Ransomware : Your Worst IT Nightmare
Ransomware  Remediation ProfessionalsRansomware has become an escalating cyber pandemic that poses an extinction-level threat for businesses unprepared for an assault. Different versions of ransomware such as Reveton, WannaCry, Locky, Syskey and MongoLock cryptoworms have been running rampant for years and continue to inflict harm. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, plus frequent unnamed viruses, not only do encryption of on-line information but also infect any configured system backups. Files synched to off-site disaster recovery sites can also be rendered useless. In a vulnerable environment, this can render automated restore operations hopeless and basically sets the entire system back to square one.

Restoring applications and information following a crypto-ransomware attack becomes a sprint against time as the victim fights to contain and cleanup the virus and to resume business-critical operations. Because ransomware requires time to replicate, attacks are usually sprung at night, when successful penetrations typically take longer to recognize. This multiplies the difficulty of rapidly marshalling and organizing an experienced mitigation team.

Progent provides an assortment of solutions for securing Boston organizations from ransomware attacks. These include team education to help identify and avoid phishing attempts, ProSight Active Security Monitoring for remote monitoring and management, plus installation of next-generation security gateways with AI capabilities to rapidly identify and extinguish new threats. Progent also provides the services of experienced ransomware recovery consultants with the track record and commitment to reconstruct a breached network as soon as possible.

Progent's Ransomware Restoration Services
Soon after a crypto-ransomware penetration, sending the ransom demands in cryptocurrency does not provide any assurance that merciless criminals will return the needed codes to decrypt all your files. Kaspersky Labs ascertained that seventeen percent of crypto-ransomware victims never recovered their files even after having paid the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is significantly above the typical ransomware demands, which ZDNET estimated to be around $13,000 for small businesses. The fallback is to setup from scratch the vital parts of your IT environment. Absent access to essential information backups, this requires a wide complement of skill sets, professional project management, and the ability to work 24x7 until the task is finished.

For decades, Progent has provided professional IT services for businesses across the United States and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have attained top certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security engineers have garnered internationally-renowned certifications including CISM, CISSP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent also has experience with accounting and ERP software solutions. This breadth of expertise provides Progent the capability to knowledgably determine critical systems and integrate the surviving components of your network environment after a crypto-ransomware attack and rebuild them into an operational network.

Progent's recovery team of experts deploys best of breed project management tools to orchestrate the complicated recovery process. Progent knows the urgency of acting rapidly and in concert with a client's management and Information Technology staff to prioritize tasks and to put critical services back online as fast as possible.

Client Story: A Successful Ransomware Attack Response
A client escalated to Progent after their organization was taken over by the Ryuk crypto-ransomware. Ryuk is thought to have been deployed by Northern Korean state sponsored cybercriminals, suspected of adopting approaches leaked from Americaís NSA organization. Ryuk seeks specific companies with limited ability to sustain disruption and is among the most profitable versions of crypto-ransomware. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a single-location manufacturing business headquartered in the Chicago metro area and has about 500 staff members. The Ryuk intrusion had disabled all essential operations and manufacturing processes. The majority of the client's information backups had been online at the beginning of the intrusion and were eventually encrypted. The client was taking steps for paying the ransom demand (more than $200,000) and wishfully thinking for the best, but ultimately reached out to Progent.


"I canít speak enough in regards to the expertise Progent provided us throughout the most critical period of (our) companyís survival. We most likely would have paid the cybercriminals except for the confidence the Progent team afforded us. That you could get our e-mail and key servers back online sooner than one week was something I thought impossible. Every single person I talked with or e-mailed at Progent was hell bent on getting my company operational and was working day and night on our behalf."

Progent worked with the customer to rapidly get our arms around and prioritize the critical areas that had to be restored to make it possible to continue company functions:

  • Active Directory
  • Electronic Messaging
  • MRP System
To get going, Progent followed AV/Malware Processes incident mitigation best practices by halting the spread and cleaning up infected systems. Progent then began the task of rebuilding Active Directory, the core of enterprise systems built on Microsoft Windows Server technology. Microsoft Exchange email will not work without Active Directory, and the customerís accounting and MRP system used Microsoft SQL Server, which requires Active Directory for access to the databases.

