Crypto-Ransomware : Your Feared IT Catastrophe
Ransomware  Remediation ProfessionalsCrypto-Ransomware has become a too-frequent cyber pandemic that represents an extinction-level danger for organizations poorly prepared for an attack. Different iterations of crypto-ransomware like the Reveton, Fusob, Locky, SamSam and MongoLock cryptoworms have been replicating for a long time and still cause damage. More recent strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, plus additional unnamed newcomers, not only do encryption of on-line files but also infiltrate any accessible system protection mechanisms. Data replicated to the cloud can also be corrupted. In a poorly architected data protection solution, it can make automatic restore operations useless and basically knocks the network back to square one.

Getting back online applications and data after a ransomware intrusion becomes a sprint against the clock as the targeted organization fights to stop lateral movement and clear the ransomware and to restore enterprise-critical activity. Because crypto-ransomware requires time to spread, penetrations are usually sprung on weekends and holidays, when successful penetrations in many cases take more time to notice. This multiplies the difficulty of quickly assembling and organizing an experienced mitigation team.

Progent offers a range of support services for securing Cambridge businesses from ransomware penetrations. Among these are staff education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based cyberthreat defense to identify and quarantine day-zero malware assaults. Progent also can provide the services of veteran crypto-ransomware recovery consultants with the track record and commitment to re-deploy a compromised environment as rapidly as possible.

Progent's Ransomware Restoration Support Services
Soon after a ransomware attack, sending the ransom demands in Bitcoin cryptocurrency does not ensure that criminal gangs will provide the needed codes to unencrypt any or all of your files. Kaspersky Labs ascertained that 17% of crypto-ransomware victims never recovered their files even after having sent off the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is greatly above the average ransomware demands, which ZDNET estimated to be around $13,000 for small organizations. The other path is to re-install the critical elements of your Information Technology environment. Absent the availability of essential data backups, this calls for a wide range of skill sets, well-coordinated team management, and the ability to work 24x7 until the recovery project is finished.

For twenty years, Progent has made available certified expert Information Technology services for businesses across the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have attained top certifications in important technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security experts have earned internationally-recognized certifications including CISA, CISSP, CRISC, and GIAC. (Visit Progent's certifications). Progent also has experience in financial management and ERP software solutions. This breadth of experience affords Progent the ability to rapidly understand necessary systems and re-organize the remaining components of your IT system after a crypto-ransomware attack and assemble them into a functioning network.

Progent's ransomware team utilizes state-of-the-art project management systems to coordinate the complex recovery process. Progent knows the urgency of working quickly and together with a client's management and IT team members to prioritize tasks and to put essential systems back on line as fast as humanly possible.

Customer Case Study: A Successful Crypto-Ransomware Penetration Recovery
A customer sought out Progent after their company was attacked by the Ryuk ransomware. Ryuk is generally considered to have been launched by Northern Korean government sponsored cybercriminals, possibly using algorithms leaked from the U.S. NSA organization. Ryuk goes after specific organizations with little or no ability to sustain disruption and is among the most profitable examples of ransomware. Headline targets include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturing company located in Chicago and has about 500 workers. The Ryuk intrusion had disabled all business operations and manufacturing processes. The majority of the client's system backups had been directly accessible at the start of the intrusion and were eventually encrypted. The client considered paying the ransom demand (exceeding two hundred thousand dollars) and hoping for good luck, but ultimately brought in Progent.


"I cannot speak enough in regards to the support Progent gave us throughout the most stressful period of (our) company's existence. We most likely would have paid the cybercriminals if it wasn't for the confidence the Progent experts gave us. The fact that you were able to get our messaging and production servers back online sooner than one week was earth shattering. Every single expert I got help from or communicated with at Progent was urgently focused on getting us working again and was working at all hours to bail us out."

