Ransomware : Your Feared IT Nightmare
Crypto-Ransomware  Remediation ConsultantsRansomware has become an escalating cyberplague that presents an extinction-level danger for organizations poorly prepared for an attack. Versions of ransomware like the Reveton, Fusob, Locky, Syskey and MongoLock cryptoworms have been circulating for a long time and continue to cause destruction. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, plus daily unnamed viruses, not only encrypt on-line information but also infect any configured system protection mechanisms. Information replicated to off-site disaster recovery sites can also be rendered useless. In a poorly designed system, this can make automatic recovery impossible and basically sets the entire system back to square one.

Retrieving programs and information following a ransomware outage becomes a race against the clock as the targeted business struggles to contain the damage and remove the ransomware and to resume mission-critical operations. Since crypto-ransomware needs time to replicate, assaults are usually sprung on weekends, when successful penetrations typically take more time to recognize. This compounds the difficulty of quickly mobilizing and orchestrating a capable response team.

Progent makes available a variety of solutions for securing Boston businesses from ransomware attacks. These include team education to become familiar with and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based cyberthreat defense to detect and extinguish day-zero malware attacks. Progent also offers the assistance of veteran crypto-ransomware recovery consultants with the skills and perseverance to reconstruct a breached network as quickly as possible.

Progent's Ransomware Restoration Services
Soon after a crypto-ransomware event, paying the ransom demands in Bitcoin cryptocurrency does not provide any assurance that distant criminals will return the needed keys to decipher any of your files. Kaspersky ascertained that 17% of ransomware victims never restored their files even after having paid the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the usual ransomware demands, which ZDNET determined to be around $13,000 for smaller businesses. The alternative is to piece back together the essential components of your Information Technology environment. Absent access to full information backups, this calls for a wide complement of skill sets, top notch team management, and the capability to work continuously until the job is finished.

For twenty years, Progent has offered certified expert IT services for businesses throughout the United States and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have earned top certifications in foundation technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent also has experience with financial management and ERP application software. This breadth of experience affords Progent the ability to efficiently ascertain necessary systems and consolidate the surviving pieces of your computer network environment following a ransomware attack and configure them into a functioning network.

Progent's recovery group utilizes powerful project management tools to orchestrate the complex recovery process. Progent understands the urgency of acting rapidly and in concert with a customer's management and Information Technology resources to prioritize tasks and to put critical applications back online as fast as humanly possible.

Customer Story: A Successful Ransomware Virus Recovery
A client contacted Progent after their organization was penetrated by the Ryuk crypto-ransomware. Ryuk is thought to have been deployed by North Korean state cybercriminals, possibly using techniques exposed from the United States National Security Agency. Ryuk goes after specific businesses with little ability to sustain operational disruption and is one of the most profitable versions of ransomware malware. Major organizations include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing company headquartered in Chicago and has around 500 employees. The Ryuk intrusion had brought down all company operations and manufacturing processes. Most of the client's information backups had been directly accessible at the time of the attack and were destroyed. The client was pursuing financing for paying the ransom demand (in excess of two hundred thousand dollars) and praying for the best, but in the end brought in Progent.


"I cannot tell you enough about the expertise Progent gave us throughout the most critical period of (our) company's existence. We had little choice but to pay the criminal gangs if not for the confidence the Progent team provided us. The fact that you were able to get our e-mail system and essential servers back sooner than seven days was incredible. Each consultant I talked with or communicated with at Progent was urgently focused on getting us working again and was working at all hours on our behalf."

Progent worked with the customer to quickly determine and assign priority to the mission critical areas that had to be restored to make it possible to resume departmental functions:

  • Active Directory
  • E-Mail
  • Financials/MRP
To begin, Progent followed Anti-virus event mitigation industry best practices by stopping lateral movement and clearing infected systems. Progent then initiated the steps of rebuilding Windows Active Directory, the heart of enterprise systems built upon Microsoft Windows Server technology. Microsoft Exchange Server messaging will not operate without Active Directory, and the client's accounting and MRP software utilized Microsoft SQL Server, which requires Active Directory for authentication to the database.

