Ransomware : Your Feared Information Technology Disaster
Ransomware  Recovery ConsultantsRansomware has become an escalating cyberplague that poses an existential danger for businesses poorly prepared for an assault. Different iterations of ransomware such as Dharma, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been circulating for a long time and continue to cause harm. Modern strains of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti or Nephilim, plus additional as yet unnamed newcomers, not only encrypt on-line files but also infect any available system backup. Files synched to cloud environments can also be corrupted. In a poorly designed environment, this can render automatic restoration useless and effectively sets the datacenter back to square one.

Recovering programs and information after a ransomware intrusion becomes a sprint against the clock as the targeted business tries its best to contain the damage, eradicate the ransomware, and restore enterprise-critical operations. Because ransomware takes time to spread, assaults are often sprung on weekends, when attacks typically take more time to identify. This multiplies the difficulty of quickly assembling and orchestrating a qualified mitigation team.

Progent offers a range of solutions for securing enterprises from ransomware events. These include team member training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus installation of the latest generation security appliances with AI technology from SentinelOne to detect and disable day-zero cyber threats intelligently. Progent also provides the assistance of expert ransomware recovery professionals with the talent and perseverance to re-deploy a compromised system as urgently as possible.

Progent's Ransomware Recovery Help
After a ransomware invasion, even paying the ransom in cryptocurrency does not provide any assurance that merciless criminals will provide the needed codes to unencrypt all your data. Kaspersky Labs estimated that seventeen percent of ransomware victims never recovered their files even after having sent off the ransom, resulting in increased losses. The gamble is also very costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom demand can reach millions of dollars. The other path is to re-install the essential components of your IT environment. Absent the availability of complete information backups, this calls for a broad range of IT skills, top notch team management, and the willingness to work 24x7 until the task is finished.

For twenty years, Progent has offered professional Information Technology services for companies across the US and has achieved Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have been awarded top certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have garnered internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent in addition has experience in financial systems and ERP applications. This breadth of expertise affords Progent the capability to efficiently understand critical systems and organize the remaining parts of your Information Technology system after a crypto-ransomware event and assemble them into an operational system.

Progent's recovery team of experts uses state-of-the-art project management systems to coordinate the complex recovery process. Progent appreciates the importance of working swiftly and together with a customer's management and IT resources to assign priority to tasks and to get critical services back on line as fast as humanly possible.

Case Study: A Successful Ransomware Attack Response
A small business sought out Progent after their company was attacked by Ryuk crypto-ransomware. Ryuk is thought to have been launched by Northern Korean state hackers, suspected of adopting strategies leaked from America's NSA organization. Ryuk seeks specific businesses with little room for operational disruption and is one of the most lucrative versions of ransomware. Major victims include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a regional manufacturing business based in Chicago and has around 500 staff members. The Ryuk penetration had disabled all business operations and manufacturing capabilities. Most of the client's data backups had been directly accessible at the beginning of the intrusion and were eventually encrypted. The client was actively seeking loans for paying the ransom demand (in excess of two hundred thousand dollars) and hoping for the best, but ultimately called Progent.


"I cannot say enough in regards to the expertise Progent provided us throughout the most fearful time of (our) businesses existence. We most likely would have paid the criminal gangs if it wasn't for the confidence the Progent experts provided us. That you were able to get our e-mail and key applications back into operation faster than a week was amazing. Each person I spoke to or communicated with at Progent was totally committed on getting our system up and was working non-stop to bail us out."

Progent worked hand in hand the client to rapidly identify and assign priority to the key elements that needed to be recovered in order to continue departmental operations:

  • Microsoft Active Directory
  • Email
  • Financials/MRP
To get going, Progent adhered to Anti-virus penetration response industry best practices by halting the spread and clearing infected systems. Progent then initiated the work of recovering Microsoft AD, the core of enterprise networks built upon Microsoft technology. Exchange email will not work without Active Directory, and the businesses' accounting and MRP software used Microsoft SQL Server, which needs Active Directory services for security authorization to the database.

