Ransomware : Your Feared Information Technology Catastrophe
Ransomware  Recovery ExpertsRansomware has become an escalating cyberplague that represents an enterprise-level danger for organizations vulnerable to an attack. Versions of ransomware like the Dharma, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been replicating for years and still cause destruction. Modern strains of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch or Egregor, plus more as yet unnamed malware, not only encrypt online information but also infiltrate any available system backups. Information synchronized to the cloud can also be encrypted. In a poorly architected system, it can make any restoration useless and effectively knocks the datacenter back to zero.

Restoring programs and information after a crypto-ransomware outage becomes a sprint against time as the targeted organization tries its best to contain, cleanup the ransomware, and resume enterprise-critical activity. Due to the fact that crypto-ransomware requires time to spread, penetrations are often sprung during weekends and nights, when successful attacks typically take more time to detect. This compounds the difficulty of promptly assembling and orchestrating a capable response team.

Progent offers an assortment of solutions for protecting enterprises from ransomware events. These include user education to help recognize and avoid phishing scams, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of the latest generation security solutions with machine learning technology from SentinelOne to discover and disable zero-day cyber threats intelligently. Progent in addition offers the services of veteran ransomware recovery engineers with the talent and commitment to restore a compromised system as soon as possible.

Progent's Ransomware Recovery Help
After a ransomware invasion, even paying the ransom in cryptocurrency does not ensure that distant criminals will respond with the codes to unencrypt any of your files. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their data even after having paid the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger enterprises, the ransom can reach millions. The other path is to setup from scratch the key elements of your IT environment. Absent the availability of essential system backups, this calls for a broad range of skill sets, well-coordinated team management, and the willingness to work continuously until the recovery project is over.

For decades, Progent has offered expert Information Technology services for companies across the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have attained advanced industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security specialists have earned internationally-recognized certifications including CISM, CISSP-ISSAP, ISACA CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise with financial systems and ERP software solutions. This breadth of expertise affords Progent the ability to efficiently ascertain important systems and integrate the remaining components of your IT system after a ransomware attack and configure them into a functioning network.

Progent's security group utilizes top notch project management tools to orchestrate the sophisticated recovery process. Progent appreciates the urgency of acting rapidly and in unison with a customer's management and IT resources to prioritize tasks and to put the most important services back on-line as soon as humanly possible.

Customer Story: A Successful Ransomware Incident Response
A client hired Progent after their company was brought down by Ryuk ransomware. Ryuk is thought to have been deployed by North Korean state criminal gangs, suspected of using techniques exposed from America's NSA organization. Ryuk attacks specific businesses with little tolerance for operational disruption and is one of the most lucrative examples of ransomware malware. Major organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturing company based in Chicago with around 500 staff members. The Ryuk intrusion had shut down all business operations and manufacturing capabilities. Most of the client's information backups had been directly accessible at the time of the attack and were encrypted. The client was evaluating paying the ransom demand (exceeding $200,000) and hoping for the best, but in the end made the decision to use Progent.


"I cannot speak enough in regards to the support Progent gave us during the most critical period of (our) businesses survival. We may have had to pay the Hackers if it wasn't for the confidence the Progent team afforded us. That you could get our e-mail and important servers back on-line in less than five days was beyond my wildest dreams. Each expert I talked with or messaged at Progent was urgently focused on getting our system up and was working breakneck pace on our behalf."

Progent worked hand in hand the customer to rapidly get our arms around and assign priority to the essential elements that had to be restored in order to resume company functions:

  • Windows Active Directory
  • Microsoft Exchange
  • Accounting and Manufacturing Software
To begin, Progent adhered to ransomware incident response industry best practices by isolating and cleaning up infected systems. Progent then started the steps of bringing back online Active Directory, the foundation of enterprise systems built on Microsoft Windows technology. Microsoft Exchange Server messaging will not function without AD, and the businesses' accounting and MRP applications utilized SQL Server, which requires Windows AD for security authorization to the information.