Within two days, Progent was able to re-build Active Directory to its pre-attack state. Progent then initiated reinstallations and storage recovery on needed servers. All Microsoft Exchange Server data and configuration information were intact, which greatly helped the restore of Exchange. Progent was also able to locate non-encrypted OST data files (Microsoft Outlook Offline Folder Files) on user desktop computers and laptops to recover email data. A recent offline backup of the businesses manufacturing software made them able to restore these required services back online for users. Although significant work was left to recover totally from the Ryuk event, essential systems were returned to operations rapidly:


"For the most part, the assembly line operation never missed a beat and we produced all customer deliverables."

Throughout the following couple of weeks important milestones in the recovery process were made in close cooperation between Progent consultants and the customer:

  • Self-hosted web sites were brought back up without losing any data.
  • The MailStore Microsoft Exchange Server with over four million archived messages was brought online and available for users.
  • CRM/Product Ordering/Invoicing/AP/AR/Inventory Control modules were fully operational.
  • A new Palo Alto 850 security appliance was deployed.
  • 90% of the desktop computers were functioning as before the incident.

"A lot of what was accomplished that first week is nearly entirely a fog for me, but our team will not soon forget the countless hours each of your team put in to give us our business back. I've been working with Progent for the past 10 years, possibly more, and each time Progent has shined and delivered. This situation was a Herculean accomplishment."

Conclusion
A possible business catastrophe was averted with dedicated experts, a wide range of subject matter expertise, and close teamwork. Although in hindsight the crypto-ransomware penetration detailed here would have been prevented with up-to-date cyber security technology solutions and NIST Cybersecurity Framework best practices, team training, and well thought out security procedures for information protection and keeping systems up to date with security patches, the fact is that government-sponsored hackers from China, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a crypto-ransomware incident, feel confident that Progent's team of experts has substantial experience in ransomware virus defense, remediation, and information systems disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Jesse, Arnaud, Allen, Tony and Chris (along with others who were contributing), thanks very much for letting me get rested after we got over the most critical parts. Everyone did an amazing job, and if any of your team is in the Chicago area, a great meal is my treat!"

Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Services in Boston
For ransomware recovery consulting in the Boston area, phone Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24/7 Remote Consulting Microsoft Windows 7 Evaluation Windows 7 Integration Technology Consulting Services

  • CISSP Certified Security Analyst Consult
    Largest Consult CISSP Certified Security Analyst

    Progent's CISSP-premier cybersecurity experts can assist organizations of all sizes with any aspect of information system security. Progent can create cost-effective security solutions that protect a small office against modern malware attacks or Progent can design, configure, and monitor a comprehensive security environment for hybrid networks that support onsite, online, and mobile users sharing network resources spread over a mix of physical datacenters and public and private clouds.

  • Boston Ransomware Data-Recovery Boston Massachusetts, United States
  • 24/7/365 Consultant client credential management ProSight client credential management Consulting Services

  • CISM Security Security Amazon MWS integration Developer Firm
    Development Company Amazon Marketplace Web Service development

    Amazon Marketplace Web Service is a library of APIs that enables Amazon sellers to improve the efficiency of their operations by automating key sales functions including listings, orders, shipments, inbound and outbound fulfillment, and finances. By leveraging Amazon's vast online ecosystem and automating their sales processes, vendors can broaden their reach, reduce their cost of sales, improve reaction time to customers, and add to their profits. Progent's Amazon Marketplace Web Service (Amazon MWS) developers can collaborate with your development staff and provide application programming, workflow integration, project management support, and training to help you cut development time and costs and expedite your ROI.