Progent worked with the customer to quickly get our arms around and assign priority to the mission critical systems that needed to be recovered in order to continue departmental operations:

  • Active Directory
  • E-Mail
  • MRP System
To get going, Progent followed AV/Malware Processes incident mitigation best practices by isolating and cleaning systems of viruses. Progent then initiated the process of rebuilding Active Directory, the core of enterprise networks built upon Microsoft technology. Microsoft Exchange Server messaging will not function without Windows AD, and the businesses' financials and MRP system leveraged SQL Server, which depends on Windows AD for access to the data.

In less than two days, Progent was able to recover Windows Active Directory to its pre-attack state. Progent then helped perform reinstallations and hard drive recovery of mission critical servers. All Microsoft Exchange Server schema and attributes were intact, which facilitated the restore of Exchange. Progent was also able to locate non-encrypted OST files (Outlook Off-Line Data Files) on staff PCs and laptops in order to recover mail messages. A not too old off-line backup of the businesses accounting/MRP software made it possible to recover these required applications back online. Although a lot of work was left to recover fully from the Ryuk event, critical services were recovered rapidly:


"For the most part, the production line operation ran fairly normal throughout and we delivered all customer orders."

Over the next month key milestones in the recovery project were accomplished through tight collaboration between Progent team members and the customer:

  • Internal web applications were brought back up with no loss of data.
  • The MailStore Exchange Server containing more than 4 million historical messages was spun up and available for users.
  • CRM/Customer Orders/Invoices/Accounts Payable/Accounts Receivables/Inventory Control capabilities were 100 percent operational.
  • A new Palo Alto Networks 850 security appliance was deployed.
  • Most of the user PCs were back into operation.

"A huge amount of what occurred during the initial response is nearly entirely a blur for me, but I will not forget the care all of your team accomplished to give us our company back. I have trusted Progent for the past ten years, maybe more, and every time Progent has shined and delivered. This situation was a life saver."

Conclusion
A probable company-ending catastrophe was dodged due to hard-working professionals, a broad spectrum of technical expertise, and tight teamwork. Although in hindsight the crypto-ransomware attack described here could have been identified and blocked with modern cyber security technology solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator training, and well thought out incident response procedures for backup and keeping systems up to date with security patches, the reality is that state-sponsored hackers from Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a crypto-ransomware virus, feel confident that Progent's roster of professionals has proven experience in crypto-ransomware virus blocking, mitigation, and file disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Tony (and any others that were contributing), thanks very much for making it so I could get some sleep after we made it through the initial fire. Everyone did an amazing effort, and if any of your team is visiting the Chicago area, a great meal is the least I can do!"

Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Recovery Expertise in Cambridge
For ransomware system recovery consulting in the Cambridge metro area, call Progent at 800-462-8800 or see Contact Progent.



An index of content::

  • 24 Hour SQL Server 2017 Python Remote Troubleshooting Microsoft Certified Expert SQL Server 2017 Development IT Consultants
  • 64-bit Processing Consulting Consultant 64-bit Processing
  • BlackBerry Enterprise Server Express On-site Technical Support Microsoft Expert BlackBerry BES Express Engineer
  • Cambridge Egregor Ransomware Recovery Cambridge
  • Cambridge At Home Workforce Cambridge Assistance - Endpoint Management Solutions Consulting Services Offsite Workforce Cambridge Guidance - Endpoint Management Systems Assistance Cambridge
  • Cambridge At Home Workforce Network Security Systems Guidance Cambridge Work from Home Employees Cambridge Consulting Services - Security Systems Consulting Services Bedford

  • Catalyst Switch Upgrade Computer Consulting
    Cisco IOS XE Specialists

    With Cisco Catalyst switches for small and mid-size businesses, Cisco enables companies to gain all the benefits of bringing intelligence into their IT infrastructures. Cisco's switch product line allows you to enable features that make your network infrastructure highly available to handle real-time requirements, expandable to support growth, secure enough to protect restricted data, and capable of prioritizing and managing all traffic to optimize network operations. Progent's Cisco certified engineers can help you select and deploy Catalyst switches appropriate for your business. In addition, Progent's CISA certified security consultants can help you create a comprehensive security policy and configure Cisco Catalyst switches so they powerfully enforce your security strategy. Cisco Catalyst switching products that Progent supports include the Cisco Catalyst 2960 switches, Cisco Catalyst 3560 switches, Cisco Catalyst 4948 switches, and Cisco Catalyst 6500 Series Switches.

