Ransomware : Your Crippling Information Technology Nightmare
Crypto-Ransomware  Recovery ConsultantsCrypto-Ransomware has become a modern cyber pandemic that poses an existential threat for organizations vulnerable to an assault. Versions of ransomware like the CrySIS, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been around for many years and continue to cause harm. More recent versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch or Nephilim, as well as more as yet unnamed viruses, not only do encryption of on-line files but also infiltrate any accessible system backups. Information replicated to cloud environments can also be ransomed. In a poorly designed data protection solution, it can make any restoration impossible and effectively knocks the datacenter back to zero.

Retrieving applications and information after a ransomware attack becomes a race against the clock as the targeted business struggles to contain and cleanup the crypto-ransomware and to restore enterprise-critical operations. Due to the fact that crypto-ransomware takes time to replicate, attacks are frequently launched on weekends, when successful attacks in many cases take longer to uncover. This multiplies the difficulty of quickly marshalling and organizing an experienced response team.

Progent makes available a variety of solutions for protecting organizations from ransomware events. These include staff training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus setup and configuration of next-generation security appliances with artificial intelligence technology to quickly identify and extinguish day-zero cyber attacks. Progent also offers the services of veteran ransomware recovery consultants with the talent and commitment to re-deploy a breached network as soon as possible.

Progent's Ransomware Recovery Help
After a crypto-ransomware event, paying the ransom demands in Bitcoin cryptocurrency does not provide any assurance that cyber hackers will provide the needed keys to unencrypt all your information. Kaspersky estimated that seventeen percent of ransomware victims never recovered their data after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the average ransomware demands, which ZDNET averages to be around $13,000. The alternative is to piece back together the critical elements of your IT environment. Absent the availability of full information backups, this requires a broad complement of IT skills, top notch team management, and the ability to work non-stop until the recovery project is finished.

For decades, Progent has offered professional IT services for businesses in Allentown and throughout the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have been awarded advanced industry certifications in key technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally-recognized industry certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has expertise with accounting and ERP application software. This breadth of expertise affords Progent the skills to rapidly ascertain important systems and organize the surviving parts of your network system following a ransomware attack and configure them into a functioning system.

Progent's recovery team deploys powerful project management systems to orchestrate the complex restoration process. Progent knows the urgency of acting quickly and together with a client's management and Information Technology staff to assign priority to tasks and to get critical systems back on line as fast as humanly possible.

Customer Story: A Successful Ransomware Penetration Restoration
A business hired Progent after their company was brought down by the Ryuk ransomware. Ryuk is thought to have been launched by North Korean state sponsored hackers, possibly using algorithms exposed from the United States National Security Agency. Ryuk targets specific organizations with little or no room for disruption and is one of the most lucrative versions of ransomware malware. Headline organizations include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturer located in the Chicago metro area with about 500 staff members. The Ryuk penetration had brought down all company operations and manufacturing capabilities. Most of the client's backups had been directly accessible at the time of the attack and were damaged. The client was pursuing financing for paying the ransom demand (in excess of two hundred thousand dollars) and hoping for good luck, but in the end utilized Progent.


"I canít speak enough in regards to the expertise Progent provided us during the most critical period of (our) companyís life. We most likely would have paid the hackers behind this attack if not for the confidence the Progent team afforded us. That you could get our e-mail and essential applications back online quicker than one week was incredible. Every single consultant I worked with or messaged at Progent was urgently focused on getting us restored and was working day and night to bail us out."

Progent worked together with the customer to quickly assess and prioritize the essential services that had to be recovered to make it possible to resume company functions:

  • Active Directory
  • Email
  • Financials/MRP
To begin, Progent adhered to ransomware penetration response best practices by stopping the spread and cleaning systems of viruses. Progent then began the steps of bringing back online Microsoft Active Directory, the heart of enterprise environments built upon Microsoft Windows Server technology. Exchange messaging will not work without AD, and the client's MRP applications utilized SQL Server, which depends on Active Directory for security authorization to the database.