In less than two days, Progent was able to recover Active Directory to its pre-intrusion state. Progent then completed rebuilding and storage recovery of key applications. All Exchange ties and configuration information were intact, which greatly helped the rebuild of Exchange. Progent was able to find non-encrypted OST files (Outlook Off-Line Folder Files) on team PCs to recover email information. A recent offline backup of the businesses financials/MRP software made them able to recover these required programs back available to users. Although major work was left to recover fully from the Ryuk virus, essential services were restored quickly:


"For the most part, the production operation never missed a beat and we did not miss any customer shipments."

During the next few weeks important milestones in the recovery project were accomplished in tight cooperation between Progent team members and the client:

  • Internal web applications were brought back up with no loss of data.
  • The MailStore Microsoft Exchange Server containing more than four million historical emails was restored to operations and accessible to users.
  • CRM/Product Ordering/Invoices/Accounts Payable (AP)/Accounts Receivables (AR)/Inventory functions were 100 percent functional.
  • A new Palo Alto 850 security appliance was brought online.
  • 90% of the user workstations were operational.

"A lot of what was accomplished those first few days is mostly a fog for me, but we will not soon forget the urgency each of you put in to give us our company back. I have entrusted Progent for the past ten years, possibly more, and each time Progent has come through and delivered. This time was the most impressive ever."

Conclusion
A possible company-ending disaster was evaded through the efforts of results-oriented experts, a wide spectrum of technical expertise, and tight collaboration. Although in analyzing the event afterwards the ransomware virus penetration detailed here could have been identified and disabled with advanced cyber security solutions and ISO/IEC 27001 best practices, user education, and appropriate security procedures for data protection and proper patching controls, the reality remains that government-sponsored hackers from Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incident, feel confident that Progent's team of professionals has substantial experience in crypto-ransomware virus defense, remediation, and data restoration.


"So, to Darrin, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were involved), thank you for allowing me to get some sleep after we made it past the initial push. All of you did an fabulous effort, and if anyone is around the Chicago area, a great meal is my treat!"

To review or download a PDF version of this customer story, click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Offered by Progent
Progent can provide businesses in Lubbock a portfolio of online monitoring and security assessment services designed to help you to reduce your vulnerability to ransomware. These services include modern AI technology to uncover new strains of ransomware that are able to escape detection by legacy signature-based anti-virus solutions.

  • ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) service that utilizes SentinelOne's next generation behavior analysis tools to defend physical and virtual endpoints against modern malware attacks such as ransomware and file-less exploits, which routinely escape traditional signature-based anti-virus products. ProSight ASM protects local and cloud-based resources and provides a unified platform to manage the complete malware attack lifecycle including filtering, identification, containment, remediation, and post-attack forensics. Top features include single-click rollback with Windows Volume Shadow Copy Service and real-time system-wide immunization against new attacks. Progent is a SentinelOne Partner, dealer, and integrator. Learn more about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware recovery.

  • ProSight Enhanced Security Protection: Physical and Virtual Endpoint Protection and Exchange Email Filtering
    Progent's ProSight Enhanced Security Protection (ESP) managed services offer affordable in-depth security for physical servers and virtual machines, workstations, smartphones, and Microsoft Exchange. ProSight ESP utilizes contextual security and modern behavior analysis for continuously monitoring and reacting to security assaults from all attack vectors. ProSight ESP delivers two-way firewall protection, penetration alarms, endpoint management, and web filtering through cutting-edge technologies packaged within one agent accessible from a single console. Progent's data protection and virtualization consultants can assist your business to plan and configure a ProSight ESP environment that addresses your company's unique needs and that helps you prove compliance with government and industry information protection regulations. Progent will help you specify and implement policies that ProSight ESP will manage, and Progent will monitor your IT environment and react to alerts that call for urgent attention. Progent can also help you to install and verify a backup and disaster recovery system such as ProSight Data Protection Services (DPS) so you can recover quickly from a potentially disastrous cyber attack such as ransomware. Learn more about Progent's ProSight Enhanced Security Protection unified endpoint security and Microsoft Exchange filtering.

