyber pandemic that poses an extinction-level danger for businesses of all sizes unprepared for an assault. Different iterations of crypto-ransomware such as CrySIS, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been running rampant for a long time and still inflict damage. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, along with daily as yet unnamed viruses, not only encrypt online information but also infiltrate any configured system restores and backups. Information synched to cloud environments can also be ransomed. In a vulnerable data protection solution, this can make automated restore operations hopeless and basically sets the network back to square one.

Retrieving programs and information after a ransomware intrusion becomes a sprint against the clock as the targeted organization struggles to contain the damage and eradicate the ransomware and to resume mission-critical operations. Because crypto-ransomware takes time to spread, penetrations are frequently sprung on weekends and holidays, when attacks are likely to take longer to detect. This compounds the difficulty of promptly marshalling and orchestrating a qualified mitigation team.

Progent offers a range of solutions for protecting Cambridge businesses from ransomware penetrations. Among these are user training to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of next-generation security gateways with artificial intelligence technology to automatically discover and suppress zero-day cyber attacks. Progent in addition provides the services of expert ransomware recovery engineers with the skills and commitment to reconstruct a breached network as soon as possible.

Progent's Ransomware Restoration Services
After a ransomware event, sending the ransom demands in Bitcoin cryptocurrency does not provide any assurance that cyber hackers will return the keys to decrypt any or all of your data. Kaspersky estimated that 17% of crypto-ransomware victims never restored their information after having sent off the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is significantly higher than the usual crypto-ransomware demands, which ZDNET estimated to be around $13,000 for smaller businesses. The fallback is to piece back together the essential elements of your IT environment. Without the availability of essential system backups, this requires a broad range of skill sets, top notch project management, and the ability to work non-stop until the job is done.

For two decades, Progent has offered professional Information Technology services for companies throughout the United States and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have been awarded advanced certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security experts have garnered internationally-recognized certifications including CISA, CISSP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial systems and ERP application software. This breadth of expertise affords Progent the skills to efficiently determine important systems and re-organize the remaining parts of your network system following a crypto-ransomware event and assemble them into an operational network.

Progent's recovery group uses powerful project management applications to orchestrate the complex recovery process. Progent knows the importance of acting swiftly and in concert with a client's management and IT staff to assign priority to tasks and to put the most important applications back on line as soon as possible.

Customer Case Study: A Successful Crypto-Ransomware Attack Restoration
A small business sought out Progent after their organization was penetrated by the Ryuk ransomware. Ryuk is thought to have been developed by North Korean government sponsored criminal gangs, suspected of adopting strategies exposed from the U.S. NSA organization. Ryuk seeks specific companies with little or no room for operational disruption and is among the most profitable instances of ransomware. Headline organizations include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturing business located in the Chicago metro area and has about 500 employees. The Ryuk event had disabled all essential operations and manufacturing capabilities. The majority of the client's information backups had been online at the beginning of the attack and were damaged. The client was taking steps for paying the ransom demand (in excess of $200K) and praying for good luck, but in the end called Progent.


"I canít thank you enough in regards to the care Progent gave us during the most stressful time of (our) companyís existence. We had little choice but to pay the Hackers except for the confidence the Progent experts afforded us. That you were able to get our e-mail system and critical servers back into operation faster than five days was something I thought impossible. Every single staff member I talked with or texted at Progent was urgently focused on getting us back on-line and was working day and night on our behalf."

Progent worked together with the customer to quickly understand and prioritize the mission critical applications that needed to be restored to make it possible to continue business operations:

  • Microsoft Active Directory
  • E-Mail
  • Accounting/MRP
To get going, Progent followed ransomware event response industry best practices by stopping the spread and removing active viruses. Progent then initiated the task of restoring Active Directory, the heart of enterprise networks built on Microsoft Windows technology. Microsoft Exchange Server email will not operate without Active Directory, and the customerís MRP system leveraged Microsoft SQL Server, which requires Active Directory services for authentication to the database.

Within 48 hours, Progent was able to re-build Active Directory services to its pre-penetration state. Progent then charged ahead with rebuilding and storage recovery on key servers. All Exchange Server ties and configuration information were intact, which facilitated the rebuild of Exchange. Progent was also able to collect non-encrypted OST data files (Outlook Offline Data Files) on team desktop computers in order to recover mail messages. A not too old offline backup of the client's accounting/ERP software made them able to restore these vital programs back available to users. Although a large amount of work remained to recover fully from the Ryuk event, critical services were restored rapidly:


"For the most part, the manufacturing operation was never shut down and we delivered all customer shipments."

