Ransomware Prevention and Recovery Consulting Tucson
Ransomware System-Rebuild: An Example
Ransomware : Your Crippling Information Technology Nightmare
Ransomware has become a too-frequent cyberplague that represents an enterprise-level danger for organizations vulnerable to an assault. Versions of crypto-ransomware such as CrySIS, WannaCry, Locky, SamSam and MongoLock cryptoworms have been out in the wild for a long time and continue to inflict destruction. More recent variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, plus additional unnamed newcomers, not only do encryption of on-line files but also infect most accessible system protection mechanisms. Files synched to the cloud can also be corrupted. In a vulnerable system, it can render any restore operations hopeless and basically knocks the network back to square one.
Getting back on-line programs and data after a crypto-ransomware outage becomes a race against the clock as the targeted business tries its best to contain the damage and remove the crypto-ransomware and to restore mission-critical activity. Because ransomware takes time to spread, attacks are often launched at night, when attacks tend to take more time to detect. This multiplies the difficulty of rapidly marshalling and coordinating a knowledgeable mitigation team.
Progent offers an assortment of support services for securing Tucson organizations from crypto-ransomware events. Among these are team member education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based threat protection to identify and extinguish zero-day malware assaults. Progent in addition offers the services of expert crypto-ransomware recovery engineers with the talent and perseverance to rebuild a breached environment as rapidly as possible.
Progent's Crypto-Ransomware Restoration Support Services
Soon after a crypto-ransomware attack, sending the ransom demands in cryptocurrency does not ensure that merciless criminals will return the needed codes to decrypt any or all of your information. Kaspersky ascertained that seventeen percent of ransomware victims never restored their data even after having sent off the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the usual crypto-ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller organizations. The other path is to setup from scratch the vital components of your Information Technology environment. Absent the availability of full system backups, this requires a broad complement of IT skills, well-coordinated project management, and the capability to work 24x7 until the job is complete.
For decades, Progent has made available professional IT services for companies throughout the United States and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have attained high-level certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have earned internationally-recognized industry certifications including CISA, CISSP, CRISC, and GIAC. (See Progent's certifications). Progent also has experience with financial systems and ERP software solutions. This breadth of experience gives Progent the capability to rapidly identify important systems and integrate the remaining components of your Information Technology environment following a ransomware attack and assemble them into a functioning network.
Progent's security team utilizes best of breed project management applications to orchestrate the complicated recovery process. Progent appreciates the urgency of acting swiftly and together with a customer's management and Information Technology resources to assign priority to tasks and to put the most important services back on-line as soon as humanly possible.
Customer Story: A Successful Ransomware Incident Recovery
A customer engaged Progent after their company was penetrated by the Ryuk ransomware virus. Ryuk is thought to have been developed by North Korean state sponsored criminal gangs, possibly adopting techniques leaked from America's National Security Agency. Ryuk attacks specific organizations with little or no room for disruption and is among the most profitable iterations of crypto-ransomware. High publicized organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturing company based in the Chicago metro area with about 500 workers. The Ryuk event had paralyzed all essential operations and manufacturing processes. Most of the client's system backups had been directly accessible at the beginning of the attack and were eventually encrypted. The client was evaluating paying the ransom (more than $200,000) and praying for good luck, but in the end called Progent.
Progent worked together with the customer to quickly understand and prioritize the key applications that had to be addressed in order to continue departmental functions:
- Windows Active Directory
- Microsoft Exchange Email
- Accounting and Manufacturing Software
Within two days, Progent was able to re-build Active Directory services to its pre-penetration state. Progent then helped perform rebuilding and storage recovery of mission critical applications. All Exchange ties and configuration information were usable, which accelerated the rebuild of Exchange. Progent was able to assemble local OST data files (Outlook Email Off-Line Folder Files) on team PCs and laptops in order to recover mail messages. A recent off-line backup of the client's financials/MRP software made them able to recover these essential programs back on-line. Although a lot of work needed to be completed to recover completely from the Ryuk attack, the most important services were recovered rapidly:
Throughout the next couple of weeks key milestones in the recovery process were completed in tight collaboration between Progent team members and the customer:
- Internal web applications were brought back up with no loss of data.
