Crypto-Ransomware : Your Feared Information Technology Disaster
Ransomware  Recovery ProfessionalsRansomware has become a modern cyber pandemic that poses an extinction-level danger for organizations poorly prepared for an attack. Multiple generations of ransomware like the CrySIS, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for many years and still cause harm. Newer strains of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, along with daily as yet unnamed malware, not only do encryption of on-line critical data but also infiltrate most available system protection mechanisms. Files replicated to off-site disaster recovery sites can also be ransomed. In a poorly architected system, it can render automated restoration useless and effectively sets the entire system back to zero.

Getting back services and data after a crypto-ransomware outage becomes a race against time as the victim struggles to contain and remove the crypto-ransomware and to restore mission-critical operations. Since ransomware takes time to replicate, penetrations are often launched during weekends and nights, when penetrations may take more time to detect. This compounds the difficulty of promptly assembling and organizing a capable mitigation team.

Progent provides an assortment of services for protecting Boston enterprises from crypto-ransomware penetrations. Among these are team training to become familiar with and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based threat protection to discover and suppress zero-day modern malware attacks. Progent in addition offers the assistance of experienced crypto-ransomware recovery consultants with the talent and commitment to reconstruct a breached environment as rapidly as possible.

Progent's Ransomware Recovery Support Services
Soon after a ransomware penetration, even paying the ransom in cryptocurrency does not guarantee that criminal gangs will respond with the needed codes to unencrypt all your files. Kaspersky Labs determined that seventeen percent of ransomware victims never restored their information even after having paid the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the typical crypto-ransomware demands, which ZDNET determined to be approximately $13,000 for small organizations. The fallback is to setup from scratch the vital components of your Information Technology environment. Without access to complete data backups, this calls for a wide range of IT skills, top notch project management, and the ability to work 24x7 until the task is complete.

For two decades, Progent has offered professional Information Technology services for businesses across the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have been awarded top industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have earned internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent also has experience with financial management and ERP applications. This breadth of experience provides Progent the capability to knowledgably understand critical systems and organize the surviving pieces of your Information Technology system after a ransomware event and rebuild them into an operational system.

Progent's ransomware team of experts uses top notch project management tools to orchestrate the sophisticated recovery process. Progent understands the importance of acting quickly and together with a customer's management and Information Technology team members to assign priority to tasks and to get essential systems back online as soon as humanly possible.

Case Study: A Successful Ransomware Incident Recovery
A small business engaged Progent after their network was taken over by Ryuk ransomware virus. Ryuk is believed to have been launched by Northern Korean government sponsored criminal gangs, suspected of using technology leaked from the U.S. National Security Agency. Ryuk attacks specific companies with little room for disruption and is among the most profitable iterations of ransomware. Major targets include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturer based in Chicago and has about 500 employees. The Ryuk attack had paralyzed all business operations and manufacturing capabilities. Most of the client's information backups had been online at the start of the attack and were encrypted. The client was taking steps for paying the ransom demand (exceeding $200,000) and hoping for the best, but in the end brought in Progent.

"I cannot speak enough about the expertise Progent gave us throughout the most fearful period of (our) businesses life. We most likely would have paid the cybercriminals if not for the confidence the Progent team gave us. The fact that you could get our messaging and critical servers back quicker than one week was amazing. Every single consultant I got help from or messaged at Progent was urgently focused on getting us restored and was working at all hours to bail us out."

Progent worked with the customer to quickly understand and assign priority to the mission critical applications that needed to be recovered to make it possible to continue departmental functions:

  • Active Directory (AD)
  • Exchange Server
  • Accounting and Manufacturing Software
To get going, Progent adhered to AV/Malware Processes event mitigation best practices by stopping the spread and clearing up compromised systems. Progent then started the steps of bringing back online Active Directory, the foundation of enterprise systems built on Microsoft Windows Server technology. Exchange messaging will not operate without Windows AD, and the customer's accounting and MRP system utilized Microsoft SQL, which needs Active Directory services for access to the databases.

