Ransomware : Your Feared IT Catastrophe
Ransomware  Remediation ProfessionalsCrypto-Ransomware has become an escalating cyber pandemic that poses an extinction-level danger for organizations vulnerable to an attack. Different iterations of crypto-ransomware such as CryptoLocker, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been around for many years and continue to cause harm. Newer strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, as well as frequent as yet unnamed malware, not only do encryption of on-line information but also infect all available system restores and backups. Information replicated to off-site disaster recovery sites can also be rendered useless. In a poorly designed environment, this can render automated restore operations useless and effectively sets the datacenter back to square one.

Restoring programs and data after a ransomware outage becomes a race against time as the targeted organization tries its best to stop lateral movement and eradicate the ransomware and to restore mission-critical activity. Due to the fact that ransomware requires time to replicate, attacks are often sprung during weekends and nights, when successful attacks are likely to take more time to detect. This compounds the difficulty of rapidly marshalling and orchestrating a qualified response team.

Progent has a range of solutions for securing Cambridge businesses from ransomware events. These include staff training to become familiar with and avoid phishing scams, ProSight Active Security Monitoring for remote monitoring and management, plus setup and configuration of modern security solutions with AI technology to rapidly detect and disable day-zero threats. Progent in addition can provide the services of experienced crypto-ransomware recovery professionals with the skills and commitment to rebuild a breached system as quickly as possible.

Progent's Crypto-Ransomware Recovery Services
Subsequent to a ransomware event, even paying the ransom in cryptocurrency does not provide any assurance that cyber hackers will return the keys to decipher any or all of your files. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their information even after having paid the ransom, resulting in increased losses. The risk is also expensive. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the typical ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller organizations. The fallback is to re-install the mission-critical components of your Information Technology environment. Without access to full information backups, this requires a wide complement of skills, professional team management, and the willingness to work 24x7 until the task is complete.

For decades, Progent has provided expert IT services for businesses throughout the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have attained top industry certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security specialists have garnered internationally-renowned industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent also has expertise in financial management and ERP software solutions. This breadth of experience gives Progent the ability to knowledgably ascertain important systems and organize the surviving pieces of your IT system after a crypto-ransomware event and rebuild them into an operational network.

Progent's recovery team utilizes best of breed project management systems to orchestrate the complex recovery process. Progent appreciates the urgency of working rapidly and together with a customerís management and Information Technology staff to assign priority to tasks and to put essential systems back online as soon as possible.

Customer Story: A Successful Crypto-Ransomware Intrusion Restoration
A customer escalated to Progent after their network system was crashed by Ryuk ransomware. Ryuk is generally considered to have been created by Northern Korean government sponsored hackers, possibly adopting approaches exposed from the U.S. NSA organization. Ryuk goes after specific companies with little room for disruption and is one of the most lucrative iterations of crypto-ransomware. Major organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturing company headquartered in the Chicago metro area and has about 500 workers. The Ryuk event had disabled all company operations and manufacturing capabilities. Most of the client's information backups had been directly accessible at the time of the attack and were eventually encrypted. The client was pursuing financing for paying the ransom (exceeding $200K) and wishfully thinking for the best, but in the end called Progent.


"I cannot say enough in regards to the support Progent gave us during the most stressful period of (our) companyís survival. We had little choice but to pay the cybercriminals except for the confidence the Progent group provided us. That you were able to get our e-mail and essential applications back on-line faster than 1 week was amazing. Every single person I got help from or communicated with at Progent was absolutely committed on getting us restored and was working breakneck pace to bail us out."

Progent worked together with the client to quickly determine and prioritize the mission critical elements that needed to be recovered in order to continue company functions:

  • Active Directory
  • E-Mail
  • Accounting/MRP
To begin, Progent followed ransomware incident mitigation industry best practices by stopping the spread and cleaning up infected systems. Progent then initiated the task of bringing back online Microsoft Active Directory, the foundation of enterprise environments built on Microsoft Windows Server technology. Microsoft Exchange Server messaging will not work without Windows AD, and the client's MRP applications used Microsoft SQL, which needs Active Directory services for security authorization to the databases.

