Crypto-Ransomware : Your Worst Information Technology Disaster
Crypto-Ransomware  Remediation ConsultantsRansomware has become a modern cyber pandemic that presents an existential danger for businesses of all sizes unprepared for an attack. Different versions of crypto-ransomware like the CrySIS, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been replicating for a long time and continue to inflict damage. More recent versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, as well as additional unnamed viruses, not only do encryption of on-line information but also infiltrate many configured system restores and backups. Files synchronized to cloud environments can also be ransomed. In a poorly designed data protection solution, this can make automated recovery hopeless and effectively sets the datacenter back to square one.

Restoring services and data after a crypto-ransomware outage becomes a sprint against time as the targeted organization tries its best to stop lateral movement and eradicate the ransomware and to restore mission-critical operations. Due to the fact that ransomware needs time to move laterally, penetrations are usually launched during weekends and nights, when attacks are likely to take more time to notice. This compounds the difficulty of promptly marshalling and coordinating a knowledgeable response team.

Progent offers an assortment of solutions for securing Cambridge organizations from ransomware penetrations. These include team member training to become familiar with and not fall victim to phishing exploits, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's behavior-based threat defense to discover and suppress day-zero malware assaults. Progent in addition provides the assistance of seasoned ransomware recovery professionals with the track record and commitment to restore a breached system as soon as possible.

Progent's Crypto-Ransomware Restoration Help
After a ransomware attack, sending the ransom in cryptocurrency does not guarantee that criminal gangs will provide the needed keys to decrypt any or all of your data. Kaspersky Labs estimated that 17% of ransomware victims never restored their files after having sent off the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is well higher than the usual ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller businesses. The other path is to piece back together the vital parts of your IT environment. Absent access to complete information backups, this requires a broad complement of skill sets, well-coordinated team management, and the ability to work 24x7 until the job is done.

For decades, Progent has offered expert Information Technology services for businesses across the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have attained top industry certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security engineers have earned internationally-recognized industry certifications including CISM, CISSP, CRISC, and GIAC. (Visit Progent's certifications). Progent in addition has expertise with accounting and ERP software solutions. This breadth of experience gives Progent the skills to efficiently understand critical systems and consolidate the surviving pieces of your IT environment after a crypto-ransomware attack and rebuild them into an operational system.

Progent's recovery group has best of breed project management applications to orchestrate the complex restoration process. Progent knows the urgency of working quickly and in unison with a customer's management and IT resources to assign priority to tasks and to put key services back online as soon as humanly possible.

Business Case Study: A Successful Ransomware Intrusion Restoration
A small business escalated to Progent after their organization was attacked by Ryuk ransomware virus. Ryuk is thought to have been created by North Korean state hackers, possibly using algorithms leaked from America's NSA organization. Ryuk seeks specific organizations with limited tolerance for operational disruption and is one of the most profitable examples of crypto-ransomware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturing company located in Chicago and has around 500 employees. The Ryuk attack had paralyzed all essential operations and manufacturing capabilities. Most of the client's backups had been on-line at the start of the intrusion and were encrypted. The client was evaluating paying the ransom (in excess of $200,000) and wishfully thinking for good luck, but in the end made the decision to use Progent.


"I can't thank you enough in regards to the support Progent provided us throughout the most critical period of (our) company's survival. We may have had to pay the criminal gangs except for the confidence the Progent team gave us. The fact that you were able to get our messaging and key servers back on-line quicker than five days was earth shattering. Each consultant I interacted with or messaged at Progent was hell bent on getting my company operational and was working at all hours on our behalf."

Progent worked hand in hand the customer to rapidly assess and assign priority to the most important services that had to be addressed to make it possible to restart departmental operations:

  • Active Directory (AD)
  • Microsoft Exchange Email
  • Accounting and Manufacturing Software
To begin, Progent adhered to ransomware incident mitigation best practices by stopping the spread and clearing infected systems. Progent then started the task of restoring Microsoft Active Directory, the heart of enterprise systems built upon Microsoft Windows Server technology. Microsoft Exchange Server messaging will not function without Active Directory, and the businesses' accounting and MRP applications utilized Microsoft SQL, which requires Active Directory for security authorization to the information.