Within two days, Progent was able to rebuild Windows Active Directory to its pre-virus state. Progent then completed rebuilding and hard drive recovery on key systems. All Microsoft Exchange Server ties and attributes were usable, which accelerated the rebuild of Exchange. Progent was also able to assemble non-encrypted OST data files (Microsoft Outlook Off-Line Data Files) on team PCs and laptops in order to recover email data. A not too old off-line backup of the client's financials/ERP systems made them able to return these essential programs back online for users. Although significant work remained to recover fully from the Ryuk attack, critical systems were recovered rapidly:

"For the most part, the production line operation did not miss a beat and we did not miss any customer shipments."

Over the next couple of weeks important milestones in the recovery process were achieved through close collaboration between Progent engineers and the client:

  • Internal web sites were returned to operation without losing any data.
  • The MailStore Microsoft Exchange Server exceeding four million archived emails was brought on-line and available for users.
  • CRM/Orders/Invoices/AP/AR/Inventory Control capabilities were completely functional.
  • A new Palo Alto Networks 850 security appliance was set up.
  • 90% of the user workstations were back into operation.

"Much of what was accomplished during the initial response is nearly entirely a blur for me, but my management will not forget the commitment each and every one of your team put in to help get our company back. I have trusted Progent for the past 10 years, maybe more, and every time I needed help Progent has shined and delivered as promised. This situation was a Herculean accomplishment."

A potential business extinction catastrophe was avoided with top-tier experts, a wide array of IT skills, and close teamwork. Although upon completion of forensics the ransomware virus incident described here could have been prevented with advanced cyber security systems and best practices, team training, and properly executed incident response procedures for information backup and applying software patches, the reality is that state-sponsored criminal cyber gangs from China, North Korea and elsewhere are tireless and represent an ongoing threat. If you do fall victim to a ransomware incident, feel confident that Progent's team of professionals has extensive experience in ransomware virus defense, cleanup, and information systems recovery.

"So, to Darrin, Matt, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others that were helping), I'm grateful for allowing me to get rested after we made it past the initial fire. All of you did an incredible effort, and if any of your team is in the Chicago area, a great meal is on me!"

Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Restoration Consulting in Boston
For ransomware system restoration consulting in the Boston metro area, call Progent at 800-462-8800 or go to Contact Progent.

An index of content::

  • 24-Hour Barracuda Backup Appliance Support and Help Barracuda Backup Offsite Vaulting Remote Support Services
  • 24/7/365 Boston Ransomware Nephilim Vulnerability Report Boston Boston Crypto-Ransomware Malware Checkup New England
  • 24/7/365 Boston Ransomware Recovery Boston Cambridge, US Boston Locky Crypto-Ransomware Cleanup Boston Cambridge
  • 24x7 IT Service Provider Small Office Cisco Network Specialists Small Office
  • 24x7x365 Offsite Workforce Consulting - Boston - Solutions Assistance Boston, Suffolk County Boston Telecommuters Boston Consulting - Solutions Consulting and Support Services
  • Boston Netwalker Ransomware Mitigation Boston Massachusetts
  • 64-bit Server Computer Engineer Microsoft and Cisco 64-bit Migration Technology Professional

  • Network Security Auditing NodeZero Certified PEN Testing
    NodeZero Security Penetration Testing Consultant

    Progent's certified cybersecurity experts can perform NodeZero-powered penetration tests to make sure your security defense systems and policies are correctly configured and effective.

  • 802.11x Wi-Fi Site Survey Technology Consulting Services Wi-Fi RF Spectrum Analysis for Wi-Fi Consultants

  • Network Engineer Jobs Available
    Network Engineering Home Based Jobs

    Progent wants to hire fulltime, solutions-driven Microsoft accredited consultants with Microsoft Certified Systems Engineer certification; Cisco accredited system engineers who have Cisco CCDP or CCIE certification; security professionals who have CISSP or CISA or equivalent security certification; and advanced system architecture consultants with a background in mobile solutions, wireless networking, high uptime, disaster recovery, information protection, and server virtualization. Progent also is looking for professionals to work on our staff of help desk support specialists and off-site troubleshooting professionals. Also, We are looking for experienced managers who can perform productively in Progent's high-growth, virtual office environment.