Within 2 days, Progent was able to restore Active Directory services to its pre-intrusion state. Progent then completed reinstallations and hard drive recovery of the most important systems. All Exchange data and configuration information were intact, which accelerated the rebuild of Exchange. Progent was able to locate non-encrypted OST data files (Outlook Off-Line Data Files) on staff PCs and laptops to recover mail messages. A not too old off-line backup of the customerís manufacturing systems made them able to recover these vital programs back available to users. Although major work remained to recover fully from the Ryuk attack, the most important services were returned to operations rapidly:


"For the most part, the production line operation showed little impact and we did not miss any customer deliverables."

During the next month important milestones in the restoration project were made through close cooperation between Progent team members and the customer:

  • Internal web sites were restored without losing any data.
  • The MailStore Exchange Server with over four million archived messages was restored to operations and accessible to users.
  • CRM/Orders/Invoicing/AP/AR/Inventory modules were 100 percent operational.
  • A new Palo Alto Networks 850 security appliance was set up and programmed.
  • Nearly all of the desktop computers were operational.

"Much of what was accomplished in the early hours is nearly entirely a fog for me, but our team will not soon forget the commitment each and every one of your team accomplished to help get our business back. I have been working with Progent for at least 10 years, possibly more, and every time Progent has outperformed my expectations and delivered as promised. This situation was no exception but maybe more Herculean."

Conclusion
A probable business-ending catastrophe was averted by results-oriented professionals, a broad array of subject matter expertise, and tight collaboration. Although in hindsight the ransomware penetration detailed here could have been stopped with advanced cyber security solutions and NIST Cybersecurity Framework best practices, user education, and appropriate incident response procedures for information backup and applying software patches, the reality is that government-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a ransomware incident, feel confident that Progent's team of professionals has a proven track record in ransomware virus blocking, mitigation, and data restoration.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Tony and Chris (along with others that were helping), thanks very much for letting me get some sleep after we made it past the initial push. All of you did an impressive job, and if any of your guys is around the Chicago area, dinner is on me!"

To read or download a PDF version of this case study, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Available from Progent
Progent offers businesses in Allentown a variety of remote monitoring and security assessment services to help you to minimize your vulnerability to crypto-ransomware. These services include next-generation machine learning capability to detect zero-day variants of crypto-ransomware that are able to escape detection by traditional signature-based anti-virus products.

  • ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection service that incorporates cutting edge behavior-based machine learning technology to defend physical and virtual endpoints against new malware assaults such as ransomware and file-less exploits, which routinely get by legacy signature-based anti-virus tools. ProSight Active Security Monitoring protects on-premises and cloud resources and offers a unified platform to automate the complete malware attack progression including filtering, infiltration detection, mitigation, remediation, and forensics. Top features include single-click rollback with Windows VSS and automatic system-wide immunization against newly discovered threats. Read more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware recovery.

  • ProSight Enhanced Security Protection (ESP): Physical and Virtual Endpoint Protection and Exchange Filtering
    Progent's ProSight Enhanced Security Protection (ESP) services deliver economical multi-layer security for physical and virtual servers, workstations, mobile devices, and Exchange email. ProSight ESP uses adaptive security and advanced heuristics for round-the-clock monitoring and reacting to security assaults from all vectors. ProSight ESP delivers two-way firewall protection, intrusion alerts, device control, and web filtering through leading-edge tools incorporated within a single agent accessible from a single console. Progent's security and virtualization consultants can help your business to plan and configure a ProSight ESP deployment that meets your company's specific requirements and that allows you demonstrate compliance with legal and industry information protection regulations. Progent will assist you define and configure security policies that ProSight ESP will enforce, and Progent will monitor your network and react to alarms that call for immediate action. Progent can also assist your company to install and test a backup and restore system like ProSight Data Protection Services so you can recover rapidly from a potentially disastrous cyber attack like ransomware. Find out more about Progent's ProSight Enhanced Security Protection unified physical and virtual endpoint security and Microsoft Exchange filtering.