Throughout the following couple of weeks critical milestones in the restoration project were completed through close collaboration between Progent team members and the client:

  • Internal web sites were returned to operation with no loss of information.
  • The MailStore Microsoft Exchange Server with over four million archived emails was restored to operations and available for users.
  • CRM/Customer Orders/Invoicing/Accounts Payable (AP)/AR/Inventory capabilities were fully recovered.
  • A new Palo Alto 850 firewall was set up.
  • 90% of the user desktops and notebooks were fully operational.

"Much of what went on in the initial days is mostly a fog for me, but I will not soon forget the urgency all of you accomplished to give us our business back. I have been working with Progent for at least 10 years, possibly more, and every time I needed help Progent has shined and delivered as promised. This time was a testament to your capabilities."

Conclusion
A potential business-killing disaster was avoided with results-oriented professionals, a wide range of IT skills, and close teamwork. Although in hindsight the ransomware virus penetration detailed here could have been stopped with modern cyber security technology solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user education, and well thought out incident response procedures for data protection and applying software patches, the fact is that government-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and are an ongoing threat. If you do fall victim to a ransomware incursion, feel confident that Progent's team of experts has extensive experience in ransomware virus blocking, remediation, and information systems restoration.


"So, to Darrin, Matt, Aaron, Dan, Jesse, Arnaud, Allen, Tony and Chris (along with others who were involved), thank you for allowing me to get rested after we made it over the most critical parts. Everyone did an fabulous effort, and if any of your team is visiting the Chicago area, dinner is the least I can do!"

Download the Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Services in Cambridge
For ransomware cleanup consulting in the Cambridge metro area, call Progent at 800-462-8800 or see Contact Progent.



An index of content::

  • 24-Hour Consult ProSight Email Spoofing Protection Cloud Protection for Email Services

  • Unified Single Number Reach Help and Support
    Cisco Jabber Consultant Services

    Progent's Cisco Jabber consultants offer remote or on-premises support to assist organizations of any size to plan, implement, manage, update or troubleshoot Cisco Jabber environments and Cisco Unified Communications Manager ecosystems. Progent offers advanced expertise for all the technologies that go into building a cohesive Jabber solution such as Cisco network devices and management software, Microsoft 365 apps, Windows and Mac computers, Apple iOS and Google Android smartphones and tablets, SIP trunking, Wi-Fi networks, cyber security, cloud computing, telepresence systems, PBX systems, business continuity, and the many other pieces of a modern collaboration ecosystem.

  • 24x7 CRISC Certified Risk Monitoring Remote Troubleshooting Microsoft and Cisco Authorized Expert Consultant Services Risk Response
  • 24x7 Specialists Apple MACos with Windows Office for Mac Consulting Services
  • BlackBerry BES Server Express Consultant Top Quality BlackBerry Enterprise Server Express Remote Support Services

  • Help and Support Microsoft Windows 10 Migration
    Microsoft Windows 10 Assessment and Deployment Kit Services

    Progent's Microsoft-certified consulting experts can assist organizations of any size to evaluate Windows 10 or to migrate to Windows 10 from any earlier release of Windows. Online and onsite assessment and upgrade services for Microsoft Windows 10 offered by Progent's consultants include Return on Investment analysis, project coordination, application compatibility testing, test lab systems, Hyper-V virtualization architecture, Cloud and hybrid solutions, mobile management and synchronization, teleworker connectivity, security and compliance, streamlined provisioning and management, network infrastructure optimization, Wi-Fi support, business continuity planning, custom training for IT support staff and end users, and post-migration technical help.

  • BlackBerry Smartphone Computer Consulting Group Cambridge RIM BlackBerry Small Business IT Outsourcing Group Cambridge
  • CCDP Expert Certified Troubleshooting Meraki MR84 Access Point Meraki MR18 Access Point Network Consultant
  • CISSP Firewall Network Install Cambridge Security Technical Support Cambridge
  • Cambridge At Home Workers Support Consulting and Support Services Cambridge Top Ranked Cambridge At Home Workforce Support Consulting Cambridge
  • Cambridge Cambridge 24/7/365 CryptoLocker Remediation Cambridge 24-7 Ransomware Removal Help Cambridgeshire
  • Cambridge Cambridge Crypto-Ransomware Conti protection and ransomware recovery Cambridge Top Quality Cambridge Crypto-Ransomware Maze Preparedness Consultation

  • Microsoft Windows 7 Migration Online Consulting
    Windows 7 Wireless Support and Integration

    Progent's Microsoft certified consultants can assist you to evaluate Microsoft Windows 7 to confirm application and driver compatibility and to check its performance and reliability working with your applications. Progent's consultants can also help you to assess the likely business value of adopting Windows 7. If Microsoft Windows 7 makes sense for your business strategy, Progent can assist you to design and implement a non-disruptive deployment of Windows 7 from a previous version of Microsoft Windows.