  • ProSight Data Protection Services: Backup and Recovery Services
    Progent has partnered with leading backup/restore software providers to produce ProSight Data Protection Services, a selection of subscription-based offerings that provide backup-as-a-service. ProSight DPS services manage and monitor your data backup operations and enable non-disruptive backup and rapid restoration of important files, applications, images, and Hyper-V and VMware virtual machines. ProSight DPS lets you recover from data loss caused by equipment breakdown, natural calamities, fire, malware such as ransomware, human error, malicious insiders, or application glitches. Managed services in the ProSight DPS product line include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup using Barracuda dedicated storage, and ProSight DPS MSP360 Hybrid Backup. Your Progent expert can assist you to determine which of these managed backup services are most appropriate for your network.

  • ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
    ProSight Email Guard is Progent's spam and virus filtering service that uses the infrastructure of leading data security vendors to provide centralized management and world-class protection for your inbound and outbound email. The powerful architecture of Email Guard combines cloud-based filtering with a local security gateway device to offer complete protection against spam, viruses, Denial of Service Attacks, DHAs, and other email-based threats. The Cloud Protection Layer serves as a first line of defense and blocks the vast majority of threats from reaching your network firewall. This reduces your vulnerability to external attacks and conserves network bandwidth and storage space. Email Guard's on-premises gateway appliance adds a further layer of analysis for inbound email. For outgoing email, the on-premises gateway offers anti-virus and anti-spam protection, DLP, and email encryption. The onsite gateway can also assist Microsoft Exchange Server to monitor and safeguard internal email traffic that stays within your security perimeter. For more details, visit ProSight Email Guard spam and content filtering.

  • ProSight WAN Watch: Infrastructure Remote Monitoring and Management
    Progent's ProSight WAN Watch is a network infrastructure management service that makes it easy and inexpensive for smaller organizations to map out, track, enhance and troubleshoot their networking hardware such as switches, firewalls, and load balancers as well as servers, printers, endpoints and other networked devices. Incorporating cutting-edge RMM technology, ProSight WAN Watch makes sure that network maps are kept updated, copies and displays the configuration information of virtually all devices connected to your network, tracks performance, and generates notices when problems are discovered. By automating tedious management and troubleshooting activities, ProSight WAN Watch can knock hours off common tasks like making network diagrams, reconfiguring your network, finding devices that require important updates, or isolating performance problems. Learn more details about ProSight WAN Watch infrastructure monitoring and management consulting.

  • ProSight LAN Watch: Server and Desktop Remote Monitoring
    ProSight LAN Watch is Progent's server and desktop remote monitoring managed service that incorporates state-of-the-art remote monitoring and management (RMM) techniques to keep your IT system operating at peak levels by tracking the state of vital computers that drive your business network. When ProSight LAN Watch detects an issue, an alert is sent automatically to your specified IT personnel and your assigned Progent consultant so that any looming issues can be addressed before they have a chance to disrupt your network. Learn more details about ProSight LAN Watch server and desktop remote monitoring consulting.

  • ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
    With Progent's ProSight Virtual Hosting service, a small organization can have its key servers and applications hosted in a protected fault tolerant data center on a high-performance virtual host set up and managed by Progent's network support professionals. Under Progent's ProSight Virtual Hosting model, the client retains ownership of the data, the OS software, and the apps. Since the system is virtualized, it can be moved immediately to a different hardware solution without requiring a time-consuming and technically risky reinstallation process. With ProSight Virtual Hosting, you are not tied one hosting provider. Find out more details about ProSight Virtual Hosting services.