  • 24/7/365 Remote Workforce Consulting Experts nearby Boston - Collaboration Solutions Consulting Boston Massachusetts Boston, Suffolk County Work from Home Employees Consulting - Boston - Collaboration Technology Consulting and Support Services
  • After Hours IT Consultants Slackware Linux, Solaris, UNIX Boston Cambridge Ubuntu Linux, Sun Solaris, UNIX Setup and Support Boston Massachusetts
  • Urgent Boston Sodinokibi Crypto-Ransomware Repair Boston
  • At Home Workers Consulting Experts near me in Boston - Cybersecurity Solutions Guidance Boston, MA Boston Cambridge Emergency Telecommuters Boston Consultants - Cybersecurity Solutions Consulting Services
  • At Home Workers Security Online Consulting Work at Home Security Network Consultants
  • BlackBerry Redirector Network Management Services After Hours BlackBerry BES Server Network Support Consultants Boston, Suffolk County
  • Boston Avaddon Ransomware Settlement Negotiation Experts Boston, Suffolk County Boston, MA Boston Avaddon Crypto-Ransomware Settlement Expertise
  • Boston Cambridge SQL Server 2014 Network Consulting Services Microsoft SQL 2014 Information Technology Manager
  • Boston Dharma Ransomware Operational-Recovery Boston Massachusetts Boston Ransomware File-Recovery Boston Massachusetts

  • Check Point Firewalls Audit
    Check Point UTM-1 Edge Security Services

    Progent's Check Point Software firewall consultants can help you plan, deploy, and manage firewall environments built around Check Point Next Generation firewalls and Check Point's subscription-based SandBlast security services. Progent can also help you support older Check Point firewalls or migrate efficiently to Check Point's next-generation security gateways.

  • Boston DopplePaymer Crypto-Ransomware System-Rebuild Boston Cambridge Boston Locky Crypto-Ransomware Operational Recovery Boston, Suffolk County
  • Boston Emergency CryptoLocker Cleanup Consulting Boston Massachusetts Immediate Boston Crypto Remediation Boston, MA
  • Boston Offsite Workforce Help Desk Call Center Outsourcing Consultants New England Offsite Workforce Boston Assistance - Call Desk Solutions Expertise Boston Cambridge
  • Boston Ransomware Netwalker Readiness Checkup Boston Massachusetts, United States Boston Massachusetts Boston Ransomware Lockbit Vulnerability Evaluation
  • Boston Remote Workers Video Conferencing Solutions Expertise Boston Boston Work at Home Employees Boston Consulting and Support Services - Conferencing Systems Consulting Services
  • Boston Spora Ransomware Cleanup New England New England Boston Phobos Ransomware System-Rebuild
  • Boston Supplemetary IT Staffing Support Services Boston Massachusetts Temporary IT Support Staffing Support Services Consulting Boston, Suffolk County
  • Boston, Suffolk County Boston Offsite Workforce Integration Consulting Services Boston Teleworkers Setup Consultants Boston, Suffolk County
  • Boston, Suffolk County Immediate Boston Conti Ransomware Forensics Analysis After Hours Boston Ryuk Crypto-Ransomware Incident Reporting Boston, Suffolk County
  • Boston, Suffolk County Offsite Workforce Expertise near Boston - Cloud Technology Assistance Teleworkers Boston Consultants - Cloud Technology Consulting Services Boston, MA

  • Amazon AWS hybrid cloud solutions Development Firms
    Top Rated Development Companies Amazon AWS enterprise hybrid cloud solutions

    Progent can provide affordable remote consulting to help businesses to access Amazon Web Services (AWS) cloud services including Elastic Compute Cloud (EC2) for virtual machine hosting, Amazon S3, and Amazon Glacier. Progent can help you with every phase of Amazon AWS integration including needs analysis, preparedness assessment, system design and review, testing, deployment, centralized administration, performance tuning, licensing management, disaster recovery solutions, and security and compliance.