Within two days, Progent was able to re-build Active Directory services to its pre-intrusion state. Progent then charged ahead with reinstallations and hard drive recovery of essential applications. All Exchange ties and attributes were intact, which accelerated the rebuild of Exchange. Progent was also able to collect local OST files (Outlook Offline Data Files) on team workstations in order to recover mail data. A recent offline backup of the customerís accounting software made them able to return these required applications back on-line. Although significant work still had to be done to recover completely from the Ryuk virus, core services were returned to operations rapidly:


"For the most part, the production manufacturing operation showed little impact and we produced all customer shipments."

During the following month key milestones in the recovery process were accomplished in close cooperation between Progent team members and the client:

  • Self-hosted web applications were restored without losing any data.
  • The MailStore Server exceeding four million historical emails was spun up and available for users.
  • CRM/Orders/Invoices/AP/AR/Inventory Control modules were fully functional.
  • A new Palo Alto 850 firewall was set up.
  • 90% of the desktops and laptops were functioning as before the incident.

"Much of what transpired in the initial days is nearly entirely a fog for me, but my management will not soon forget the urgency all of the team accomplished to help get our business back. I have utilized Progent for the past 10 years, maybe more, and each time Progent has shined and delivered. This situation was a life saver."

Conclusion
A potential business-ending catastrophe was evaded with dedicated experts, a wide range of knowledge, and tight collaboration. Although upon completion of forensics the ransomware virus incident detailed here could have been stopped with advanced cyber security systems and best practices, staff training, and well designed security procedures for information backup and applying software patches, the fact remains that government-sponsored cybercriminals from China, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a ransomware virus, remember that Progent's team of professionals has proven experience in crypto-ransomware virus blocking, cleanup, and data recovery.


"So, to Darrin, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were involved), thanks very much for allowing me to get rested after we made it through the most critical parts. Everyone did an amazing effort, and if any of your guys is visiting the Chicago area, dinner is my treat!"

Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Expertise in Boston
For ransomware system restoration consulting services in the Boston metro area, phone Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24-Hour Consultancy Herakles Data Center Test Lab Consultancy Bandwidth Throttling Test Lab
  • 24-Hour Support and Help Fedora Linux, Solaris, UNIX Boston, Suffolk County Debian Linux, Solaris, UNIX Remote Troubleshooting Boston Cambridge, USA

  • Juniper J Series Firewall Security Contractor
    Juniper J Series Gateway Consulting

    Progent's Juniper-certified network engineers can assist your organization to design and carry out the installation of Juniper J Series firewall/VPN routers, configure security policies and fault-tolerant redundancy, and provide ongoing technical consulting and troubleshooting services.

  • ASA Information Technology Consulting 24/7 Cisco VPN and Firewall Professional

  • Email Polymorphic Virus Protection Professional
    Remote ProSight Email Content Filtering Service Services

    Progent's ProSight Email Guard solution uses the services and infrastructure of leading data security vendors to provide web-based control and world-class security for your email traffic. The hybrid structure of Email Guard managed service combines a Cloud Protection Layer with a local gateway appliance to provide complete protection against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks, and other email-borne threats. The cloud filter acts as a preliminary barricade and keeps most unwanted email from reaching your network firewall. This decreases your exposure to inbound attacks and saves system bandwidth and storage space. ProSight Email Guard's onsite security gateway appliance provides a deeper level of analysis for incoming email. For outgoing email, the on-premises security gateway provides AV and anti-spam protection, DLP, and encryption. The onsite gateway can also assist Exchange Server to track and protect internal email traffic that stays inside your security perimeter.

  • At Home Workers Boston Guidance - Endpoint Management Solutions Expertise Boston Massachusetts Telecommuters Consulting Experts near me in Boston - Management Systems Consulting and Support Services New England
  • At Home Workers Consultants nearby Boston - Cloud Integration Systems Guidance Boston At Home Workforce Cloud Integration Solutions Guidance Boston Massachusetts

  • High-Availability Load Balancing Remote Troubleshooting
    High-Availability Load Balancing Online Technical Support

    Progent provides fault tolerant load balancing consulting that addresses network load balancing, load balanced applications, network backbone routing, and content delivery technology such as Cisco Content Engine. fault tolerant load balancing providers for which Progent offers consulting expertise include Microsoft Windows Server 2003 Network Load Balancing Manager, Citrix Metaframe and Presentation Server, Cisco CSS, Cisco Distributed Director and ACNS, and F5 Networks 3-DNS.