Within two days, Progent was able to recover Active Directory services to its pre-penetration state. Progent then accomplished setup and storage recovery on essential servers. All Exchange data and configuration information were intact, which facilitated the rebuild of Exchange. Progent was able to find non-encrypted OST data files (Microsoft Outlook Offline Folder Files) on various desktop computers in order to recover mail information. A recent offline backup of the customerís manufacturing software made them able to return these required programs back available to users. Although major work was left to recover completely from the Ryuk attack, the most important systems were recovered quickly:


"For the most part, the manufacturing operation showed little impact and we delivered all customer shipments."

Throughout the next month critical milestones in the recovery project were completed through close collaboration between Progent consultants and the client:

  • Internal web applications were restored without losing any information.
  • The MailStore Server containing more than 4 million archived emails was brought on-line and available for users.
  • CRM/Customer Orders/Invoices/Accounts Payable (AP)/Accounts Receivables/Inventory capabilities were fully operational.
  • A new Palo Alto Networks 850 security appliance was brought on-line.
  • Ninety percent of the user desktops were fully operational.

"So much of what transpired those first few days is mostly a fog for me, but my team will not soon forget the countless hours each of your team put in to give us our company back. I have utilized Progent for the past 10 years, possibly more, and every time Progent has shined and delivered as promised. This situation was a life saver."

Conclusion
A probable business-killing disaster was averted by dedicated professionals, a broad array of knowledge, and close collaboration. Although in hindsight the ransomware incident detailed here could have been identified and stopped with advanced cyber security technology solutions and security best practices, user and IT administrator training, and appropriate security procedures for backup and applying software patches, the reality is that state-sponsored cybercriminals from Russia, China and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a ransomware virus, remember that Progent's team of experts has a proven track record in ransomware virus defense, mitigation, and data disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Tony (along with others who were contributing), thank you for allowing me to get rested after we made it past the most critical parts. All of you did an fabulous effort, and if any of your team is in the Chicago area, dinner is my treat!"

Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist



An index of content::

  • 24/7 Support and Setup Cisco ASA Firewall VPN CCIE Certified Support and Integration Firepower Services
  • 64-bit Processing Consulting Services 64-bit Migration Services
  • Best Microsoft SCOM 2012 On-site Technical Support System Center 2007 On-site Support
  • Biggest Small Office Remote Consulting Small Office Computer Consulting Companies
  • BlackBerry BPS Consulting BlackBerry Smartphone Online Support Services
  • CISSP Protection Cambridge Immediate Firewall Protect St Neots, UK
  • Cambridge At Home Workers Integration Consulting Services Offsite Workforce Cambridge Consulting Experts - Integration Consultants Cambridge
  • Cambridge At Home Workers VoIP Solutions Consulting Services Cambridgeshire, East of England Telecommuters Cambridge Expertise - IP Voice Technology Guidance St Neots
  • Cambridge At Home Workforce Cloud Integration Solutions Consulting and Support Services East of England Cambridge Teleworkers Cloud Systems Consulting Experts Cambridge
  • Cambridge At Home Workforce Help Desk Call Center Augmentation Guidance Cambridgeshire, East of England, Great Britain Cambridgeshire, East of England At Home Workers Cambridge Consulting - Help Desk Augmentation Consulting Services
  • Cambridge Best Cambridge Hermes Crypto-Ransomware Remediation Emergency Cambridge MongoLock Ransomware Identification and Repair East of England, U.K.
  • Cambridge Cambridge MongoLock Crypto-Ransomware System-Restoration Cambridgeshire Cambridge Crypto-Ransomware Assault Rollback
  • Cambridge Conti Ransomware Rollback Cambridge Cambridge NotPetya Crypto-Ransomware Data-Recovery Cambridge

  • Consulting Remote Endpoint Monitoring for Ransomware
    Consulting Services Egregor ransomware protection and recovery

    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that utilizes next generation behavior analysis tools to defend endpoints as well as servers and VMs against new malware assaults like ransomware and file-less exploits, which easily get by traditional signature-based anti-virus products. ProSight ASM safeguards on-premises and cloud resources and provides a single platform to manage the entire threat lifecycle including blocking, identification, mitigation, cleanup, and forensics. Key features include single-click rollback using Windows Volume Shadow Copy Service (VSS) and automatic network-wide immunization against newly discovered attacks.