  • Cambridge Dynamics GP Migration Support Cambridge, United Kingdom Cambridge Microsoft Dynamics GP-Great Plains Reporting Support Cambridge
  • Cambridge Hermes Crypto-Ransomware Data-Recovery Cambridge Cambridge Cambridge Egregor Ransomware System-Restoration
  • Cambridge Maze Crypto-Ransomware System-Rebuild Cambridge Cambridge Spora Crypto-Ransomware Repair
  • Cambridge Nephilim Ransomware Settlement Negotiation Support Cambridge Cambridge Crypto-Ransomware Negotiation Experts
  • Cambridge Netwalker Ransomware Cleanup Cambridge Cambridge Ransomware Repair Cambridge
  • Cambridge Remote Workforce Cloud Solutions Consulting Services Work at Home Employees Cambridge Consulting Services - Cloud Integration Solutions Expertise Cambridge
  • Cambridge Staffing Help Cambridge Supplemetary IT Staffing for Computer Support Organizations Cambridge
  • Cambridge Teleworkers Cambridge Consulting Services - Help Desk Call Center Augmentation Consulting Experts Offsite Workforce Consultants near me in Cambridge - Help Desk Call Center Augmentation Consulting and Support Services Cambridge
  • Cambridge Work from Home Employees Endpoint Security Systems Consulting Cambridge Cambridge Telecommuters Cybersecurity Solutions Expertise Cambridge
  • Cambridge-Norwich IT Outsourcing Firms Security Consultants Cambridge, Great Britain
  • Cisco IT Consulting Companies Cambridge, Cambridgeshire Cisco Computer Consultant Cambridge, United Kingdom
  • Computer Support For Small Offices Emergency Phone Support Cambridge Network Recovery Microsoft Windows Cambridge Lowell, America
  • Consult domain management ProSight network asset documentation management Consultancy

  • Top Hyper-V 3.0 Virtual Server Consulting
    Microsoft Hyper-V 3.0 Server Virtualization Consult

    Widows Server 2012 R2 Hyper-V advances the power of server virtualization in important areas including secure multitenancy, agile infrastructure, cloud support, expandability and throughput, and fault tolerance. Progent's Microsoft-certified consultants can assist your company to take advantage of Windows Server 2012 R2 Hyper-V to deploy and maintain virtual servers to reduce IT expenses and improve availability.

  • Top Ranked Cambridge Snatch Ransomware Repair Cambridge
  • Database Programming IT Consulting Microsoft Excel Contract Programming

  • VBScript programming Professional
    Programming Firms Custom Software

    If you need assistance writing, improving, or repairing business aplications for Microsoft Windows, any version of Linux, or the Web, Progentís expert team of program developers, relational database architects, and software project managers can help ensure you get the project done on time and within budget. Progent's experienced application developers can provide cost-effective and expert online consulting for jobs as simple as creating VBA scripts for Office Excel or as large as developing mission-critical RDBMS applications based on SQL Server ,Oracle, or MySQL.

  • Cambridge Sodinokibi Ransomware Rollback Cambridge
  • East of England Cambridge Ryuk Crypto-Ransomware Forensics Cambridge Avaddon Ransomware Forensics Analysis St Neots

  • Windows, UNIX, Solaris Online Technical Support
    24-Hour Windows and Solaris Consulting Services

    If you are developing UNIX or Linux software on a network that includes MS Windows-based servers, PCs, and office applications, Progent can provide comprehensive information technology outsourcing that frees you to concentrate on your area of high-value expertise without the constant distraction of maintaining your business network. Through the use of automated network monitoring and by providing remote and on-site assistance when your business needs it, Progent represents an economical alternative for supporting an information system that features excellent dependability, security, and performance. Progent's developer support offerings include comprehensive network support outsourcing, virtual infrastructure, online and in-person service and troubleshooting, proactive network monitoring, and Help Desk support.