  • Best Snatch Ransomware Hot Line Boston, MA Boston Cambridge Ransomware Rebuild

  • ransomware recovery planning Technology Professional
    Snatch ransomware protection and recovery Specialists

    The ProSight Ransomware Preparedness Report service is a low-cost service built around a brief interview with a Progent information assurance consultant. The fact-finding interview is designed to help assess your company's ability to defend against ransomware or recover rapidly after a ransomware attack. Progent will work with you directly to gather information about your existing antivirus tools and backup system, and Progent will then deliver a custom Basic Security and Best Practices Report document describing how you can follow industry best practices to create a cost-effective AV and backup/recovery environment that minimizes your vulnerability to a ransomware attack and meets your company's needs.

  • BlackBerry BES Express Services BES Express Services
  • BlackBerry Software Consultant Boston BlackBerry Enterprise Server Network Designers Boston, MA
  • Boston At Home Workers Boston Consulting and Support Services - Help Desk Outsourcing Consulting Services Award Winning Remote Workforce Consulting Services near Boston - Help Desk Call Center Augmentation Consulting Boston
  • Boston Consulting for Network Service Organizations New England Consulting Services for Boston Network Service Providers Boston, US
  • Boston Crypto-Ransomware Regulatory Reporting Boston Massachusetts, US After Hours Boston Sodinokibi Ransomware Forensics Boston Cambridge
  • Boston Network Engineer Microsoft SharePoint Server Boston Cambridge, U.S.A. 24x7 Remote Support Microsoft SharePoint

  • Application Consulting QuickBooks Pro
    Urgent Microsoft Dynamics AX Setup and Support

    Progent can give you access to application developers who can modify your Microsoft Business Solutions ERP, MRP, and financial system programs to meet your specific company requirements. Progentís Microsoft consultants provide experience in Microsoft Dynamics Microsoft Axapta, Microsoft Dynamics Microsoft Navision, Microsoft Solomon, and Microsoft Retail Management Software. Progent also provides custom e-Commerce consulting support for secure, company-wide information sharing plus integration with Customer Relationship Management products.

  • Boston Ransomware Netwalker Susceptibility Assessment Boston Massachusetts Boston Crypto-Ransomware Conti protection and ransomware recovery Boston Massachusetts
  • Boston Small Business Computer Consultants Boston-Cambridge Outsourced IT Services

  • Immediate Microsoft Lync Server 2013 IM Computer Consulting
    Expert Microsoft Certified Lync Server 2013 Online Technical Support

    Lync 2013, now called Skype for Business, allows organizations of any size to build a manageable and protected communications environment that supports the modern BYOD computing style with instant messaging, real-time presence, audio/video and web conferencing with app sharing, as well as IP and PSTN calling across a broad assortment of desktop and mobile clients. Progent's Microsoft-certified Lync 2013 experts and system integrators can help your company to evaluate the business benefits of Lync Server 2013, design an in-house, cloud-resident (with Lync Online) or hybrid topology appropriate for your current and long-term goals, implement Lync Server 2013 so as to speed up your ROI, and provide custom webinar and onsite training to your IT team and users. Progent offers in-depth expertise in key components of a Lync Server 2013 deployment including Windows Server, SQL Server and Exchange, and Progent can assist you to integrate Lync 2013 with popular Microsoft Office and Microsoft 365 apps such as Outlook clients and PowerPoint.

  • Boston Snatch Crypto-Ransomware Negotiation Services Boston, Suffolk County, United States Boston Maze Crypto-Ransomware Negotiation Services Boston, Suffolk County

  • Best Call Desk for Remote Workforce IT Consultant
    Work from Home Solutions Onsite Technical Support

    Progent has 20 years of background assisting small and mid-size businesses to design, deploy, optimize, administer, and troubleshoot IT networks that incorporate telecommuters.