  • Altaro VM Backup Live Backup Online Troubleshooting 24 Hour Remote Troubleshooting Hornetsecurity Altaro VM Backup Restore
  • At Home Workforce Boston Consulting Services - Network Security Systems Guidance Boston Boston Cambridge Boston Remote Workers Network Security Systems Consulting
  • Boston At Home Workers IP Voice Solutions Consulting Services Boston Remote Workers IP Voice Solutions Assistance Boston, Suffolk County
  • Boston DopplePaymer Crypto-Ransomware Mitigation Boston Massachusetts Boston Cambridge Boston Conti Ransomware Remediation
  • Boston Avaddon Crypto-Ransomware Business-Recovery
  • Boston Massachusetts Boston Maze Ransomware System-Rebuild 24-7 Boston NotPetya Crypto-Ransomware Remediation Boston, MA, United States
  • Boston Massachusetts Boston Work at Home Employees Help Desk Call Center Outsourcing Consulting Services Boston Remote Workers Call Desk Solutions Guidance Boston
  • Boston Spora Crypto-Ransomware System-Restore Boston, United States
  • Boston NotPetya Crypto-Ransomware Mitigation Boston Boston NotPetya Ransomware Remediation Boston Massachusetts

  • Professional VMware ESXi Hypervisor
    24/7 Online Support Services VMware

    Progent offers the assistance of a certified VMware VCDX consultant to help you plan, configure, manage and troubleshoot VMware vSphere-powered virtualization solution for local datacenters, cloud environments, or hybrid cloud deployments. Progent offers world-class expertise for deploying and configuring VMware Site Recovery Manager and VMware's NSX network virtualization system for disaster recovery and business continuity. Progent offers in-depth experience of VMware vCloud Director (vCD), vRealize Automation, vRO and vCloud Suite tools for managing private and public cloud and hybrid cloud solutions that provide high uptime, fault tolerance, and disaster recovery.

  • Boston Ransomware Settlement Negotiation Consultants Boston, MA Boston Egregor Ransomware Negotiation Guidance Boston Cambridge
  • Boston Work from Home Employees Infrastructure Expertise Boston Offsite Workforce Setup Consulting Boston, Suffolk County
  • Boston, MA Boston Nephilim Ransomware Rollback
  • Boston, Suffolk County Boston Expertise for IT Service Organizations Top Ranked Consulting Services for Boston Network Support Firms Boston, MA
  • 24-Hour Boston Egregor Crypto-Ransomware Removal
  • Boston, Suffolk County Boston Work from Home Employees Cloud Solutions Consultants At Home Workforce Expertise in Boston - Cloud Solutions Consulting and Support Services Boston, Suffolk County
  • Boston, MA Cisco Upgrading Boston Cambridge, America IT Consultants Cisco
  • Boston, MA Online Help Cisco Certified Boston, MA Small Business Networking
  • Boston Snatch Ransomware System-Rebuild Boston, Suffolk County
  • Boston, MA Work at Home Employees Consulting Experts nearby Boston - Backup/Restore Technology Assistance Boston, Suffolk County Emergency Work from Home Employees Boston Consulting Experts - Backup/Recovery Solutions Consulting Experts
  • Boston Cambridge Boston Phobos Ransomware Cleanup
  • Boston-Cambridge Network Design Boston IT Outsourcing Firm
  • Cisco Firesight IT Consulting 24x7 Cisco ASA 5500-X with Firepower Consultant

  • Remote Support Small Business Penetration Testing
    24-Hour Technical Services Small Business Work at Home Integration

    If you have a company network with 10 to 50 desktop clients, Progent's IT outsourcing services free your company from dependence on single freelance service provider while giving you cost-effective and reliable access to enterprise-class network support. By delivering network support service when you require it, providing advanced expertise for critical applications, delivering unique support such as 24x7 network monitoring, and billing only for support you receive, Progent gives you an economical way for optimizing the productivity and profitability of your small office information system. Progent is the smart way for small businesses to create and support a robust and secure IT system and to have fast access to the experienced support typically available only to enterprises who can afford a large internal IT organization.