  • Exchange Server 2016 Upgrade IT Consultants Network Consultants Exchange Server 2016 Migration Planning

  • Top Computer Consultant Microsoft Excel for Mac
    Web Apps for Mac Integration Services

    Microsoft Mac Office allows Mac users to run the world's most popular business applications. Progent's Apple-certified Macintosh experts can help you configure Mac Office on a mixed-platform environment combining Apple OS X and Windows computers so that Macintosh users can access the new features in Word, Excel, PowerPoint and Entourage for Mac in order to share information and network resources with co-workers who use Microsoft Windows. Progent's engineers have expertise with both Apple Macintosh and Windows platforms and can support networks that combine Apple Macintosh with Windows computers with complete resource sharing, or networks which intentionally limit sharing between Mac and Windows users.

  • Huntingdon Mandrake Linux, Solaris, UNIX Support and Integration Support and Integration Suse Linux, Sun Solaris, UNIX Cambridge
  • Information Technology Consulting Windows and Solaris Microsoft Expert Solaris with Windows Professional
  • Macintosh Security Audits IT Consultant macOS VPN Computer Consultant
  • Microsoft Certified Expert Network Consultant Power View SQL Server 2012 AlwaysOn Availability Groups Network Engineer
  • Microsoft Exchange 2000 Upgrade Onsite Technical Support Network Consultants Exchange Server 2000
  • Microsoft Expert Online Support Co-managed Help Desk Extended Call Desk Network Consulting
  • Microsoft SQL Server 2012 Integration Microsoft SQL Server 2017 Online Help
  • Microsoft SharePoint 2010 Remote Technical Support Peterborough Huntingdon SharePoint Server 2019 Integration Support
  • Migration Consulting Exchange 2010 Server Cambridge Cambridge Top Microsoft Exchange 2010 Small Business IT Consulting
  • ProSight Managed Cloud Backup Services Consultants Setup and Support ProSight Hybrid Cloud Data Backup Services
  • Ransomware Removal and Data Recovery Cambridge Ransomware Removal and Data Restore Cambridge, UK
  • Remote Workers Cambridge Expertise - Collaboration Solutions Consulting Services Cambridge Work from Home Employees Cambridge Guidance - Collaboration Solutions Consulting Cambridge, Britain
  • Remote Workforce Consulting Experts nearby Cambridge - VoIP Technology Consulting Cambridge Offsite Workforce Consulting - Cambridge - VoIP Solutions Consulting Experts
  • Remote Workforce Guidance nearby Cambridge - Data Protection Solutions Consulting Experts East of England, UK Urgent At Home Workforce Cambridge Consulting Services - Data Protection Technology Guidance Cambridge
  • SQL 2014 Technology Consultants Cambridge Cambridge Outsourcing Technical Support SQL 2014
  • SharePoint Server 2010 Support SharePoint Server 2010 Network Consulting
  • Support and Help Microsoft 365 hybrid solutions for Exchange IT Consulting Microsoft 365 Exchange migration
  • Telecommuters Expertise in Cambridge - Video Conferencing Systems Consulting and Support Services Cambridge Telecommuters Video Conferencing Solutions Consulting and Support Services Cambridge, UK
  • Teleworkers Cambridge Assistance - Integration Assistance Cambridge, Cambridgeshire Cambridge Work at Home Employees Infrastructure Consulting Cambridge
  • Troubleshooting SCCM 2012 Mobile Device Management Top SCCM 2012 Device Management Integration Services
  • Cambridge Dharma Ransomware System-Restore Cambridge
  • Urgent 64-bit Migration Services Cisco Consulting Services 64-bit Computing
  • VMM and SQL Server Technical Support Services SCVMM 2012 Security and Compliance IT Consulting
  • Windows 2008 Server Computer Network Consultants Cambridge 24-Hour Windows 2008 Server Business Computer Server Companies Huntingdon
  • Work at Home Employees Cambridge Consultants - Management Systems Consulting and Support Services Cambridge Telecommuters Cambridge Consulting Experts - Endpoint Management Solutions Assistance Cambridge
  • Work from Home Security Integration Services Work from Home Endpoint Security On-site Support
  • installation and Administration Cambridge, U.K. Computer Network Support Company Cambridge-Colchester

  • © 2002-2022 Progent Corporation. All rights reserved.