- The MailStore Microsoft Exchange Server containing more than 4 million historical emails was spun up and accessible to users.
- CRM/Product Ordering/Invoicing/Accounts Payable (AP)/AR/Inventory capabilities were fully restored.
- A new Palo Alto Networks 850 firewall was installed.
- Nearly all of the desktop computers were being used by staff.
Conclusion
A likely business-ending catastrophe was avoided due to dedicated experts, a broad array of subject matter expertise, and tight collaboration. Although in post mortem the ransomware attack described here could have been shut down with up-to-date security technology solutions and best practices, user and IT administrator education, and well thought out incident response procedures for information backup and proper patching controls, the reality remains that state-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a crypto-ransomware incursion, feel confident that Progent's roster of professionals has a proven track record in crypto-ransomware virus blocking, remediation, and information systems disaster recovery.
Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)
Contact Progent for Ransomware Cleanup Consulting Services in Tucson
For ransomware cleanup expertise in the Tucson area, call Progent at
An index of content::
Microsoft Office SharePoint Server 2013 Computer Consultant
Largest SharePoint Server IT Consultant
Progent's Microsoft-certified consultants can show you how to evaluate the business justification for implementing SharePoint 2007, consult with you on the most appropriate version of Microsoft SharePoint for your application, provide setup and integration expertise, help you to install MS SQL Server as a supporting database, optimize your network integrity, integrate your off-the-shelf and customized application software to operate with SharePoint Portal Server 2007, design a comprehensive security strategy that includes portal solutions, and provide troubleshooting and Help Desk support.
Remote Consulting Remote Workers Security
At Home Employees Endpoint Security Configuration
Progent can assist small and medium-size companies to set up endpoint security defense systems and provide cleanup services needed to support offsite workers.
Windows Server 2008 R2 Online Consulting
Microsoft Windows Server 2008 R2 Consulting
Windows Server 2008 is an important step forward in making information systems more secure and available, simpler to virtualize and manage, higher performing, and able to provide an improved platform for web publishing. Progent can assist your business benefit fully from the improvements incorporated into Windows Server 2008 by providing certified consulting, technical support, training, temporary staffing, network monitoring, and security engineering expertise.
Windows Active Directory Domain Services Online Technical Support
24/7 Online Troubleshooting Azure Active Directory Domain Services
Progent's consultants can help you to plan and implement an efficient move from onsite Active Directory to cloud-hosted Azure AD or to a hybrid solution that uses Azure AD DS and AD Connect to unify identity and access services across onsite and cloud resources.
New Mexico Technology Consulting
Vermont Networking Companies
If your company does not require emergency online support but you think you will require technical services with your information system soon, you can conserve time and money and ensure that the appropriate expertise will be ready when you require it by contacting a Progent sales agent and registering as a customer. For more information, phone 800-993-9400 or send email to information@progent.com.
CCNP Certified UNIX Online Computer System Consultant
UNIX Online Computer Consultancy Firm
Progent provides national online help and troubleshooting services for businesses who run UNIX, Linux, or Solaris networks or whose IT systems include a combination of UNIX/Linux and Microsoft Windows technology. Online IT help provides maximum return for your IT dollar by preserving user productivity and limiting the hours charged for network repair services. Advanced remote access tools and skilled service specialists and engineers allow Progent to solve most IT problems without wasting time and money by traveling to your site. In most of situations your network issues can be dealt with by telephone or via a mix of telephone help and remote network analysis. Progent can make available Cisco certified CCIE network experts and CISSP and ISSAP premier security specialists to assist with the most difficult system issues.
Open Now Microsoft Server Virtualization Network Consultants
Microsoft Virtual Machines Consultant Services
Microsoft Virtual Server 2005, hosted on the Microsoft Windows Server platform and powered by software first produced by Connectix, delivers the performance needed to carry out server consolidation, software migration, and server quarantine tasks via virtualization techniques in an enterprise-class IT environment with advanced scalability, manageability, and reliability. Microsoft has aimed Virtual Server at businesses who want to improve ROI in software development and piloting, migration from legacy line-of-business applications, and server consolidation. Progent's skilled Virtual Server consultants can help your company to evaluate and deploy Microsoft Virtual Server.