Within 2 days, Progent was able to recover Active Directory services to its pre-intrusion state. Progent then helped perform rebuilding and storage recovery on mission critical servers. All Exchange Server ties and attributes were usable, which facilitated the restore of Exchange. Progent was able to locate intact OST files (Outlook Off-Line Folder Files) on various desktop computers to recover mail messages. A recent offline backup of the businesses accounting/ERP systems made them able to return these required services back available to users. Although a lot of work was left to recover fully from the Ryuk attack, essential services were returned to operations rapidly:


"For the most part, the production line operation was never shut down and we made all customer orders."

During the following month key milestones in the recovery project were accomplished through tight cooperation between Progent engineers and the client:

  • Self-hosted web applications were returned to operation without losing any data.
  • The MailStore Exchange Server with over four million archived emails was restored to operations and accessible to users.
  • CRM/Customer Orders/Invoicing/Accounts Payable/Accounts Receivables/Inventory Control functions were 100% recovered.
  • A new Palo Alto Networks 850 firewall was brought online.
  • Nearly all of the user PCs were fully operational.

"A huge amount of what happened that first week is nearly entirely a fog for me, but my team will not forget the dedication each and every one of you put in to help get our company back. I've been working together with Progent for the past ten years, possibly more, and every time Progent has come through and delivered as promised. This time was a life saver."

Conclusion
A probable business extinction catastrophe was dodged by results-oriented professionals, a wide array of subject matter expertise, and tight teamwork. Although in hindsight the ransomware incident detailed here should have been identified and blocked with up-to-date security systems and best practices, user and IT administrator training, and well thought out incident response procedures for data protection and applying software patches, the fact remains that government-sponsored cyber criminals from Russia, China and elsewhere are tireless and represent an ongoing threat. If you do get hit by a ransomware penetration, feel confident that Progent's roster of experts has substantial experience in ransomware virus defense, cleanup, and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Tony (along with others that were contributing), thank you for making it so I could get some sleep after we got past the first week. All of you did an amazing job, and if any of your guys is visiting the Chicago area, dinner is on me!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Consulting in Cambridge
For ransomware system recovery services in the Cambridge area, phone Progent at 800-462-8800 or see Contact Progent.



An index of content::

  • 24 Hour Cambridge-Coventry Network Consultant Cambridge, Great Britain Computer Specialist
  • 24/7/365 Consult Dynamics GP BizTalk Adapter Technology Consulting Microsoft Dynamics GP
  • 24x7 Firewall Security Consultant Cambridge, Britain Huntingdon, UK 24-7 Firewall Security Group
  • ASA Online Technical Support 24-7 Consulting Adaptive Security Appliances
  • After Hours Lync Server 2013 Edge Server Pool Consult Emergency Lync Server 2013 and Active Directory Consultancy

  • Design Firms .NET C++
    .NET Web Application Programming Firm

    Progent's software experts have worked for 20 years with .NET tools and the Visual Studio development environment and can create or modernize .NET apps quickly and at low cost.

  • At Home Workers Consultants near Cambridge - Call Desk Outsourcing Consulting Experts St Neots, Britain Offsite Workforce Consulting Services nearby Cambridge - Help Desk Call Center Solutions Guidance
  • At Home Workforce Cambridge Consultants - Cloud Solutions Consultants Cambridgeshire, United Kingdom Cambridge Teleworkers Cloud Solutions Consulting Services
  • At Home Workforce Consulting near Cambridge - Collaboration Solutions Consulting Experts Cambridge Remote Workers Cambridge Guidance - Collaboration Technology Consulting Experts Cambridge

  • Patch management Professional
    Patch management services Consulting Services

    Progent's managed services for patch management provide businesses of any size a flexible and affordable solution for assessing, validating, scheduling, applying, and documenting updates to your virtual and physical; servers, peripherals {like printers, infrastructure appliances such as switches and wireless APs, and Internet-of-Things (IoT) devices like sensors and robotics.

