Crypto-Ransomware : Your Worst Information Technology Nightmare
Ransomware  Remediation ExpertsCrypto-Ransomware has become a too-frequent cyber pandemic that represents an extinction-level threat for businesses of all sizes unprepared for an attack. Different iterations of crypto-ransomware such as Reveton, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been circulating for a long time and continue to cause havoc. Modern strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus daily unnamed viruses, not only do encryption of online critical data but also infiltrate most accessible system backup. Files synched to cloud environments can also be corrupted. In a poorly designed data protection solution, this can make any restore operations impossible and basically knocks the datacenter back to square one.

Retrieving services and data after a ransomware event becomes a sprint against time as the victim fights to stop lateral movement and cleanup the virus and to restore business-critical operations. Because ransomware needs time to replicate, attacks are often sprung on weekends, when attacks tend to take longer to recognize. This compounds the difficulty of quickly marshalling and coordinating a capable mitigation team.

Progent provides a range of help services for protecting Miami Beach organizations from ransomware penetrations. Among these are team training to help recognize and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based threat defense to discover and quarantine zero-day modern malware assaults. Progent in addition offers the services of seasoned crypto-ransomware recovery engineers with the talent and commitment to reconstruct a compromised environment as urgently as possible.

Progent's Crypto-Ransomware Recovery Services
Soon after a ransomware event, sending the ransom demands in cryptocurrency does not provide any assurance that merciless criminals will respond with the needed keys to decipher any or all of your data. Kaspersky Labs determined that seventeen percent of ransomware victims never restored their data even after having sent off the ransom, resulting in additional losses. The risk is also very costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the average ransomware demands, which ZDNET estimated to be around $13,000 for small organizations. The other path is to re-install the vital parts of your IT environment. Absent access to complete data backups, this requires a wide complement of skill sets, well-coordinated project management, and the ability to work non-stop until the task is complete.

For twenty years, Progent has provided certified expert IT services for companies throughout the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have been awarded advanced industry certifications in foundation technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity engineers have garnered internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has expertise in financial management and ERP software solutions. This breadth of expertise gives Progent the skills to knowledgably determine critical systems and organize the surviving pieces of your computer network system after a ransomware attack and assemble them into an operational network.

Progent's security team has top notch project management applications to orchestrate the complicated recovery process. Progent knows the urgency of acting rapidly and together with a customer's management and Information Technology staff to assign priority to tasks and to put critical applications back online as soon as humanly possible.

Client Story: A Successful Ransomware Penetration Recovery
A small business hired Progent after their organization was attacked by Ryuk ransomware virus. Ryuk is generally considered to have been launched by Northern Korean government sponsored criminal gangs, possibly using algorithms exposed from the United States NSA organization. Ryuk targets specific companies with limited room for disruption and is one of the most profitable instances of ransomware viruses. Headline organizations include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturing business located in the Chicago metro area with about 500 workers. The Ryuk penetration had frozen all essential operations and manufacturing processes. The majority of the client's information backups had been on-line at the beginning of the attack and were damaged. The client was evaluating paying the ransom (more than two hundred thousand dollars) and praying for good luck, but ultimately brought in Progent.


"I can't thank you enough about the care Progent gave us during the most stressful time of (our) businesses existence. We may have had to pay the criminal gangs except for the confidence the Progent team provided us. That you were able to get our e-mail and important servers back online sooner than five days was incredible. Each expert I talked with or e-mailed at Progent was hell bent on getting us back online and was working 24 by 7 to bail us out."

Progent worked together with the client to quickly get our arms around and assign priority to the key elements that needed to be restored to make it possible to resume company operations:

  • Active Directory
  • Exchange Server
  • MRP System
To start, Progent adhered to Anti-virus event response best practices by halting lateral movement and clearing infected systems. Progent then initiated the work of rebuilding Microsoft AD, the heart of enterprise networks built upon Microsoft Windows Server technology. Microsoft Exchange email will not work without AD, and the customer's MRP software leveraged SQL Server, which needs Windows AD for authentication to the information.

Within 48 hours, Progent was able to rebuild Windows Active Directory to its pre-penetration state. Progent then helped perform reinstallations and storage recovery on essential servers. All Microsoft Exchange Server schema and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was also able to collect intact OST data files (Microsoft Outlook Off-Line Folder Files) on team PCs in order to recover mail messages. A not too old offline backup of the businesses accounting/MRP software made it possible to recover these vital applications back on-line. Although significant work was left to recover totally from the Ryuk damage, essential services were restored quickly:


"For the most part, the manufacturing operation survived unscathed and we did not miss any customer deliverables."

Throughout the next month critical milestones in the restoration process were accomplished through close cooperation between Progent consultants and the customer:

  • Self-hosted web applications were returned to operation without losing any information.
  • The MailStore Exchange Server containing more than 4 million archived emails was brought online and accessible to users.
  • CRM/Product Ordering/Invoicing/Accounts Payable/Accounts Receivables (AR)/Inventory Control capabilities were fully restored.
  • A new Palo Alto 850 security appliance was deployed.
  • Most of the user workstations were functioning as before the incident.