Chief Information Officer IT Services
Microsoft and Cisco Outsourcing CIO
Progent can supply small companies with an IT management expert who can function as a part-time CIO. This part-time Chief Information Officer can provide long-term direction to help you deploy sensible technology to enhance business processes so they align more closely with your business goals. Your business can create and implement a well thought out information technology strategy without absorbing the cost of a full-time Chief Information Officer.
Windows 11 RPA Network Engineer
Windows 11 and TPM Consultants
Progent's Windows 11 consulting experts can provide a variety of services for Windows 11 including cloud integration, mobile device management, teleworker access, data and identity security, centralized deployment, and Help Desk Call Center support services.
Consultant Project Implementation
Best Project Design Tuning Specialists
For enterprise project management support, Progent offers the services of senior IT experts with decades of experience in IT management, application development, and process design for organizations ranging from Big 4 firms to dot-com startups to government agencies. These proven IT managers offer project management skills to assist enterprise clients follow best practices to make sure development or deployment projects are successfully completed on schedule and within budget.
Cisco Aironet 802.11ac AP Integration Support
Cisco Mobility Express Online Troubleshooting
Progent's Cisco-certified wireless networking consultants can help businesses of all sizes to plan, deploy, administer and repair Cisco Aironet wireless access point environments to achieve the performance, coverage, capacity, scale, security compliance and ease of management required for transparent access between wireless and wired network infrastructure. Progent can provide efficient remote and onsite support for both end-of-life and new-generation 802.11ac Aironet access points and Progent can assist your business design and maintain deployments of indoor and outdoor/industrial Aironet Wi-Fi access points.
SentinelOne Behavior-based Antivirus Consult
SentinelOne Ransomware Recovery Technology Professional
Progent is a dealer and consulting firm for SentinelOne's Singularity product family, a subscription-based, cloud-first cyberthreat management solution that incorporates machine learning technology and expert services to deliver comprehensive endpoint detection and response.
Microsoft 365 Integration Consultants
Integration Services Microsoft 365 Hybrid Solutions
Progent can assist you to understand the wealth of subscription options offered with Microsoft 365, previously branded Office 365, and integrate your network with Microsoft 365 in a way that delivers top business value. Progent supports cross-vendor environments that include Windows, macOS or OS X, and Linux operating systems. Progent can also assist you to create and manage hybrid networks that transparently integrate local and cloud-based resources.
Services Microsoft Windows 11 Configuration Manager
Windows 11 Autopilot Integration
Progent's Windows 11 consultants can provide a range of services for Windows 11 including cloud and hybrid integration, mobile management, at-home workforce connectivity, security and compliance, automated deployment, and Call Center support services.
External Cybersecurity Inventory Consultant
Professional Cybersecurity Scan
Progent provides small businesses a pair of specially designed security evaluation scanning packages that provide, for a preset price, remotely administered scans of your security profile which are analyzed by expert security specialists who interpret the results of the remote scan, deliver unbiased evaluations of your existing security vulnerability, and offer suggestions for enhancements. Progent offers two complementary network security inventory packages for external and internal security testing that are priced to fit the budgets of small businesses while delivering enterprise-quality assessments of your network's vulnerability to assault.
ProSight Remote Infrastructure Management Technical Support
Network Troubleshooting Remote Support
ProSight WAN Watch is an infrastructure management service that makes it simple and inexpensive for small and mid-sized organizations to diagram, monitor, optimize and debug their connectivity appliances such as routers, firewalls, and access points plus servers, printers, endpoints and other networked devices. Incorporating cutting-edge RMM technology, WAN Watch makes sure that infrastructure topology maps are kept current, copies and manages the configuration of virtually all devices connected to your network, monitors performance, and sends notices when potential issues are detected. By automating time-consuming management and troubleshooting activities, ProSight WAN Watch can cut hours off ordinary chores such as network mapping, expanding your network, locating devices that require critical software patches, or identifying the cause of performance bottlenecks.