  • Cambridge 24 Hour Cambridge At Home Workers Network Security Solutions Consulting Services Remote Workforce Guidance in Cambridge - Security Systems Consulting Services Bedford
  • Cambridge At Home Workers Cambridge Consulting and Support Services - Solutions Consulting Experts Cambridge Cambridge At Home Workforce Integration Consultants
  • Cambridge At Home Workers Integration Guidance Bedford At Home Workers Cambridge Consulting and Support Services - Integration Consulting Experts Cambridge
  • Cambridge Cambridge MongoLock Crypto-Ransomware Remediation Ryuk Online Ransomware Operational Recovery Experts Cambridge Cambridge
  • Cambridge Cambridge Work from Home Employees Video Conferencing Technology Consulting Cambridge Cambridge Remote Workforce Video Conferencing Systems Consultants
  • Cambridge Dharma Crypto-Ransomware Mitigation Cambridge, United Kingdom Cambridge Ryuk Ransomware Infection Data-Recovery Cambridge
  • Cambridge Dharma Ransomware Settlement Experts Cambridge Cambridge Locky Crypto-Ransomware Settlement Negotiation Consulting Cambridge
  • Cambridge Locky Ransomware Mitigation Peterborough
  • Cambridge Immediate Red Hat Linux, Solaris, UNIX Computer Engineer Slackware Linux, Solaris, UNIX Online Support Services Cambridge
  • Cambridge Locky Crypto-Ransomware Forensics Investigation Cambridge Cambridge Sodinokibi Ransomware Forensics Cambridgeshire
  • Cambridge Massachusetts Emergency Phone Support Information Technology Integrators Immediate Microsoft Network Solutions Provider Cambridge, Middlesex County
  • Cambridge Microsoft Dynamics GP Upgrades Consultants Cambridge Cambridge Dynamics GP Implementation Help
  • Cambridge Microsoft SQL 2008 Computer Network Consultants Microsoft SQL Server 2017 Consultancy Services Company
  • Cambridge, Great Britain Networking Consultancy Services Cambridge-Norwich Consulting Company
  • Cisco IT Consulting Group Cambridge Cisco Computer Consulting Firm Cambridge, U.K.

  • Office 365 Skype for Business Integration Support Outsourcing
    24/7 Microsoft 365 Power BI Integration Integration Support

    Microsoft 365, previously branded Office 365, is Microsoft's extensive suite of client productivity apps and cloud services offered on a monthly or annual subscription basis. Microsoft 365 applications and cloud-based services are available in an array of product bundles targeted at markets ranging from students and home offices to enterprises. Progent offers quick and affordable online access to specialists with in-depth knowledge of Microsoft, Mac, Apple iOS, and Android platforms. Progent can help your business to understand the wealth of subscription plans available with Microsoft 365 and integrate your information network with Microsoft 365 so you derive top business value. Progent offers expertise with multi-vendor environments that include Windows, macOS or OS X, and Linux technology. Progent can also help you to build and manage hybrid ecosystems that seamlessly combine on-premises and cloud products and services.

  • Consulting Service Firm Windows Server 2016 St Neots Microsoft Windows Server 2019 IT Outsourcing Group Cambridge
  • Emergency Emergency Cambridge Ransomware Cleanup Cambridge Cambridge Crypto Recovery Cambridge
  • Exchange 2003 Server Designers Cambridge Exchange Server 2019 Small Office IT Outsourcing Cambridge
  • Exchange Server 2010 Migration Troubleshooting 24x7 Microsoft Exchange Server 2010 Evaluation Engineer
  • Extended Service Desk Economics Online Technical Support Virtual Support Desk Costs Network Consulting
  • Huntingdon Cambridge Ransomware Malware Audit Cambridge Ransomware Maze Readiness Audit Cambridge

  • Call Desk for Telecommuters Network Engineer
    Teleworker Services Outsourcing

    Progent has 20 years of experience assisting small and mid-size businesses to plan, deploy, tune, manage, and debug computer networks that support at-home workers.

  • Integration Windows Server 2016 Storage Spaces Direct Windows Server 2016 and SCOM Online Support Services
  • Largest Cambridge Crypto-Ransomware Defense Cambridge, United Kingdom Cambridge Ryuk Ransomware Business Recovery Cambridge
  • MOM 2007 Consulting Microsoft Operations Manager Technical Support Services
  • Microsoft SharePoint 2010 On-site Support Cambridge SharePoint Server 2019 Remote Consulting Cambridge
  • Microsoft Windows Server 2012 R2 Integration Services Remote Support Windows Server 2012 R2 Data Deduplication
  • Microsoft Windows Server 2022 On-site Support Windows Server 2022 Hybrid Integration Support
  • Outsourcing 64-bit Upgrade 64-bit Server Remote Troubleshooting

  • Remote Employees Data Protection Technical Support
    Offsite Workers Data Protection Network Consultant

    Progent can help small and medium-size companies to plan, configure, test and maintain data protection solutions to support offsite workers.

  • Professional Email Image Spam Protection Engineers Email Guard DLP
  • Progent Management Small Office IT Consulting Services Progent's Management Outsourced IT Services
  • Project Pilots Consultants Consultant Project Pilots

  • 24x7 SentinelOne Active Security Monitoring Consulting
    SentinelOne Endpoint Detection and Response Engineer

    Progent is a reseller and integrator for SentinelOne's Singularity product family, a subscription-based, cloud-first cyberthreat management solution that includes AI software and expert services to provide cutting-edge endpoint detection and response.

  • Ryuk Ransomware Hot Line Cambridgeshire, East of England Dharma Ransomware Hot Line Cambridge
  • Security Penetration Testing Technical Support Services Audit Stealth Penetration Testing
  • Setup and Support Windows, UNIX, Solaris 24/7 UNIX, Windows Consult
  • Cambridge Avaddon Crypto-Ransomware Remediation East of England
  • St Neots Biggest BlackBerry Synchronization On-site and Remote Support BlackBerry Email Small Business Computer Consultants Cambridge
  • Support and Integration Windows 2000 Upgrade Windows Server 2000
  • Telecommuters Expertise near me in Cambridge - IP Voice Systems Consulting and Support Services Cambridgeshire, East of England Remote Workers Guidance nearby Cambridge - IP Voice Systems Consulting Services Cambridge
  • Temporary Network Support Staffing Help Consulting Specialist Cambridge Cambridge IT Staff Temps Support Bedford
  • Top Quality Microsoft SBS 2008 Specialists Windows Small Business Server 2008 Consulting Services

  • Urgent DotNET Software Programming Firms
    DotNET Framework Development

    Progent's application experts have worked for two decades with .NET tools and the Visual Studio development system and can build or enhance .NET apps rapidly and at low cost.

  • Cambridge Ryuk Crypto-Ransomware Malware Recovery Example Bedford
  • Ubiquiti UniFi WLAN Services Engineer Ubiquiti UniFi WiFi AP
  • Virtual Server Private Cloud Hosting Consultancy Small Business Private Clouds Consulting Services
  • Windows Server 2012R2 Live Migration Computer Consultants Support and Setup Windows Server 2012R2 Hyper-V
  • Work at Home Employees Cambridge Consulting Experts - Backup/Restore Technology Consulting Cambridgeshire At Home Workforce Consulting Services near me in Cambridge - Backup/Restore Systems Consulting Services Cambridge
  • Work at Home Employees Cambridge Consulting Services - Endpoint Management Systems Consulting Services Remote Workforce Cambridge Expertise - Endpoint Management Tools Consulting Cambridge

  • © 2002-2023 Progent Corporation. All rights reserved.