"A lot of what happened in the initial days is nearly entirely a fog for me, but our team will not forget the urgency each and every one of your team accomplished to help get our business back. I have been working together with Progent for the past 10 years, possibly more, and each time I needed help Progent has come through and delivered as promised. This situation was a stunning achievement."

Conclusion
A probable business disaster was avoided through the efforts of results-oriented professionals, a wide spectrum of IT skills, and tight teamwork. Although upon completion of forensics the ransomware incident detailed here would have been blocked with up-to-date cyber security systems and recognized best practices, user education, and well thought out incident response procedures for information backup and applying software patches, the fact is that state-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do fall victim to a crypto-ransomware incursion, feel confident that Progent's team of experts has extensive experience in ransomware virus defense, mitigation, and file restoration.


"So, to Darrin, Matt, Aaron, Dan, Jesse, Arnaud, Allen, Tony and Chris (along with others that were involved), thanks very much for letting me get rested after we got over the first week. All of you did an incredible job, and if anyone that helped is in the Chicago area, dinner is my treat!"

Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this ransomware incident report, click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Consulting in Miami Beach
For ransomware system restoration expertise in the Miami Beach metro area, phone Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24-7 CISSP Auditor Miami Beach, FL CISSP Network Security Evaluation
  • 24-Hour Miami Beach Ransomware Conti protection and ransomware recovery Miami Beach Miami Beach Ransomware Virus Readiness Checkup
  • After Hours Snatch Ransomware Hot Line Miami Beach FL Conti Ransomware Hot Line Miami Beach, Florida

  • 24-7 SQL Server 2019 OLTP Support
    SQL Server 2019 Always Encrypted Online Troubleshooting

    Progent's certified SharePoint 2019 and SharePoint Online consultants offer economical remote and on-premises consulting expertise, application development, and troubleshooting services for organizations of any size who want to migrate to SharePoint 2019 or SharePoint Online from older releases of SharePoint. Progent can assist you design and execute a cost-effective migration to SharePoint 2019 on premises, SharePoint Online, or a hybrid network model that combines local and cloud-based resources into a seamless intranet solution.

  • Apple Motion Training Professional Digidesign Pro Tools Class
  • At Home Workers Miami Beach Consulting Services - Management Solutions Consultants Miami Beach Teleworkers Consulting Services in Miami Beach - Management Tools Guidance Miami Beach
  • At Home Workforce Guidance near Miami Beach - Help Desk Call Center Solutions Consulting and Support Services Miami Beach Miami Beach Telecommuters Help Desk Call Center Outsourcing Assistance
  • Cisco CCIE Engineer Support Cisco Small Business series NSS3000
  • Cisco Small Business Computer Consulting Services Miami Beach, America Miami Beach, Florida Cisco Networking Companies

  • Information Technology Consulting Exchange Server 2003 Upgrade
    Microsoft Exchange 2003 IT Consultants

    Progent's Microsoft Premier professionals can provide expert consulting for major implementations of Microsoft Exchange 2007. Progent's consultants can help you prepare for multi-location Exchange Server rollouts or upgrades and can supply local personnel to help large companies with installations of Exchange Server 2007 in the or any area served by Progent's consultants.

  • Emergency Voice Over IP Phones Support Outsourcing Cisco VoIP Phones and Cisco Unity Setup and Support
  • Fedora Linux, Solaris, UNIX Support and Setup Miami Beach Slackware Linux, Sun Solaris, UNIX On-site Support Miami Beach FL
  • MS Certified Miami Beach IT Specialists Miami Beach IT Consulting Firms
  • MS Dynamics GP Partner - Miami Beach - Business Intelligence Experts Miami Beach Microsoft Dynamics GP Vendor in Miami Beach - Setup Support Miami Beach, Florida
  • Miami Beach Dharma Ransomware Repair Miami Beach Florida Miami Beach DopplePaymer Crypto-Ransomware System-Rebuild Miami Beach Florida

  • Check Point 16000 Firewalls Secure
    Top Ranked Check Point 9000 Quantum Force Firewalls Cybersecurity Companies

    Progent's Check Point Software consultants can help you select and configure Check Point Software Firewall and VPN software and appliances based on Check Point's security platform to offer an affordable and efficient security defense for your IT network. Progent can also show you how to integrate other Check Point technologies including Check Point ZoneAlarm and Check Point Series 80 appliances with security products from other suppliers and provide a central source for on-going technical support, administration, education, and design expertise.