  • Boston Spora Crypto-Ransomware Remediation Boston Boston Spora Ransomware Business Recovery
  • Boston Urgent Ransomware Repair Help Boston Cambridge Top Boston 24x7x365 Crypto Repair Boston, MA, America
  • Boston Work at Home Employees Cybersecurity Solutions Consulting Boston, Suffolk County Boston At Home Workers Security Systems Consulting Boston
  • Boston, MA Remote Workers Boston Consulting Services - Collaboration Solutions Consulting At Home Workers Boston Assistance - Collaboration Technology Consultants Boston
  • CISA Certified Auditor Security Companies 24/7 CISA Certified Cybersecurity Audit Consultants
  • Cisco Consolidate New England Cisco Computer Support For Small Offices Boston, MA
  • Boston Crypto-Ransomware File-Recovery Boston, MA
  • Consultancy Boston-Middlesex County-Massachusetts Boston, Massachusetts Networking Firm
  • Consultant Juniper J Series Gateway Juniper J4350 Router Evaluation
  • Consultant NetApp MetroCluster Synchronous Replication Consultants NetApp Disaster Recovery
  • DNA Center Support Services 8540 wireless controller Remote Technical Support
  • Data Center Colocation Computer Support Consultants New England Designers Colo Boston, Suffolk County
  • Engineer Nagios for Linux Linux Network Monitoring Consulting

  • Microsoft Hyper-V 3.0 Server Consolidation Computer Consultants
    MS Virtual Server Administration Website Help and Support

    Progent's certified consultants can help you analyze the possible benefits of Hyper-V-based virtualization for your business, conduct pilot installations to verify Hyper-V's operation with your line-of-business applications, evaluate your network architecture for smooth performance with virtual server solutions, assist you in migrating to Microsoft Windows Server 2008 and configuring Hyper-V, educate your IT staff to track and administer Hyper-V, offer world-class consulting help for enhancing the security of your virtual machines, design and test business continuity procedures that maximize system uptime, and deliver continuing consulting and technical support including low-cost online troubleshooting and turn-key Help Desk outsourcing.

  • Exchange 2010 Planning On-site Technical Support Microsoft Certified Expert Exchange 2010 Setup and Support
  • GIAC Evaluation GIAC Certified Information Assurance Technical Support
  • Largest Boston Ryuk Crypto-Ransomware Malware System-Restore Case Study Boston Boston Boston NotPetya Crypto-Ransomware Business-Recovery
  • MS Dynamics GP Dealer - Boston - Upgrades Experts Dynamics GP-Software Vender - Boston - Recovery Consultant Boston, U.S.A.
  • Macintosh OS X Computer Engineer Macintosh OSX Computer Consultant
  • Microsoft 365 and Apple iOS Network Engineer Technical Consultant Microsoft 365 Gmail migration

  • Remote Support Exchange 2016 Mailbox migration
    Computer Consultants Exchange 2016 Outlook on the web

    Progent can assist your business in any and all phases of your upgrade to Microsoft Exchange 2016 such as designing HA architecture for an on-premises, cloud-based or hybrid environment; CAL licensing requirements for Exchange 2016 Server and Windows Server 2012 R2 or later; moving mailboxes; Hyper-V virtualization design; specifying mass storage requirements for your virtual machines (VMs), mailbox databases and logs; configuring hardware load balancing (HLB) for high-availability CAS services; designing, setting up and validating Exchange and Windows Servers and DAG groups; integration with SharePoint; updating the firewall; resolving SSL issues; performing client remediation with Office desktop or Microsoft 365; and configuring Outlook on the web (formerly Outlook Web App).

  • Microsoft Exchange Security Consulting Companies New England Exchange Server 2019 IT Support Boston, MA

  • Example Application Building to Building Wireless
    Proxim Tsunami Wireless Case Studies

    Progent delivered a wireless networking solution that enabled a school to increase efficiency and eliminate the ongoing costs of a dedicated link. Progent proposed a Proxim Tsunami wireless 60Mbps bridge. The low-cost building-to-building Proxim bridge is designed for connecting separate locations up to 2.5 miles apart and can extend to even longer distances. This wireless alternative offered better performance and dependability than recourse to amplifying the 802.11b network, and since it uses the 5.8Ghz spectrum it offered protection against outside interference.