  • ProSight IT Asset Management: Network Documentation Management
    Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to capture, maintain, find and safeguard information related to your network infrastructure, processes, business apps, and services. You can instantly find passwords or serial numbers and be alerted about impending expirations of SSLs ,domains or warranties. By cleaning up and organizing your IT infrastructure documentation, you can save up to half of time spent looking for critical information about your IT network. ProSight IT Asset Management includes a centralized location for storing and sharing all documents related to managing your business network such as standard operating procedures (SOPs) and How-To's. ProSight IT Asset Management also offers advanced automation for gathering and relating IT information. Whether you're planning enhancements, doing regular maintenance, or reacting to an emergency, ProSight IT Asset Management gets you the information you need when you need it. Learn more about ProSight IT Asset Management service.

  • Progent Active Defense Against Ransomware: Machine Learning-based Ransomware Identification and Cleanup
    Progent's Active Defense Against Ransomware is an endpoint protection solution that incorporates cutting edge behavior-based machine learning technology to guard endpoint devices as well as physical and virtual servers against new malware attacks like ransomware and email phishing, which routinely get by legacy signature-based anti-virus products. Progent Active Security Monitoring services protect on-premises and cloud-based resources and offers a unified platform to manage the complete malware attack lifecycle including blocking, identification, mitigation, remediation, and post-attack forensics. Key features include single-click rollback using Windows Volume Shadow Copy Service and real-time system-wide immunization against newly discovered attacks. Find out more about Progent's ransomware protection and recovery services.

  • Progent's Outsourced/Shared Service Desk: Help Desk Managed Services
    Progent's Help Center managed services enable your IT staff to offload Support Desk services to Progent or divide responsibilities for Help Desk services transparently between your internal network support team and Progent's extensive roster of certified IT service technicians, engineers and subject matter experts (SMEs). Progent's Shared Help Desk Service provides a smooth extension of your core IT support group. User access to the Help Desk, provision of technical assistance, issue escalation, trouble ticket generation and updates, efficiency metrics, and maintenance of the service database are cohesive whether incidents are taken care of by your internal network support organization, by Progent's team, or both. Read more about Progent's outsourced/co-managed Call Desk services.

  • Progent's Patch Management: Software/Firmware Update Management Services
    Progent's support services for software and firmware patch management provide businesses of all sizes a versatile and cost-effective solution for assessing, validating, scheduling, implementing, and tracking software and firmware updates to your dynamic information system. In addition to optimizing the protection and reliability of your IT environment, Progent's patch management services allow your IT staff to concentrate on more strategic initiatives and tasks that deliver the highest business value from your network. Read more about Progent's patch management services.

  • ProSight Duo Multi-Factor Authentication: ID Confirmation, Endpoint Remediation, and Secure Single Sign-on (SSO)
    Progent's Duo authentication service plans utilize Cisco's Duo cloud technology to defend against compromised passwords by using two-factor authentication. Duo supports single-tap identity confirmation with Apple iOS, Android, and other personal devices. Using Duo 2FA, whenever you log into a secured online account and give your password you are asked to confirm your identity on a device that only you possess and that uses a different network channel. A broad selection of out-of-band devices can be used for this added form of authentication such as an iPhone or Android or watch, a hardware/software token, a landline phone, etc. You may register multiple validation devices. To find out more about Duo identity validation services, see Duo MFA two-factor authentication services for access security.

  • ProSight Reporting: In-depth Reporting for Ticketing and Network Monitoring Platforms
    ProSight Reporting is an expanding line of in-depth management reporting tools created to integrate with the leading ticketing and remote network monitoring platforms including ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting incorporates Microsoft Graph and utilizes color coding to highlight and contextualize critical issues such as spotty support follow-up or endpoints with out-of-date AVs. By exposing ticketing or network health concerns clearly and in near-real time, ProSight Reporting improves productivity, reduces management overhead, and saves money. For details, visit ProSight Reporting for ticketing and network monitoring platforms.
For 24x7x365 Lubbock CryptoLocker Repair Experts, reach out to Progent at 800-462-8800 or go to Contact Progent.