  • Boston, Suffolk County Top Data Center Colo Networking Company Boston, MA Outsourcing Companies Hosting
  • Boston, MA Technical Support Firm Small Business IT Consulting Boston
  • Cisco Implementation Consulting Companies Boston, MA, United States Best Cisco Installation Boston

  • Microsoft Azure VPN configuration Reporting
    Microsoft Azure AD configuration Programming Firm

    Progent's consultants can help you with every phase of Azure cloud migration such as needs definition, readiness assessment, system architecture, pre-production testing, implementation, automated administration, performance optimization, license controls, disaster recovery strategies, security planning, and compliance validation. Progent can help you to set up and debug firewall appliances and VPN connections so that your clients can securely access to Azure-based services, and Progent's Microsoft-certified consulting experts can help you integrate key Microsoft technologies to work in the cloud including Windows Server, Exchange Server, SQL and Skype for Business. Progent can also help you to create a hybrid cloud ecosystem that transparently integrates physical datacenters with Azure-based services.

  • Consultant Services Duo Zero Trust Security Top Ranked Two-factor Authentication (2FA) Support and Setup
  • Crystal Programmer Visual Basic Development Companies
  • Dynamics GP (Great Plains) Boston Dealer - Reporting Consultants Boston, Suffolk County New England Microsoft Dynamics GP-Great Plains Partner near me in Boston - Installation Consulting
  • Emergency At Home Workforce Consulting Services near Boston - Integration Expertise Boston Offsite Workforce Consulting Services near Boston - Solutions Assistance Boston, MA
  • Expertise for Boston IT Support Providers New England Boston, MA Consulting Expertise for Boston Network Support Companies
  • Forefront Threat Management Gateway Network Security Evaluation Security Firms Forefront Threat Management Gateway
  • Information Technology Outsourcing Microsoft Windows Server 2016 New England Microsoft Windows Server 2016 Support Consultants Boston, Suffolk County

  • Immediate Citrix XenCenter Consultant
    Citrix Server Management Consult

    Progent's Citrix-authorized consultants can help you to evaluate the business benefits of XenServer and other Citrix platforms, and can assist you to design, test, execute, troubleshoot, and support a XenServer solution. Progent can also assess your existing XenServer environment and show you how to enhance consolidation, responsiveness, security and compliance, availability, and disaster recovery.

  • Installer Microsoft Exchange 2010 Boston Massachusetts Microsoft Exchange Information Technology Outsourcing Firm Boston Cambridge

  • Urgent Endpoint Monitoring and Reporting Professionals
    ProSight Patch Management Consultant Services

    ProSight LAN Watch is Progent's server and endpoint remote monitoring managed service that uses state-of-the-art remote monitoring and management (RMM) technology to help keep your network running at peak levels by tracking the state of vital assets that drive your information system. When ProSight LAN Watch detects an issue, an alert is transmitted automatically to your specified IT personnel and your assigned Progent engineering consultant so that all looming issues can be resolved before they have a chance to disrupt productivity.

  • Microsoft Certified Expert Monitoring and Reporting Support and Integration System Center MOM Engineer
  • Microsoft Expert Boston-Suffolk County Migrations Boston, MA Computer Outsourcing

  • Windows and Solaris Support and Setup
    Online Help Windows and Solaris

    If your business operates a UNIX or Linux network or a mixed-platform IT environment, Progent's CISA and CISM-premier security specialists can assist your whole enterprise in a broad range of security areas including security administration practices, security architecture and strategies, access control systems and techniques, software development security, business processes security, physical security, communications, infrastructure and web security, and workplace recovery planning. CISA and CISM define the core competencies and international standards of performance that information security managers are expected to possess. These certification offer executive management the assurance that consultants who have earned their CISM or ISSAP qualification have the experience and knowledge to offer effective security support and consulting services.