  • Microsoft Office Small Business IT Consulting Group 24x7 Microsoft Office 2003 Small Business Network Consulting Firm
  • Microsoft Remote Consultant Job Openings Biggest Microsoft Certified Remote Support Work From Home Job Boston, MA, United States
  • Microsoft SQL 2008 Network Architect Boston SQL Server 2014 Software Consulting
  • New England Urgent Offsite Workforce Boston Assistance - VoIP Solutions Guidance Boston Telecommuters VoIP Systems Consultants Boston
  • Non-stop Internet Access Online Troubleshooting CCIE Expert Certified Fault Tolerant BGP Integration Support
  • Urgent Boston Phobos Ransomware Removal Boston Massachusetts
  • Offsite Workforce Boston Assistance - Integration Guidance Boston, Suffolk County Boston Cambridge Open Now Telecommuters Assistance - Boston - Integration Solutions Consulting and Support Services
  • On-site Technical Support System Center 2016 Virtual Machine Manager After Hours System Center 2016 Security and Compliance Consulting
  • Online Support MS CRM MSCRM Computer Consultant

  • Great Plains Support
    Dynamics GP Great Plains Accounting Outsourcing

    Progentís Microsoft certified experts provide a variety of consulting services for Dynamics GP (formerly Great Plains). Dynamics GP is a financial and ERP solution based, like all Microsoft accounting solutions, on the expandable and popular foundation of Microsoft Windows technology. Dynamics GP provides an affordable solution for controlling and combining finances, e-commerce, supply chain, manufacturing, project accounting, on-site support, and human resources. Dynamics GP is simple to deploy and configure, and with its segmented design you are able to purchase only the capability you currently need, with the ability to expand clients and increase capabilities when necessary. Progentís Dynamics GP/Great Plains support experts can help you deploy, customize and administer the latest release of Microsoft Dynamics GP or migrate smoothly from an earlier edition.

  • Proxim Wireless Case Study Proxim Tsunami Wireless Case Study
  • Remote Workers Boston Consultants - Video Conferencing Systems Consulting Experts Boston, Suffolk County Boston Massachusetts Boston At Home Workers Video Conferencing Technology Consulting Services
  • Boston Crypto-Ransomware Mitigation Boston Cambridge
  • Remote Workers Boston Guidance - Setup Expertise Boston Cambridge Boston Remote Workers Integration Consulting Services Boston Massachusetts
  • SQL Server 2017 Graph Configuration Microsoft SQL Server 2017 IT Consultant

  • Postini Technology Consulting Services
    Anti-Spam Help and Support

    E-Mail Guard from Postini provides constantly upgraded spam and virus blocking, content filtering, and protection from e-mail-borne DHA attacks and DSA attacks. Progent is a Postini partner and service specialist. If your organization is too small to purchase for a standard Postini license, you can still get access to Postiniís Perimeter Manager technology through Progentís E-Mail Guard spam filtering and virus defense aggregation offering. Progentís certified email protection professionals can show you how to devise an email security strategy that includes spam filtering and anti-virus products and policies.

  • Security Network Security Testing Boston, MA Firewall Security Audit Services Boston, Suffolk County
  • SharePoint 2019 Communication Sites Setup and Support Support and Help SharePoint 2019 Information Rights Management
  • Solaris Specialists Solaris Professionals
  • Supplemetary IT Staffing for Network Support Organizations Boston Cambridge Boston Cambridge 24-7 Temporary Network Support Staffing Support Services Consulting Experts
  • Teleworkers Expertise - Boston - Backup/Recovery Systems Consulting Experts Boston Massachusetts Boston Work at Home Employees Backup/Recovery Technology Consulting and Support Services
  • Top Ranked Boston Maze Ransomware Cleanup Boston Crypto-Ransomware Recovery

  • Internal Network Security Inventory Consulting
    Top Ranked Internal Network Security Scan Professional

    Progent has put together two ultra-affordable service packages designed to enable small businesses to receive an independent network security assessment from a premier security consultant. With Progent's External Security Inventory Checkup, a security expert administers an extensive test of your IT infrastructure from outside your company firewall to uncover potential risks in the security profile you expose to the public. With Progent's Internal Security Inventory Checkup, an engineer executes a network scan from a secure machine within your company firewall to uncover vulnerabilities to inside assaults. Both security inventory services are set up and executed from a protected external site.

  • Urgent Infor SyteLine CloudSuite Migration Consulting Services Infor SyteLine CloudSuite Account Receivable Consultant Services
  • Urgent Windows 2008 Server Computer Consultant Boston, Suffolk County, United States Boston Massachusetts Windows Network System Support Consultant
  • Windows Server 2012R2 Clustering Consulting MCSE Expert Certified Windows Server 2012 R2 Configuration Manager Setup and Support
  • iPhone 5 Consultant Services Apple iCloud Information Technology Consulting

  • © 2002-2022 Progent Corporation. All rights reserved.