  • Miami Beach Exchange Server 2013 Setup Service Exchange 2003 Server Design Firm Miami Beach, FL
  • Miami Beach Expertise for Miami Beach Network Support Firms After Hours Consulting Services for Miami Beach IT Service Providers Miami Beach FL, America
  • Miami Beach Florida, U.S.A. Small Business Computer Consultant BlackBerry Enterprise Server Miami Beach FL BlackBerry BES Outsourcing Services
  • Miami Beach, FL Urgent Miami Beach Ryuk Ransomware Malware Mitigation Case Study
  • Miami Beach Maze Crypto-Ransomware Business-Recovery Miami Beach Emergency Miami Beach Ryuk Crypto-Ransomware Virus File-Recovery Case Study Miami Beach, FL, USA
  • Miami Beach Maze Ransomware Settlement Expertise Miami Beach, Florida Miami Beach Locky Ransomware Settlement Negotiation Guidance Miami Beach Florida
  • Miami Beach Nephilim Ransomware Business Recovery Miami Beach, FL Miami Beach Spora Ransomware Recovery
  • Miami Beach Telecommuters Backup/Recovery Systems Consultants Miami Beach Miami Beach Offsite Workforce Data Protection Systems Assistance Miami Beach, Florida
  • Miami Beach Miami Beach Netwalker Crypto-Ransomware Mitigation
  • Miami Beach WannaCry Crypto-Ransomware Forensics Investigation Miami Beach FL, United States Miami Beach Ryuk Ransomware Forensics Miami Beach
  • Miami Beach Work at Home Employees Connectivity Solutions Guidance Miami Beach 24/7/365 Miami Beach Remote Workers Set up Consulting
  • Miami Beach Work from Home Employees Consulting Experts - Miami Beach - Video Conferencing Systems Consultants Miami Beach Florida Miami Beach At Home Workers Conferencing Solutions Consultants
  • Miami Beach, FL Emergency Telecommuters Expertise near Miami Beach - Integration Consulting and Support Services Teleworkers Consulting nearby Miami Beach - Setup Consulting and Support Services Miami Beach Florida, United States
  • Miami Beach, Florida Remote Workforce Consultants near me in Miami Beach - VoIP Solutions Guidance Miami Beach At Home Workforce IP Voice Solutions Consulting Experts Miami Beach Florida, USA
  • Miami Beach, Florida, US 24x7x365 Miami Beach Dharma Crypto-Ransomware Assessment and Restoration Miami Beach Ransomware Removal Support Services
  • Miami Beach, United States Windows Server 2012 R2 Network Solutions Miami Beach, Florida Small Business IT Consulting Companies Windows Server 2016
  • Microsoft Office IT Outsourcing Microsoft Office System Networking Consultancy Services
  • Microsoft SharePoint Server 2013 IT Services Miami Beach, Florida Microsoft SharePoint Server 2013 Onsite Technical Support Miami Beach Florida
  • Microsoft Teams Migration from Lync Consultants Microsoft Teams and Azure Active Directory Technology Professional
  • Microsoft Windows Small Business Server 2008 Engineer MS Windows Small Business Server 2008 Consulting Services
  • Office SharePoint Server 2016 Integration Services Microsoft Office SharePoint Server 2013 IT Services

  • Help and Support System Center 2016
    System Center 2016 Disaster Recovery Specialists

    Progent has more than 20 years of experience integrating, maintaining and troubleshooting the key components that make up Microsoft System Center and can assist your organization to plan, deploy, support, and fix your System Center 2012 R2 ecosystem to maximize the uptime and responsiveness of your critical IT resources across multiple Windows and Linux/Unix operating systems and local and Cloud-connected fabric. Progent's consultants can help you to migrate to the latest version of System Center from a previous release or from a third-party datacenter management platform to provide the advantages of best-in-class deployment, management automation, security and compliance, plus datacenter and application performance monitoring.

  • Offsite Workforce Miami Beach Consulting Experts - Collaboration Systems Consulting Miami Beach, FL Miami Beach Work at Home Employees Collaboration Solutions Assistance Miami Beach FL
  • Offsite Workforce Miami Beach Guidance - Cloud Systems Guidance Miami Beach, Florida Work from Home Employees Miami Beach Consulting Experts - Cloud Integration Solutions Consulting Experts Miami Beach
  • PC Desktop Network Specialists Microsoft and Apple Mac Desktop Security Consulting
  • SQL Server Network Specialists Miami Beach, FL, United States Miami Beach, United States Network Assessment SQL 2014
  • Small Business IT Consulting Firm Small Business WiFi Site Surveys Computer Network Firms Small Business Ransomware Protection
  • Supplemental Network Support Staffing Support Services Expertise Miami Beach IT Staffing Temps for IT Support Groups Miami Beach
  • Telecommuters Miami Beach Consulting Experts - Security Systems Consulting Experts Miami Beach Immediate At Home Workforce Miami Beach Consultants - Network Security Solutions Expertise Miami Beach, Florida, U.S.A.
  • Top Miami Beach Egregor Ransomware Rollback Miami Beach, FL
  • Top Rated Manager Miami Beach Miami Beach, FL On-site Technical Support
  • Urgent Benefits for Home Based Network Consultant Contractor Jobs Home Based Microsoft Consultants Careers

  • © 2002-2024 Progent Corporation. All rights reserved.