  • Microsoft MCTS Consulting Openings Microsoft MCDBA Remote Engineer Job Openings Boston, MA
  • Microsoft Teams certificate management Consultants Top Ranked IT Consultants Microsoft Teams Migration from Skype for Business
  • NetBSD Providers OpenBSD Information Systems Firms
  • Offsite Workforce Consulting and Support Services near me in Boston - Management Systems Expertise Boston Teleworkers Boston Consulting - Management Tools Consultants Boston Cambridge
  • Outsourcing Technical Support Problem Escalation Through Teamwork Computer Consulting Microsoft Consulting Best Practices
  • Presence Awareness On-site Technical Support CISA Certified Security Expert Microsoft Office Communications Server 2007 Consultant Services

  • Egregor ransomware recovery Consult
    Specialist ransomware removal and file restore

    Progent's proven ransomware recovery experts can help you to restore a network damaged by a ransomware attack such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti or Nephilim.

  • Remote Support SharePoint Server 2013 Boston, MA Microsoft SharePoint Server 2007 Engineer Boston, MA
  • SQL Server 2016 Reporting Services Integration Services Open Now SQL Server 2016 Security Remote Support
  • SQL Server 2017 Consultant Services Setup and Support SQL Server Reporting Services
  • SQL Server 2017 Data Mining Computer Consulting Expert Microsoft Certified SQL Server 2017 Cybersecurity Information Technology Consulting
  • Security Consulting Firms Windows 8.1 Remote Desktop Windows 8 Engineer

  • Exchange 2010 Migration Engineers
    Exchange 2003 to Exchange 2010 Upgrade Professional

    Progent's Microsoft-certified consulting experts can help your organization to determine the benefits of Exchange 2010 for your business and can help you to plan and implement an efficient upgrade to Microsoft Exchange 2010 from Exchange Server 2003 or Exchange 2007 Server that will provide fast payback by improving your workers' efficiency, cutting the cost of hardware and support, streamlining administration, and consolidating your key communications technologies.

  • Security Security Firms Boston Boston, Suffolk County Security Security Audits
  • Boston Netwalker Crypto-Ransomware Recovery Boston Massachusetts
  • Slackware Linux Services Ubuntu Linux Consultant
  • Snatch Ransomware Hot Line Boston Massachusetts 24x7x365 Ransomware Removal and Data Restore

  • Amazon cloud integration Developer Firm
    Amazon AWS integration Developer Firms

    Progent can provide cost-effective remote support to help businesses of any size to integrate Amazon AWS cloud services such as Amazon EC2 for virtual server hosting, Amazon Simple Storage Service (Amazon S3) for expandable cloud storage, and Glacier for low-cost archival storage. Progent can assist your IT team with every phase of Amazon AWS integration including requirements analysis, readiness assessment, architectural design, pilot testing, configuration, administration, performance tuning, licensing management, backup/restore solutions, and security. Progent offers advanced expertise with firewall configuration and VPN technology and can show you how to create cloud-based or hybrid cloud environments that efficiently integrate Amazon AWS resources. Progent can provide occasional support to assist you to resolve technical roadblocks or Progent can provide project management outsourcing to help you move to the Amazon AWS cloud on schedule and within budget.

  • Technology Professional Virtual Server Technology Server Management Consultant Services
  • Telecommuters Boston Consulting Services - IP Voice Systems Assistance Boston Remote Workers Boston Consulting - IP Voice Technology Consulting and Support Services Boston
  • Boston Sodinokibi Crypto-Ransomware System-Restore
  • Windows Server 2022 Hybrid Configuration Technical Support Services Windows Server 2022 High Availability Specialists
  • Windows Server 2022 Secured-core server On-site Support Windows Server 2022 Windows Defender ATP Support and Integration
  • Word for Mac Support Services macOS and Windows Network Consultants
  • Work from Home Employees Assistance - Boston - Data Protection Solutions Consulting Services New England Boston Offsite Workforce Backup Solutions Consulting and Support Services New England

  • © 2002-2022 Progent Corporation. All rights reserved.