  • Cambridge Crypto-Ransomware Regulatory Reporting Cambridge, Cambridgeshire Cambridge Ransomware Forensics Analysis Cambridgeshire, East of England

  • Consulting Office Excel 2016
    Excel 2016 desktop Engineers

    Progent's certified Office Excel and Office 365 Excel consultants can provide a wide variety of online support services to assist you to design, program, pilot test, install, administer, and troubleshoot applications powered by any version of Excel, including Excel Online and Office 365 Excel. Progent can help you to migrate your current Excel solutions to the newest versions of Excel, integrate Excel with Apple iOS-based iPhones and iPads and Android phones and tablets, and fix compatibility issues between different versions of Excel. Progent can provide as-needed support to organizations looking for a fast fix to a specific issue associated with Excel and Progent also offers comprehensive project management support for migrating or developing line-of-business applications based on Excel. Progent's cost-effective online training for Office Excel can be customized to meet the special requirements of individuals or teams.

  • Cambridge Crypto-Ransomware Ryuk Readiness Assessment Cambridge Cambridge Ransomware DopplePaymer Vulnerability Testing Cambridgeshire
  • Cambridge Hermes Crypto-Ransomware Rollback Cambridge Cambridge DopplePaymer Crypto-Ransomware Operational Recovery Cambridge
  • Cambridge Massachusetts 24x7x365 Microsoft Windows Consultancy Middlesex County Massachusetts Cisco CCIE Integration Consulting

  • Microsoft SQL Server 2017 Network Consultants
    Consultant SQL Server Reporting Services

    Progentís Microsoft certified consultants can offer small and medium size companies advanced Microsoft SQL Server help. Microsoft SQL Server is a comprehensive, web-ready database and data analysis package that opens the door to the rapid development of enterprise-class business applications that offer your company a competitive edge. SQL Server provides built-in support for XML and can query across the Internet and beyond the firewall. In addition to offering consulting, support and problem solving services, Progentís SQL experts can help you get the most out of Microsoft SQL Server Reporting Services and Microsoft SQL Server Business Intelligence to enhance the business value of your IT network. Progent can also help you upgrade from earlier versions of Microsoft SQL Server to SQL Server 2005.

  • Cambridge Microsoft SQL Server 2017 Computer Network Support Group Cambridge, United Kingdom SQL Server 2019 IT Specialist
  • Cambridge Outsourced IT Support Cambridge-Peterborough Network Assessments
  • Cambridge Sodinokibi Ransomware Settlement Help Cambridge Cambridge NotPetya Crypto-Ransomware Settlement Consulting Cambridge
  • Cambridge Top Cambridge Dynamics GP-Software Upgrade Expert 24x7 Dynamics GP-Software Vender near me in Cambridge - Upgrades Help Cambridge
  • Cambridge-Peterborough Small Business IT Outsourcing Services Cambridge-Coventry Network Support Group
  • Cisco Switch Remote Technical Support Cisco Access Point Migrations
  • Computer Service BlackBerry BES Cambridge, United Kingdom Professional Services BlackBerry Exchange St Neots, Great Britain
  • Consult LifeSize 220 Series Telepresence Radvision XT5000 Professional

  • Top Quality Technical Consultant Active Directory Domain Services
    Active Directory Professional

    Progentís consultants can assist you to design and carry out a smooth migration from on-premises Active Directory to cloud-based Azure AD or to a hybrid solution that uses Azure AD DS and Azure AD Connect to centralize identity and access services for both on-premises and Azure assets.