Cybersecurity Vulnerability Assessment Professional
Internal Cybersecurity Inventory Specialist
Progent has created several network security service bundles designed to deliver larger corporations an impartial and comprehensive network security audit from a team of premier security engineers. All Progent's security evaluation packages incorporate a collection of procedures including network scans from within and from outside your company firewall, expert analysis of scan results by certified security consultants, production of a paper explaining the findings, plus a live concise executive summary and a detailed live review for in-house network managers.
Specialist Email Guard DLP
Email Block Lists Professional
Progent's ProSight Email Guard solution uses the technology of top information security companies to deliver centralized management and comprehensive protection for all your inbound and outbound email. The hybrid architecture of Email Guard integrates cloud-based filtering with a local security gateway device to provide advanced protection against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks (DHAs), and other email-based threats. Email Guard's cloud filter serves as a preliminary barricade and keeps most unwanted email from making it to your security perimeter. This decreases your vulnerability to inbound threats and saves system bandwidth and storage. Email Guard's on-premises security gateway device provides a deeper layer of analysis for incoming email. For outbound email, the local security gateway offers AV and anti-spam filtering, policy-based Data Loss Prevention, and encryption. The onsite security gateway can also assist Exchange Server to monitor and safeguard internal email that originates and ends within your security perimeter.
Amazon Marketplace Web Service development Integration Companies
Amazon Marketplace Web Service development Outsourced Programming
Amazon Marketplace Web Service is an integrated collection of APIs that allows Amazon sellers to improve the efficiency of their operations by automating crucial sales activities including listings, orders, payments, inbound and outbound fulfillment, and finances. By leveraging Amazon's vast online ecosystem and automating their sales processes, vendors can expand their market, lower their cost of sales, accelerate reaction time to customers, and increase their bottom line. Progent's Amazon Marketplace Web Service developers can collaborate with your development staff and provide programming, workflow integration, project management support, and training to help you cut development time and costs and expedite your ROI.
Hornetsecurity Altaro 365 Total OneDrive Backup Information Technology Consulting
Hornetsecurity Altaro 365 Total SharePoint Backup Integration
Progent is an authorized Hornetsecurity/Altaro partner and can design, install, and manage a deployment of 365 Total Backup to back up and restore your Microsoft 365 mailboxes, files stored on your organization's OneDrive Accounts and SharePoint sites, Teams Chats, plus files on Windows-powered endpoints.
Training Live Online Office Excel
Training Live Online Windows 8.1
Progent's webinar training classes provide small businesses the cost savings, simplicity, and versatility of web-based learning and the proven pedagogic methods of experienced teachers who employ sophisticated collaboration software to emulate live, participatory classrooms. Progent can provide online education for popular desktop applications including elements of Microsoft Office such as Microsoft Office Excel, Word, Publisher, and Project: MS Dynamics business accounting and management information solutions including Microsoft Dynamics GP (Great Plains); plus other top desktop applications like Adobe Photoshop, Adobe Acrobat Writer, and Crystal Reports.
CCSA IT Technical Support Company
Computer Tech ACDT
Progent offers clients access to engineers who have been awarded some of the computer industry's most prized credentials. Progent believes that customers have the right to be sure that their IT service professionals have formal training as well as extensive practical field experience so that Progent's customers can use Progent's support with trust. In many cases, vendor credentials like the Cisco Certified Internetwork Experts brings priority for significantly superior vendor help than is offered to non-certified service providers, allowing Progent to offer clients a higher level of IT service. In addition, recognized certifications such as CISSP or ISSEP for IT security can help corporate customers to demonstrate compliance with regulatory requirements by using the assistance of accredited industry experts.
Palo Alto Networks FireWalls Security Contractors
Palo Alto Networks FireWalls Security Consultants
Progent's Palo Alto Networks firewall consultants can show you how to select, deploy, and manage Palo Alto Networks PA-Series firewalls to create a modern security environment that extends across your data center and cloud-based assets and protects any user at any location with any device.
Select Topic: