Ransomware : Your Feared IT Disaster
Ransomware  Remediation ConsultantsCrypto-Ransomware has become an escalating cyberplague that represents an existential threat for businesses poorly prepared for an attack. Different iterations of ransomware like the CrySIS, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been out in the wild for a long time and continue to cause damage. Newer strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as more unnamed newcomers, not only do encryption of online information but also infect all configured system backups. Information synched to cloud environments can also be rendered useless. In a poorly designed data protection solution, it can render automatic restore operations impossible and basically sets the network back to zero.

Retrieving applications and information following a ransomware attack becomes a sprint against the clock as the victim fights to contain the damage and cleanup the crypto-ransomware and to resume mission-critical operations. Due to the fact that ransomware requires time to spread, penetrations are frequently sprung during weekends and nights, when penetrations may take more time to notice. This multiplies the difficulty of quickly mobilizing and organizing a capable mitigation team.

Progent makes available a range of services for protecting Boston businesses from ransomware penetrations. These include team training to help identify and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based cyberthreat defense to detect and quarantine day-zero modern malware attacks. Progent in addition offers the assistance of veteran ransomware recovery engineers with the talent and perseverance to rebuild a compromised environment as urgently as possible.

Progent's Ransomware Recovery Services
Soon after a ransomware event, paying the ransom demands in Bitcoin cryptocurrency does not guarantee that cyber hackers will respond with the needed keys to unencrypt any or all of your files. Kaspersky Labs estimated that 17% of ransomware victims never restored their files after having sent off the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is well higher than the usual crypto-ransomware demands, which ZDNET determined to be in the range of $13,000 for small businesses. The other path is to setup from scratch the mission-critical components of your Information Technology environment. Absent access to essential system backups, this requires a broad complement of skill sets, professional project management, and the capability to work 24x7 until the job is complete.

For twenty years, Progent has made available professional Information Technology services for businesses across the U.S. and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have earned top industry certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security specialists have garnered internationally-renowned certifications including CISM, CISSP, CRISC, and GIAC. (Visit Progent's certifications). Progent also has expertise with accounting and ERP applications. This breadth of expertise affords Progent the ability to efficiently determine necessary systems and consolidate the surviving pieces of your computer network environment after a ransomware attack and configure them into an operational system.

Progent's security team utilizes state-of-the-art project management applications to coordinate the sophisticated restoration process. Progent appreciates the urgency of working quickly and together with a client's management and IT resources to prioritize tasks and to get essential systems back online as fast as possible.

Client Case Study: A Successful Crypto-Ransomware Penetration Restoration
A business sought out Progent after their organization was attacked by Ryuk crypto-ransomware. Ryuk is believed to have been developed by North Korean state criminal gangs, suspected of adopting approaches exposed from America's National Security Agency. Ryuk targets specific organizations with little or no room for disruption and is one of the most profitable incarnations of ransomware. Major organizations include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing business located in the Chicago metro area and has about 500 employees. The Ryuk attack had paralyzed all company operations and manufacturing processes. Most of the client's data protection had been on-line at the start of the attack and were eventually encrypted. The client considered paying the ransom (more than two hundred thousand dollars) and wishfully thinking for the best, but in the end called Progent.


"I cannot speak enough in regards to the expertise Progent gave us throughout the most critical time of (our) company's existence. We had little choice but to pay the Hackers except for the confidence the Progent experts provided us. That you could get our e-mail and important servers back on-line sooner than five days was something I thought impossible. Each expert I worked with or e-mailed at Progent was amazingly focused on getting us working again and was working breakneck pace on our behalf."

Progent worked hand in hand the customer to rapidly understand and prioritize the most important systems that had to be recovered in order to restart departmental operations:

  • Active Directory
  • Electronic Messaging
  • Accounting/MRP
To get going, Progent followed Anti-virus incident response best practices by stopping lateral movement and performing virus removal steps. Progent then initiated the process of rebuilding Active Directory, the heart of enterprise environments built on Microsoft technology. Microsoft Exchange Server email will not work without AD, and the client's financials and MRP applications leveraged Microsoft SQL, which requires Active Directory services for authentication to the data.

Within 48 hours, Progent was able to rebuild Active Directory to its pre-virus state. Progent then helped perform setup and storage recovery on mission critical systems. All Exchange ties and configuration information were usable, which facilitated the rebuild of Exchange. Progent was also able to assemble non-encrypted OST data files (Microsoft Outlook Off-Line Folder Files) on various workstations in order to recover email data. A not too old offline backup of the customer's accounting/ERP systems made it possible to recover these essential programs back on-line. Although significant work remained to recover completely from the Ryuk damage, critical systems were returned to operations quickly:


"For the most part, the assembly line operation did not miss a beat and we delivered all customer deliverables."

During the following couple of weeks important milestones in the recovery project were accomplished through tight cooperation between Progent consultants and the customer:

  • In-house web applications were restored with no loss of data.
  • The MailStore Exchange Server containing more than 4 million archived emails was restored to operations and available for users.
  • CRM/Product Ordering/Invoicing/AP/Accounts Receivables (AR)/Inventory functions were completely recovered.
  • A new Palo Alto Networks 850 security appliance was set up.
  • Ninety percent of the user PCs were fully operational.

"A lot of what transpired in the early hours is nearly entirely a haze for me, but our team will not forget the countless hours each of your team accomplished to help get our business back. I have utilized Progent for the past ten years, possibly more, and every time Progent has impressed me and delivered. This event was a stunning achievement."

Conclusion
A possible company-ending disaster was avoided by results-oriented professionals, a broad spectrum of subject matter expertise, and tight teamwork. Although in retrospect the ransomware virus incident detailed here should have been identified and blocked with current cyber security systems and NIST Cybersecurity Framework best practices, team education, and well designed security procedures for data protection and applying software patches, the reality is that state-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a ransomware incident, feel confident that Progent's team of professionals has proven experience in crypto-ransomware virus blocking, removal, and file disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others who were helping), thank you for making it so I could get rested after we made it through the most critical parts. Everyone did an incredible job, and if any of your guys is visiting the Chicago area, a great meal is on me!"

Download the Ransomware Remediation Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Services in Boston
For ransomware cleanup expertise in the Boston area, call Progent at 800-462-8800 or see Contact Progent.



An index of content::

  • 24-7 Boston Information Technology Consultants CCIE Expert Certified Boston-Middlesex County-Massachusetts Outsourced IT Management Services
  • Boston Ryuk Ransomware Infection Data-Recovery Example
  • 24/7/365 Boston-Suffolk County Support Outsourcing Services Boston Computer Companies
  • 24/7/365 Expert Cisco Boston, Suffolk County Cisco Small Business IT Consulting Firms Boston, MA

  • ransomware system rebuild Engineer
    Consultant NotPetya ransomware hot line

    Progent's Ransomware Hot Line provides 24x7 access to a proven ransomware recovery expert who can assist you to contain the spread of an active ransomware attack. Call 800-462-8800

  • 24x7 Network Asset Report Consultant Services Network Asset Report Consult
  • At Home Workers Consulting and Support Services in Boston - Voice/Video Conferencing Technology Consultants Boston, Suffolk County Boston Offsite Workforce Voice/Video Conferencing Technology Expertise New England, America
  • Boston Cambridge Job Opening Microsoft MCITP Remote Engineer Contract Job ISSAP Consulting Boston
  • Boston Data Center Small Business Computer Consulting Boston Colo Assessment
  • Boston MongoLock Ransomware System-Restore Boston, MA
  • Boston Dharma Ransomware Business Recovery Boston, Suffolk County, United States Boston Snatch Crypto-Ransomware Repair New England
  • Boston IT Staff Temps Support Services Boston, Suffolk County New England Supplemental IT Support Staffing Help Consulting
  • Boston Massachusetts Urgent Boston Spora Ransomware Operational-Recovery Boston Netwalker Ransomware Operational-Recovery Boston, MA, United States
  • Boston Ransomware Hermes Preparedness Assessment Boston Boston Ransomware Hermes Readiness Assessment New England
  • Boston Remote Workforce Cloud Integration Technology Consulting and Support Services Boston Cambridge Boston Teleworkers Cloud Integration Systems Consulting and Support Services
  • Boston Telecommuters Consulting and Support Services in Boston - Integration Consulting Boston, MA Boston Remote Workers Support Consulting Services
  • Boston Teleworkers Help Desk Solutions Consulting Boston Massachusetts Teleworkers Consultants in Boston - Call Desk Solutions Consulting Services Boston Cambridge
  • Boston Work at Home Employees Integration Consulting Telecommuters Expertise - Boston - Setup Expertise
  • Boston, Suffolk County Top At Home Workers Boston Consulting and Support Services - Security Systems Consulting and Support Services Offsite Workforce Boston Consulting Experts - Security Systems Assistance Boston Cambridge
  • Boston, Suffolk County, United States BlackBerry Enterprise Server Integration Companies BlackBerry Email Small Business IT Outsourcing New England, America
  • Boston, MA Ransomware Repair Consultants 24x7 Boston Crypto-Ransomware Remediation Help Boston
  • Boston, MA, USA Mandrake Linux, Solaris, UNIX Consulting Services Debian Linux, Sun Solaris, UNIX Network Consultants Boston, Suffolk County

  • 24-7 Technology Support Cisco Router
    24/7 Cisco Certified CCIE Information Technology Consulting Firms

    Progent can provide rapid online support from Cisco CCIE network infrastructure consultants. Progent's CCIE consultants can connect to your environment using powerful remote diagnostic tools to provide fast and affordable analysis and remediation of critical network issues.

  • CCIE Certified Meraki Switch Upgrade Remote Technical Support 24-7 Meraki Switch and Access Point Support
  • Cisco Firesight Management Consultant Cisco Firepower 4000 Series Firewalls Configuration
  • Cisco Firewall Computer Consulting Services Cisco Security On-site Support

  • Consult Nagios for Linux
    IT Services Nagios

    Network monitoring typically consists of observing a network's resource usage to help identify data traffic backups or troubleshoot hardware or program issues. Nagios and Multi Router Traffic Grapher (MRTG) are powerful, free monitoring utilities that run under Linux and can be used to monitor mixed-platform environments where Linux and Windows coexist. Progent's network integration consultants can help you use both these programs to optimize and troubleshoot your network. Progent's Linux support services provide small businesses and developers help with administering and servicing UNIX and Linux networks that coexist with Windows-based technology.

  • Citrix Essentials Consultant Services Citrix StorageLink Gateway Consultants
  • Consultant Rates Support Firms Top Quality Value Pricing Computer Network Providers
  • Desktop Monitoring and Reporting Support Immediate ProSight Remote Server Monitoring Consulting
  • Emergency Boston Microsoft Dynamics GP-Great Plains Reporting Consultant Boston Boston, Suffolk County MS Dynamics GP Boston Solution Provider - Customization Outsourcing
  • Expertise for Boston Computer Support Firms Boston, Suffolk County Boston Consulting for Computer Support Providers Boston
  • Extended Help Desk Setup and Support Supplemental Help Desk Professionals
  • Microsoft Forefront TMG Troubleshooting Forefront TMG On-site Support
  • Microsoft Microsoft 365 Deployment Readiness Consultant Services Microsoft 365 Exchange Online and on-premises Exchange Support Services
  • Midsize Office Networking Consultant Mid-sized Business Computer Consulting Services
  • New England Boston Conti Crypto-Ransomware Forensics Investigation Boston Conti Ransomware Forensics Analysis Boston, MA
  • New England Boston NotPetya Ransomware Negotiation Consultants Emergency Boston Ryuk Crypto-Ransomware Settlement Negotiation Expertisen New England
  • Online Consulting Support for IT Service Firms Support for IT Service Firms Professionals

  • Integration Services At Home Workforce Endpoint Security
    Work at Home Cybersecurity Engineer

    Progent can help small and mid-size organizations to set up endpoint device security defense systems and deliver response expertise for a remote workforce.

  • Protecting Security Boston Cambridge, United States Network Consultant CISSP Boston Cambridge, America
  • Ransomware Removal and Restore Boston Ransomware Removal and Data Recovery New England
  • Remote Workers Guidance near Boston - Data Protection Systems Consultants Boston Cambridge Telecommuters Boston Consulting - Data Protection Technology Consulting and Support Services Boston, MA
  • Remote Workforce Guidance - Boston - Endpoint Management Tools Guidance Boston, MA Teleworkers Boston Expertise - Management Tools Consulting Services Boston
  • SQL Server 2017 High Availability Remote Troubleshooting Open Now SQL Server 2017 Always On Availability Groups Support
  • SQL Server 2019 Network Security Consultants New England 24 Hour Networking Help SQL Server 2019 Boston, MA
  • Support SharePoint 2013 Boston, MA Microsoft SharePoint Server 2013 Engineer Boston Cambridge
  • Tech Support For Small Business Exchange Server 2016 New England Exchange System Consulting Boston, MA
  • Telecommuters Boston Consulting - Collaboration Solutions Consulting Boston Cambridge, U.S.A. At Home Workers Boston Assistance - Collaboration Solutions Assistance Boston Massachusetts
  • Boston Ryuk Crypto-Ransomware Removal Boston Cambridge
  • Teleworker Helpdesk Technical Support Services Remote Workforce Helpdesk Computer Consulting
  • Top Rated Boston Netwalker Ransomware Cleanup Boston, Suffolk County Boston DopplePaymer Crypto-Ransomware Business Recovery Boston
  • Ubiquiti UniFi XG switch Consulting Ubiquiti's U6 PRO WiFi access points Services
  • Windows Server 2012 R2 installation and Administration Windows Server 2012 Technical Firms Boston Massachusetts, United States
  • Wireless LAN Site Survey Support Services Wi-Fi 6 Wireless Site Survey Computer Engineer
  • Boston Dharma Ransomware Data-Recovery Boston Cambridge
  • Work at Home Employees Expertise nearby Boston - VoIP Solutions Assistance Boston Boston Massachusetts Remote Workforce Boston Consulting - VoIP Technology Consulting Services
  • ransomware virus recovery Specialist Phobos ransomware recovery Specialists

  • © 2002-2023 Progent Corporation. All rights reserved.