  • Colocation Site Networking Consultant Boston, U.S.A. Top Rated Network Support Consultant Data Center Boston Cambridge, USA
  • Computer Consultant ISR G2 Routers 2800 ISR Router Configuration
  • Consultant Microsoft 365 Integration Microsoft 365 Training Remote Support Services
  • Boston NotPetya Crypto-Ransomware Remediation Boston
  • IT Consultants Exchange 2016 Boston, Suffolk County Microsoft Exchange Server 2007 Small Office IT Outsourcing
  • MS Dynamics GP-Great Plains VAR near me in Boston - Database Support Services Boston Massachusetts Microsoft Dynamics GP-Software Boston Vendor - SQL Server Consulting Boston
  • Microsoft Remote Consultant Part Time Job New England Microsoft MCDBA Support Contract Jobs Boston, Suffolk County

  • Remote Workers VoIP On-site Support
    Teleworker IP Voice Network Consultant

    Progent can help small and mid-size companies to set up VoIP solutions to give their telecommuters the advantage of seamless extensions of the corporate phone infrastructure.

  • Multi-factor Authentication Technology Consulting Services Zero Trust Cybersecurity Support and Setup
  • Network Security Test CISSP 24-Hour CISSP Technology Consulting Services New England, U.S.A.
  • New England Boston Offsite Workforce Collaboration Technology Consulting and Support Services 24x7x365 Boston Remote Workforce Collaboration Solutions Assistance
  • Open Now Exchange Server 2007 Remote Support Exchange 2007 Server Services
  • Open Now Network Installation BlackBerry Redirector Boston Massachusetts New England Remote BlackBerry Software Onsite and Remote Support
  • Boston Phobos Ransomware Cleanup Boston, MA
  • ProSight Reporting Remote Infrastructure Management Network Consultant Network Consulting ProSight Reporting Remote Network Infrastructure Management

  • Offsite Employees Collaboration Computer Engineer
    Remote Workers Collaboration Software Remote Technical Support

    Progent can help small and mid-size companies to set up collaboration applications to allow their at-home workforce to benefit from productive teamwork with colleagues and other stakeholders.

  • Progent's Management Team Network Consulting Firm Progent Management Team IT Specialist
  • Ransomware Data Restore New England NotPetya Ransomware Hot Line Boston, Suffolk County
  • Remote Workers Boston Consulting Services - Management Solutions Consulting Experts Boston, Suffolk County, USA Urgent Boston At Home Workers Management Tools Consulting
  • SCCM 2016 Migration Specialist SCCM 2016 Distribution Point Support and Help
  • SQL 2014 Software Outsourcing Consultant Boston, USA Microsoft SQL Server 2017 Consolidate Boston Massachusetts
  • SQL Server 2014 In-memory ColumnStore Remote Support Services SQL Server 2014 Azure Backup Remote Support Services
  • Server Consolidation Technical Support 24/7 Server Virtualization Engineer
  • Boston Netwalker Crypto-Ransomware Recovery Boston Cambridge, U.S.A.
  • SharePoint Server 2007 Engineer Boston SharePoint 2013 Computer Consultant Boston Cambridge
  • Boston Dharma Ransomware System-Restore Boston, MA
  • Small Business Computer Consulting Small Office Emergency Small Business Migration Company
  • Small Business Manager 24x7 Small Office Consultancies
  • Spora ransomware recovery Consultancy ransomware protection Consultancy
  • Supplemental Staffing Help Consultants Boston, MA Boston Massachusetts Short Term IT Staffing for Network Support Organizations
  • Suse Linux, Sun Solaris, UNIX Remote Support Services Boston Redhat Linux, Sun Solaris, UNIX Remote Technical Support Boston
  • Technical Support Services Extended Service Desk Shared Computer Support Help Desk Network Consultant
  • Top Boston Lockbit Crypto-Ransomware Forensics Investigation Boston After Hours Boston Ransomware Forensics
  • Top Microsoft Office Communications Server Professional Voice over IP Consulting Services

  • At Home Employees Teleconferencing Professional
    Offsite Workforce Video Conferencing Online Troubleshooting

    Progent can assist small and medium-size businesses to deploy and debug conferencing applications to enable their telecommuters to collaborate productively with teammates and customers.

  • Boston Conti Crypto-Ransomware File-Recovery Boston, MA
  • Windows Server 2016 Integration Services Boston, MA 24/7/365 Service Provider Windows Server 2012 New England
  • Work from Home Employees Boston Guidance - Video Conferencing Solutions Consulting Experts New England Boston Remote Workforce Conferencing Technology Assistance Boston Massachusetts

  • © 2002-2024 Progent Corporation. All rights reserved.