  • Consultancy Ransomware Recovery Readiness Check Ransomware Recovery Preparedness Assessment Consultancy
  • Emergency CentOS Linux, Sun Solaris, UNIX Remote Support East of England, U.K. Mandrake Linux, Solaris, UNIX Technology Consulting Services
  • Emergency Remote Workforce Cambridge Consultants - Setup Consultants Cambridge Cambridge Work at Home Employees Infrastructure Consulting Services Cambridge
  • Exchange 2013 In-Place Hold Onsite Technical Support Exchange 2013 eDiscovery Specialists
  • IT Technical Support Company Small Business Small Business Network Design
  • Immediate Microsoft Exchange Server 2013 Technician Cambridge Urgent Exchange 2003 Server Remote Support Cambridgeshire
  • Cambridge NotPetya Crypto-Ransomware Restoration Cambridge
  • Immediate Remote Workforce Cambridge Consulting Services - Collaboration Systems Expertise Cambridge Telecommuters Cambridge Consulting Experts - Collaboration Solutions Consultants
  • Information Technology Consulting Macintosh OS X Apple OS X Tiger Specialists

  • GIAC Certified Security Evaluation
    GIAC Certified Information Assurance Consultants

    GIAC (Global Information Assurance Certification) was established in 1999 to validate the skill of computer security experts. GIAC accreditations are recognized by businesses and government organizations around the world including and the U.S. National Security Agency. Progent's GIAC-certified information assurance consultants offer expertise with any of the network security capabilities covered under GIAC certification including auditing network security mechanisms, event management and response, traffic analysis, web-based services security and security information and event management (SIEM) solutions.

  • Microsoft Azure Backup Development Firm Azure Resource Manager Professionals

  • Security Penetration Testing Cybersecurity Contractors
    24-7 MCSE Expert Certified Stealth Penetration Testing Cybersecurity Contractors

    Stealth intrusion checking is an important part of any comprehensive network security plan. Progentís security experts can perform extensive intrusion checks without the knowledge of your company's internal IT staff. Stealth penetration testing uncovers whether current security monitoring systems such as intrusion detection alerts and event log monitoring are correctly configured and actively monitored.

  • Microsoft System Center 2016 Virtual Machine Manager IT Consulting Top Consultants SCVMM 2016
  • Microsoft Windows Server 2019 Network Consultants Windows Server 2019 Live Migration Remote Technical Support
  • Nephilim Ransomware Hot Line Cambridge Ryuk Ransomware Hot Line Cambridge
  • Cambridge Nephilim Ransomware Cleanup St Neots
  • Operations Manager Online Help Monitoring and Reporting Configuration
  • Professional Computer Security Vulnerability Evaluation Computer Security Assessment Consultants
  • Professionals ransomware cleanup and recovery DopplePaymer ransomware recovery Engineer
  • Proxim Computer Consultant Wireless LAN Technical Support Services

  • IT Consulting Jabber and Webex
    Jabber Multiline Technical Support

    Progent's Cisco Jabber consultants offer online or onsite expertise to help businesses of any size to design, implement, manage, update or troubleshoot Cisco Jabber environments and Cisco Unified CM infrastructure. Progent can provide advanced support for the products, technologies and services that make up creating an end-to-end Jabber solution including Cisco network appliances and management tools, Microsoft Office apps, Windows and Mac desktops, iOS and Google Android smartphones, SIP interfaces, WiFi networks, cyber security, cloud computing, telepresence systems, PBX systems, business continuity, and other components of a modern collaboration solution.

  • Remote Cisco Information Technology Consulting Company Cambridge Consultancy Cisco Cambridgeshire, East of England
  • SCOM 2012 Fabric Monitoring Configuration Top Rated Online Help SCOM 2012 Migration
  • SharePoint 2013 On-site Support SharePoint Integration Support Cambridge
  • Short-Term Staffing Support Services Consulting Services East of England Short-Term Staffing Support Consulting Specialist

  • Windows, UNIX, Solaris Support Outsourcing
    MCSE Expert Certified Specialist UNIX, Windows

    If your company has a UNIX, Linux, or Solaris environment or a multi-OS computer system, Progent's CISM and ISSAP-certified security specialists can help your entire enterprise in a broad range of security areas such as security management practices, security design and strategies, connection control products and methodology, software development security, business processes security, hardware security, communications, infrastructure and Internet security, and workplace recovery preparedness. CISA and CISM define the fundamental skills and worldwide standards of performance that information security managers are required to possess. These certification give executive management the assurance that those who have achieved their CISM, CISSP or ISSAP qualification have demonstrated the background and theory to deliver world-class security management and engineering services.