  • Cambridge Award Winning Remote Workers Consulting Experts nearby Cambridge - Infrastructure Expertise At Home Workers Cambridge Consultants - Infrastructure Expertise Cambridge, United Kingdom
  • Cambridge BlackBerry BES Server Outsourcing Company BlackBerry IT Consultants Peterborough, England
  • Cambridge Cambridge Dynamics GP (Great Plains) Implementation Experts Microsoft Dynamics GP-Software Cambridge VAR - Migration Consultant Cambridge
  • Cambridge Crypto-Ransomware Protection Cambridge Ransomware Operational Recovery
  • Cambridge IT Staff Temps Support Cambridge Temporary IT Staffing Support Services Cambridgeshire
  • Cambridge Microsoft SQL Server 2016 Migration Firm SQL 2012 Software Consulting Services Cambridge
  • Cambridge MongoLock Crypto-Ransomware Data-Recovery Cambridge Bedford Cambridge Sodinokibi Crypto-Ransomware Mitigation

  • Information Technology Consulting SCCM 2012 Mobile Device Management
    Onsite Technical Support SCCM 2012 Application Deployment

    Progent can help your business to plan for, deploy, and operate Microsoft System Center 2012 R2 Configuration Manager. Progent can help you to upgrade smoothly to Configuration Manager 2012 from an older device and application management platform or help you to enhance your existing SCCM 2012 ecosystem to support your changing IT requirements. Also, Progent can assist you to build an infrastructure that takes full advantage of SCCM 2012 by delivering expertise with related Microsoft technologies including Active Directory Domain Services, SQL Server and SQL Server Reporting Services, and IIS.

  • Cambridge MongoLock CryptoLocker Identification and Remediation Cambridge, Cambridgeshire 24-7 Cambridge 24/7 Ransomware Cleanup Cambridge
  • Immediate Cambridge Lockbit Crypto-Ransomware Business-Recovery Cambridge
  • Cambridge Ransomware Conti protection and ransomware recovery Cambridge, Cambridgeshire, UK Cambridge Ransomware Maze Vulnerability Checkup Cambridge
  • Cambridge Ransomware Incident Reporting Cambridge Ryuk Crypto-Ransomware Documentation Cambridge
  • Cambridge Remote Workers Backup/Restore Technology Guidance Cambridge 24-7 At Home Workforce Consulting near Cambridge - Data Protection Solutions Consultants Huntingdon
  • Cambridge Snatch Crypto-Ransomware Negotiation Consulting Cambridge, Cambridgeshire Cambridge Crypto-Ransomware Settlement Negotiation Support East of England
  • Cambridge Teleworkers Help Desk Outsourcing Consultants Cambridge Cambridge Telecommuters Call Desk Solutions Consulting East of England
  • Cambridge-Norwich Support Firms Cambridge-Northampton Specialists
  • Cambridgeshire Ubuntu Linux, Solaris, UNIX Integration Fedora Linux, Solaris, UNIX Online Help Cambridge
  • Cambridgeshire Work from Home Employees Cambridge Consulting Services - Cloud Integration Technology Guidance Teleworkers Assistance near me in Cambridge - Cloud Integration Technology Consulting Cambridgeshire

  • 24/7 SQL Server 2014 Backup Remote Support
    24/7 SQL Server 2014 and Windows Server 2012 R2 Integration

    SQL Server 2014 includes significant enhancements in key areas including performance, availability, security, and cloud integration. SQL Server 2014 is the first release of Microsoft SQL Server that incorporates in-memory capability that works transparently with all types of applications including Online Transaction Processing, enterprise data warehousing, and business analytics. Progent's Microsoft-certified SQL Server 2014 consulting team can provide cost-effective online and onsite services such as planning, configuration, management, remediation, and application development expertise to enable businesses of any size to achieve fast return from their SQL Server 2014 deployment.

  • Cambridge Conti Crypto-Ransomware Cleanup Cambridge
  • Cisco Network Specialist Cambridge, Cambridgeshire Cisco Networking Group Cambridge
  • Cambridge Locky Crypto-Ransomware Cleanup
  • Consultancy Private Cloud Hosting Specialists Private Clouds for Small Businesses
  • East of England Remote Workforce Cambridge Expertise - IP Voice Technology Guidance Remote Workers Cambridge Consultants - VoIP Solutions Consulting Services
  • East of England, Great Britain Cambridge At Home Workforce Conferencing Technology Consultants Cambridge Teleworkers Video Conferencing Systems Consultants St Neots

  • Technology Professional System Center MOM
    Microsoft Operations Manager Setup and Support

    Small to middle size companies can now get all the advantages of System Center Operations Manager and also have fast access to Progent's Microsoft certified network support experts. With Progent's affordably priced network service programs, mid-size businesses can select a basic co-sourcing package built around Microsoft Operations Manager with network monitoring, reporting, Help Desk and remote troubleshooting or a complete 24x7 outsourcing solution. Progent supports Microsoft Operations Manager 2007 to offer small company information systems enterprise-class reliability, protection and productivity.

  • Exchange 2013 DAG Consulting Services Top Exchange Server 2013 Configuration
  • Fault Tolerant Internet Data Center Support and Help Microsoft Fault Tolerant Internet Data Center Online Support Services
  • Fault-tolerant Failover Clustered Servers Computer Consultant Expert Microsoft Certified Onsite Technical Support Windows 2008 Cluster
  • ISA 2006 Technical Consultant Microsoft ISA Server 2006 Professional
  • Cambridge WannaCry Ransomware Mitigation St Neots, Britain
  • Largest Ryuk Online Ransomware System-Restoration Services Cambridge Cambridge Cambridge Avaddon Ransomware Business Recovery
  • Lync Server 2013 and SharePoint Consultant Services After Hours Microsoft Expert Consultant Lync Server 2013 Front End Pool

  • Migration Exchange 2000 Upgrade
    Exchange 2000 Server Upgrade Technology Consulting Services

    Progent is one of the most qualified network consulting firms for integrating e-mail systems powered by Exchange 2000. Progent is skilled in helping small and mid-size companies derive all the advantages of Exchange 2000 for common scenarios including updating from Microsoft Exchange 5.5 Server, migration from an ISP-managed or POP3 e-mail environment, and using managed services for your Microsoft Exchange 2000 Server administration.

  • MSP360 Managed Backup Specialists MSP360 GSuite Backup Remote Technical Support

  • Microsoft MCP Contract
    From Home Job Microsoft Certified Professional

    Progent wants to find fulltime, results-oriented Microsoft certified consultants with MCSE credentials; Cisco accredited system consultants with Cisco CCNP or CCIE credentials; security professionals who have CISSP or CISA or comparable security certification; and advanced network design experts with experience in mobile access, wireless connectivity, high uptime, disaster recovery, information protection, and VMware. Progent also seeks professionals to work on our team of desktop support technicians and off-site troubleshooting professionals. Also, We are hiring experienced administrators who can operate productively in Progent's fast-paced, virtual office culture.

  • Microsoft SUS Consultants Windows Server Update Services Professionals
  • Microsoft SharePoint 2010 Remote Consulting Cambridge, U.K. IT Consultants SharePoint Server 2019 Cambridge, Cambridgeshire
  • Network Consulting Companies Desktop Consultancy Services Group Microsoft and Mac Desktop
  • Offsite Workforce Cambridge Consulting Experts - Collaboration Solutions Guidance Cambridge, Great Britain Cambridge Teleworkers Cambridge Consulting and Support Services - Collaboration Systems Consultants
  • On-site and Remote Support Exchange Peterborough Cambridge Exchange Server 2016 Integration Consultant
  • Peterborough Security Auditing CISSP Cybersecurity Consultancy St Neots
  • Printer firmware patch management Consulting Services Smartphone patch management Consult
  • ProSight Virtual Hosting Engineers Specialist Private Clouds for Small Businesses
  • ProSight Virtual Machine Security Technology Professional ProSight ESP Endpoint Protection On-site Support

  • Endpoint Monitoring and Reporting Setup and Support
    ProSight Remote Desktop Management Professionals

    ProSight LAN Watch is Progent's server and desktop monitoring managed service that uses state-of-the-art remote monitoring and management (RMM) techniques to help keep your IT system operating efficiently by checking the health of vital devices that power your IT network. When ProSight LAN Watch uncovers a problem, an alert is transmitted automatically to your specified IT staff and your assigned Progent consultant so that any potential issues can be resolved before they can disrupt your business.

  • Remote Workforce Cambridge Guidance - Support Consulting and Support Services Cambridge Remote Workforce Cambridge Consulting Experts - Connectivity Expertise Bedford
  • SQL Server 2016 and VMWare Online Troubleshooting SQL Server 2016 AlwaysOn Availability Groups Network Consultants
  • Cambridge Hermes Ransomware Rollback Cambridge
  • Small Business APs Support Services Small Business 300 Access Point Technical Support
  • Small Business Network Technology Consulting Cambridge, Middlesex County Microsoft Computer Small Business Network Consulting Companies

  • Engineers Backup
    VMware Data Recovery Professional

    Progent offers affordable remote support from engineers skilled in a broad range of products and services that provide solutions for backing up Windows, Apple Mac, and Linux/UNIX physical and virtual servers and desktops as well as laptops and smartphones. Progent offers expertise for leading backup platforms such as Acronis, Barracuda Backup, Altaro VM Backup, Backup Exec, BackupAssist Software, CrashPlan PRO, Double-Take, MozyPro, Retrospect for Macintosh, Time Machine, VMware Data Recovery (VDR), and Solaris FLARs. Progent's consultants can assist your company to implement, upgrade, or troubleshoot backup/restore solutions for a variety of architectures such as local, remote, cloud-based, or a mix.

  • Small Business Wireless Access Point Technical Support Services Small Business Wireless Access Point Network Consultant
  • St Neots Ransomware Business Recovery NotPetya Ransomware Hot Line East of England
  • Technical Support Outsource Cambridge, England Cambridge, Great Britain Migration Help
  • UNIX Information Technology Consultant BSD Outsourced IT Services
  • UNIX with Windows Remote Technical Support Windows and UNIX Technology Professional

  • SQL Server Management Studio Remote Support Services
    24-7 Remote Support SQL Server Configuration Manager

    Progent can provide the support of certified consultants as well as experienced software programmers, database administrators, project managers, Cisco-certified network architects, business continuity specialists, and security professionals to help you to evaluate the potential advantages of SQL Server 2012 for your business, set up pilot environments at your site or at Progent's test lab, plan and execute out an efficient transition to SQL Server 2012 from earlier versions of SQL Server or from legacy RDBMS platforms, and define a cost-effective and secure IT infrastructure that helps you maximize the strategic benefit of SQL Server 2012.

  • Windows 2008 Server Help Center Cambridge, Cambridgeshire Windows Server 2012 R2 Migration Company Bedford, England
  • ransomware cleanup and recovery Consulting Dharma ransomware recovery Consulting
  • ransomware cryptoworm recovery Services ransomware removal and recovery Consulting

  • SharePoint Designer 2010 IT Services
    SharePoint Excel Services Onsite Technical Support

    Progent's Microsoft-certified engineers offer cost-effective remote support and development services to help you to plan, deploy, administer, and maintain Microsoft SharePoint 2010 environments that can include web pages that can function as intranets, extranets, document management tools, blogs, data marts, business information systems, enterprise-wide search, workflows, and other tools to support and improve teamwork. Progent can help you combine SharePoint 2010 with Microsoft SQL Server and with other databases as well as with Microsoft's familiar desktop programs including Excel, Word, Outlook, and Visio. Progent can help you to upgrade from earlier versions of SharePoint or adapt a mix of web technologies into a consolidated and easily managed SharePoint 2010 environment.


    © 2002-2022 Progent Corporation. All rights reserved.