Within 48 hours, Progent was able to restore Windows Active Directory to its pre-virus state. Progent then assisted with rebuilding and hard drive recovery of needed systems. All Microsoft Exchange Server ties and attributes were intact, which facilitated the rebuild of Exchange. Progent was able to find intact OST data files (Microsoft Outlook Off-Line Data Files) on team PCs in order to recover mail messages. A recent offline backup of the customer's accounting/MRP systems made them able to return these vital applications back servicing users. Although significant work was left to recover fully from the Ryuk virus, core systems were recovered quickly:


"For the most part, the production line operation survived unscathed and we did not miss any customer sales."

During the next month important milestones in the restoration project were accomplished through close collaboration between Progent team members and the customer:

  • Self-hosted web applications were restored with no loss of information.
  • The MailStore Exchange Server with over four million archived emails was brought online and accessible to users.
  • CRM/Orders/Invoicing/Accounts Payable/AR/Inventory capabilities were completely functional.
  • A new Palo Alto 850 firewall was installed.
  • Nearly all of the user PCs were operational.

"Much of what happened in the early hours is nearly entirely a haze for me, but I will not soon forget the dedication each and every one of the team accomplished to give us our business back. I have trusted Progent for the past ten years, maybe more, and every time I needed help Progent has come through and delivered as promised. This situation was a life saver."

Conclusion
A possible enterprise-killing catastrophe was averted through the efforts of dedicated professionals, a wide spectrum of subject matter expertise, and tight teamwork. Although in retrospect the ransomware virus incident detailed here should have been blocked with modern security systems and best practices, team education, and well thought out incident response procedures for backup and proper patching controls, the reality is that government-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware incursion, feel confident that Progent's roster of professionals has a proven track record in ransomware virus defense, removal, and file restoration.


"So, to Darrin, Matt, Aaron, Dan, Jesse, Arnaud, Allen, Tony and Chris (along with others who were helping), thank you for letting me get rested after we made it past the first week. All of you did an fabulous job, and if any of your guys is visiting the Chicago area, a great meal is on me!"

To read or download a PDF version of this customer story, click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Available from Progent
Progent offers businesses in Oakland a variety of remote monitoring and security assessment services to assist you to minimize your vulnerability to crypto-ransomware. These services incorporate next-generation artificial intelligence capability to detect zero-day strains of ransomware that are able to evade traditional signature-based security solutions.

  • ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
    ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates SentinelOne's next generation behavior-based machine learning technology to guard physical and virtual endpoints against new malware assaults such as ransomware and file-less exploits, which easily escape legacy signature-matching AV tools. ProSight ASM protects local and cloud resources and offers a unified platform to address the entire malware attack progression including filtering, detection, mitigation, remediation, and forensics. Top features include one-click rollback with Windows VSS and real-time system-wide immunization against new threats. Progent is a SentinelOne Partner, reseller, and integrator. Read more about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware recovery.

  • ProSight Enhanced Security Protection (ESP): Physical and Virtual Endpoint Protection and Exchange Email Filtering
    Progent's ProSight Enhanced Security Protection (ESP) services deliver economical in-depth protection for physical servers and VMs, desktops, mobile devices, and Exchange Server. ProSight ESP utilizes adaptive security and modern behavior analysis for round-the-clock monitoring and reacting to cyber assaults from all vectors. ProSight ESP delivers firewall protection, intrusion alarms, endpoint management, and web filtering via leading-edge tools packaged within one agent managed from a single control. Progent's data protection and virtualization experts can help your business to design and implement a ProSight ESP deployment that addresses your company's specific requirements and that helps you prove compliance with government and industry data security regulations. Progent will assist you specify and implement policies that ProSight ESP will enforce, and Progent will monitor your IT environment and react to alerts that call for urgent attention. Progent can also help your company to set up and test a backup and disaster recovery solution such as ProSight Data Protection Services (DPS) so you can get back in business quickly from a destructive security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection unified endpoint security and Microsoft Exchange email filtering.