  • ProSight Data Protection Services: Managed Backup and Recovery
    ProSight Data Protection Services from Progent offer small and medium-sized businesses an affordable and fully managed service for reliable backup/disaster recovery (BDR). For a fixed monthly rate, ProSight DPS automates your backup activities and enables rapid restoration of vital data, apps and VMs that have become unavailable or damaged as a result of hardware failures, software bugs, disasters, human mistakes, or malicious attacks like ransomware. ProSight DPS can help you protect, retrieve and restore files, folders, applications, system images, plus Microsoft Hyper-V and VMware images/. Important data can be protected on the cloud, to an on-promises device, or to both. Progent's BDR consultants can provide advanced support to configure ProSight DPS to to comply with government and industry regulatory requirements such as HIPAA, FINRA, and PCI and, whenever necessary, can help you to restore your business-critical information. Read more about ProSight Data Protection Services Managed Cloud Backup.

  • ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
    ProSight Email Guard is Progent's spam filtering and email encryption service that uses the technology of leading information security companies to deliver centralized control and comprehensive security for your email traffic. The powerful architecture of Progent's Email Guard managed service combines cloud-based filtering with an on-premises security gateway appliance to provide advanced protection against spam, viruses, Denial of Service Attacks, DHAs, and other email-borne threats. The cloud filter acts as a preliminary barricade and keeps most threats from reaching your network firewall. This decreases your vulnerability to inbound attacks and saves network bandwidth and storage space. Email Guard's onsite security gateway appliance adds a further layer of analysis for inbound email. For outgoing email, the local security gateway offers AV and anti-spam protection, protection against data leaks, and email encryption. The onsite gateway can also assist Microsoft Exchange Server to monitor and safeguard internal email that stays inside your security perimeter. For more details, see Email Guard spam and content filtering.

  • ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
    ProSight WAN Watch is an infrastructure monitoring and management service that makes it easy and affordable for smaller businesses to map out, monitor, optimize and debug their connectivity hardware like routers and switches, firewalls, and wireless controllers as well as servers, printers, client computers and other networked devices. Using state-of-the-art Remote Monitoring and Management (RMM) technology, WAN Watch ensures that network diagrams are kept current, copies and manages the configuration of almost all devices on your network, tracks performance, and generates alerts when issues are discovered. By automating tedious network management activities, ProSight WAN Watch can knock hours off ordinary tasks like making network diagrams, reconfiguring your network, finding devices that require important updates, or isolating performance problems. Learn more details about ProSight WAN Watch infrastructure management consulting.

  • ProSight LAN Watch: Server and Desktop Remote Monitoring
    ProSight LAN Watch is Progentís server and desktop monitoring service that incorporates advanced remote monitoring and management technology to help keep your IT system operating efficiently by tracking the health of vital assets that power your business network. When ProSight LAN Watch uncovers an issue, an alert is transmitted immediately to your specified IT staff and your assigned Progent engineering consultant so any potential issues can be addressed before they have a chance to disrupt productivity. Learn more details about ProSight LAN Watch server and desktop remote monitoring services.

  • ProSight Virtual Hosting: Hosted VMs at Progent's World-class Data Center
    With Progent's ProSight Virtual Hosting service, a small business can have its key servers and applications hosted in a secure fault tolerant data center on a high-performance virtual machine host configured and maintained by Progent's IT support experts. Under Progent's ProSight Virtual Hosting model, the customer owns the data, the operating system platforms, and the applications. Because the environment is virtualized, it can be moved immediately to an alternate hardware environment without a time-consuming and difficult configuration procedure. With ProSight Virtual Hosting, your business is not locked into a single hosting service. Learn more details about ProSight Virtual Hosting services.

  • ProSight IT Asset Management: Network Documentation Management
    ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to capture, update, retrieve and safeguard information related to your network infrastructure, procedures, business apps, and services. You can instantly find passwords or serial numbers and be alerted about impending expirations of SSL certificates or domains. By updating and managing your IT documentation, you can save as much as 50% of time wasted searching for vital information about your IT network. ProSight IT Asset Management includes a centralized repository for holding and collaborating on all documents related to managing your business network such as recommended procedures and self-service instructions. ProSight IT Asset Management also supports advanced automation for collecting and associating IT information. Whether youíre making improvements, doing regular maintenance, or reacting to an emergency, ProSight IT Asset Management delivers the knowledge you need when you need it. Learn more about Progent's ProSight IT Asset Management service.
For 24x7x365 Allentown Crypto-Ransomware Repair Experts, call Progent at 800-462-8800 or go to Contact Progent.