  • Technology Professional Infor SyteLine CloudSuite Business Analyst CloudSuite 9.00 Engineers

  • Antivirus Reseller
    Anti-Spam Consulting

    E-Mail Guard is Progent's economical anti-spam and antivirus solution that offers small companies world-class protection from spam, viruses, directory harvesting, and other forms of email-borne attacks on IT systems. E-Mail Guard is based on Postini's Perimeter Manager, a comprehensive suite of web-managed antispam and antivirus services that ward off email assaults before they are able to breech the corporate firewall. Perimeter Manager also allows administrators monitor and control their e-mail application, irrespective of server platform, hardware type, or geographic location.

  • Technology Professional ProSight IT Management Outsourcing ProSight Remote Network Management Consulting
  • Telecommuters Cambridge Consulting - Backup Systems Consulting Services Peterborough 24x7 Cambridge At Home Workforce Data Protection Systems Assistance Cambridge
  • Telecommuters Cambridge Guidance - Security Solutions Consulting Experts East of England Cambridge Telecommuters Security Solutions Consulting Experts Cambridge

  • Support Intune and Windows 8.1
    Top Online Troubleshooting Intune Endpoint Protection

    Progent's Microsoft-certified Intune consultants can help you to assess the business case for adopting Intune for configuring and managing your web-facing mobile devices including notebooks, smartphones, and tablets powered by Windows, Apple iOS, and Android. Progent's Intune consultants can help your company to configure security and compliance policies, set up pilot environments to confirm the appropriateness of Microsoft Intune for your network, install Intune throughout your IT ecosystem, integrate Intune with System Center Configuration Manager for single-console change management, and maintain your Microsoft Intune solution.

  • Top Cambridge Telecommuters Conferencing Systems Consulting and Support Services Bedford, United Kingdom Cambridge Telecommuters Cambridge Guidance - Voice/Video Conferencing Solutions Consulting and Support Services
  • Windows Server 2012 R2 Small Business IT Consulting Companies Cambridge East of England Windows Small Office Network Consulting
  • Wireless EMail Remote Support Wireless IT Services

  • Email Security and Virus Protection Online Consulting
    Network Security Consulting Microsoft Exchange Server

    Progent's Microsoft-certified professionals have more than a decade of background delivering messaging support for companies ranging from small offices to large corporations. Progent provides affordable support for all versions of Microsoft Exchange Server to strengthen email and virus protection, design high availability email environments, and implement remote and mobile email access. Progentís Microsoft Exchange support services can assist you in designing and carrying out a migration from an outdated SMPT server or older Microsoft Email software such as Microsoft Exchange 2003 to Microsoft Exchange Server 2016. Progent offers support for Windows 8, Windows 7, Vista, and Windows XP clients running Office Outlook and can show you how to configure Microsoft Outlook Web App for all major web browsers. For email virus protection, spam filtering and outbound data leak protection, Progent offers Email Guard security services.

  • Work from Home Employees Consulting Experts nearby Cambridge - Endpoint Management Solutions Guidance Cambridge, United Kingdom At Home Workers Consulting Services - Cambridge - Endpoint Management Solutions Expertise Cambridge

  • Sun Solaris Migration Consulting
    Solaris-Windows Upgrade Consultant

    Progent can help you to plan and implement a smooth migration from a Solaris-based information system to a network powered by MS Windows and suited for supporting Microsoft's popular office productivity products, commercial applications, and developer platforms. Progent's Solaris, Windows and Cisco consultants and application specialists can help you preserve your data and reduce business discontinuity by designing an effective migration strategy that protects your current investments in Sun Solaris application and technology. UNIX-to-Windows migration support services available from Progent include analysis of existing infrastructure, transition strategy and validation, Microsoft Exchange migration expertise, data and application transition, and server and media transition and consolidation.


    © 2002-2021 Progent Corporation. All rights reserved.