  • ProSight Data Protection Services (DPS): Managed Backup and Disaster Recovery Services
    Progent has partnered with advanced backup technology providers to produce ProSight Data Protection Services (DPS), a portfolio of management outsourcing plans that deliver backup-as-a-service (BaaS). ProSight DPS services manage and monitor your data backup processes and enable non-disruptive backup and rapid restoration of vital files, applications, images, and Hyper-V and VMware virtual machines. ProSight DPS lets your business recover from data loss resulting from equipment breakdown, natural calamities, fire, cyber attacks like ransomware, human error, malicious insiders, or application glitches. Managed backup services in the ProSight DPS portfolio include ProSight Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup based on Barracuda dedicated hardware, and ProSight MSP360 Hybrid Backup. Your Progent service representative can help you to determine which of these managed services are most appropriate for your IT environment.

  • ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
    ProSight Email Guard is Progent's spam filtering and email encryption service that uses the technology of top data security vendors to provide centralized management and comprehensive security for all your email traffic. The hybrid architecture of Email Guard integrates cloud-based filtering with a local security gateway appliance to offer complete defense against spam, viruses, Denial of Service Attacks, DHAs, and other email-based malware. Email Guard's Cloud Protection Layer serves as a first line of defense and blocks the vast majority of threats from reaching your security perimeter. This decreases your vulnerability to inbound threats and saves system bandwidth and storage. Email Guard's onsite security gateway appliance provides a deeper layer of inspection for inbound email. For outbound email, the local gateway offers anti-virus and anti-spam filtering, policy-based Data Loss Prevention, and email encryption. The onsite gateway can also help Exchange Server to track and safeguard internal email that originates and ends inside your corporate firewall. For more information, see Email Guard spam and content filtering.

  • ProSight WAN Watch: Network Infrastructure Management
    Progent's ProSight WAN Watch is an infrastructure management service that makes it simple and inexpensive for small and mid-sized organizations to diagram, track, enhance and troubleshoot their connectivity appliances such as switches, firewalls, and load balancers as well as servers, printers, endpoints and other devices. Using cutting-edge Remote Monitoring and Management (RMM) technology, ProSight WAN Watch ensures that infrastructure topology diagrams are always current, captures and displays the configuration of virtually all devices on your network, tracks performance, and generates alerts when issues are discovered. By automating complex management and troubleshooting processes, ProSight WAN Watch can knock hours off common chores such as making network diagrams, expanding your network, locating appliances that require critical updates, or resolving performance issues. Find out more details about ProSight WAN Watch infrastructure monitoring and management services.

  • ProSight LAN Watch: Server and Desktop Monitoring
    ProSight LAN Watch is Progent's server and desktop remote monitoring managed service that uses state-of-the-art remote monitoring and management techniques to keep your network running at peak levels by checking the health of vital computers that power your business network. When ProSight LAN Watch uncovers a problem, an alarm is sent automatically to your designated IT staff and your Progent engineering consultant so that any looming problems can be addressed before they have a chance to impact productivity. Find out more details about ProSight LAN Watch server and desktop monitoring consulting.

  • ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
    With ProSight Virtual Hosting service, a small or mid-size organization can have its critical servers and applications hosted in a secure fault tolerant data center on a fast virtual host configured and maintained by Progent's network support professionals. With the ProSight Virtual Hosting service model, the client retains ownership of the data, the operating system software, and the applications. Because the system is virtualized, it can be ported immediately to an alternate hosting solution without requiring a time-consuming and technically risky configuration procedure. With ProSight Virtual Hosting, you are not locked into a single hosting service. Learn more details about ProSight Virtual Hosting services.

  • ProSight IT Asset Management: Network Documentation Management
    Progent's ProSight IT Asset Management service is an IT infrastructure documentation management service that allows you to capture, update, find and safeguard data about your network infrastructure, procedures, applications, and services. You can quickly locate passwords or serial numbers and be alerted about impending expirations of SSLs or warranties. By updating and organizing your IT documentation, you can eliminate up to 50% of time spent looking for critical information about your network. ProSight IT Asset Management includes a common location for storing and collaborating on all documents required for managing your business network like recommended procedures and How-To's. ProSight IT Asset Management also offers advanced automation for collecting and relating IT information. Whether you're making enhancements, performing regular maintenance, or reacting to an emergency, ProSight IT Asset Management gets you the information you require as soon as you need it. Read more about Progent's ProSight IT Asset Management service.

  • Progent Active Defense Against Ransomware: AI-based Ransomware Detection and Cleanup
    Progent's Active Protection Against Ransomware is an endpoint protection (EPP) service that utilizes cutting edge behavior analysis technology to guard endpoint devices as well as servers and VMs against modern malware assaults such as ransomware and email phishing, which easily escape traditional signature-matching anti-virus products. Progent Active Security Monitoring services safeguard on-premises and cloud resources and provides a single platform to manage the entire malware attack progression including blocking, detection, containment, cleanup, and post-attack forensics. Top capabilities include single-click rollback using Windows Volume Shadow Copy Service (VSS) and real-time network-wide immunization against newly discovered attacks. Find out more about Progent's ransomware protection and recovery services.

  • Progent's Outsourced/Shared Service Center: Support Desk Managed Services
    Progent's Help Desk managed services allow your IT staff to outsource Call Center services to Progent or split responsibilities for support services transparently between your in-house support resources and Progent's extensive pool of IT service engineers and subject matter experts (SMEs). Progent's Co-managed Service Desk offers a seamless supplement to your corporate IT support organization. User interaction with the Help Desk, provision of support, problem escalation, ticket generation and updates, efficiency metrics, and maintenance of the service database are consistent whether issues are resolved by your in-house IT support staff, by Progent, or a mix of the two. Find out more about Progent's outsourced/shared Help Desk services.

  • Progent's Patch Management: Patch Management Services
    Progent's managed services for patch management offer organizations of all sizes a flexible and cost-effective solution for evaluating, validating, scheduling, applying, and tracking updates to your ever-evolving IT system. Besides optimizing the protection and functionality of your IT environment, Progent's patch management services allow your IT team to focus on more strategic initiatives and activities that derive the highest business value from your network. Learn more about Progent's software/firmware update management services.

  • ProSight Duo Multi-Factor Authentication: Access Security, Endpoint Policy Enforcement, and Secure Single Sign-on (SSO)
    Progent's Duo MFA services utilize Cisco's Duo technology to protect against stolen passwords through the use of two-factor authentication. Duo supports one-tap identity verification with Apple iOS, Google Android, and other personal devices. Using Duo 2FA, when you log into a secured application and give your password you are requested to verify your identity via a unit that only you possess and that is accessed using a separate network channel. A wide selection of out-of-band devices can be used for this second form of authentication including an iPhone or Android or wearable, a hardware token, a landline phone, etc. You can register several verification devices. For details about ProSight Duo two-factor identity authentication services, visit Cisco Duo MFA two-factor authentication (2FA) services.

  • ProSight Reporting: Real-time and In-depth Reporting for Ticketing and Network Monitoring Applications
    ProSight Reporting is an expanding line of real-time and in-depth management reporting plug-ins designed to integrate with the top ticketing and network monitoring platforms such as ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting incorporates Microsoft Graph and utilizes color coding to highlight and contextualize key issues like spotty support follow-through or endpoints with missing patches. By exposing ticketing or network health problems clearly and in near-real time, ProSight Reporting enhances productivity, lowers management hassle, and saves money. For details, visit ProSight Reporting for ticketing and network monitoring platforms.
For 24x7 Oakland Crypto-Ransomware Removal Support Services, call Progent at 800-462-8800 or go to Contact Progent.