Crypto-Ransomware : Your Worst IT Catastrophe
Crypto-Ransomware  Recovery ExpertsRansomware has become a too-frequent cyber pandemic that represents an existential danger for businesses of all sizes vulnerable to an attack. Versions of crypto-ransomware like the Reveton, Fusob, Locky, SamSam and MongoLock cryptoworms have been circulating for years and continue to cause destruction. Newer versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, as well as more as yet unnamed newcomers, not only do encryption of on-line data but also infiltrate any available system restores and backups. Information synched to the cloud can also be encrypted. In a poorly designed environment, it can render automated restoration useless and basically knocks the network back to square one.

Retrieving applications and information after a crypto-ransomware event becomes a sprint against the clock as the targeted business tries its best to stop lateral movement and cleanup the ransomware and to resume mission-critical activity. Because crypto-ransomware takes time to move laterally, penetrations are frequently launched during weekends and nights, when successful penetrations are likely to take more time to uncover. This multiplies the difficulty of rapidly mobilizing and orchestrating an experienced response team.

Progent offers an assortment of services for securing Miami Beach enterprises from ransomware penetrations. These include team training to help recognize and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus setup and configuration of next-generation security gateways with machine learning capabilities to intelligently discover and suppress day-zero cyber threats. Progent in addition can provide the services of expert crypto-ransomware recovery engineers with the track record and commitment to rebuild a compromised environment as soon as possible.

Progent's Ransomware Restoration Help
After a crypto-ransomware event, sending the ransom in cryptocurrency does not ensure that cyber hackers will return the needed keys to decipher any or all of your data. Kaspersky Labs ascertained that 17% of ransomware victims never restored their data even after having paid the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is greatly higher than the typical ransomware demands, which ZDNET determined to be in the range of $13,000 for small businesses. The other path is to piece back together the essential parts of your IT environment. Without access to complete information backups, this calls for a broad complement of skills, top notch project management, and the capability to work continuously until the job is over.

For decades, Progent has offered expert IT services for companies across the U.S. and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have been awarded advanced certifications in foundation technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have earned internationally-recognized industry certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has experience in financial management and ERP applications. This breadth of expertise affords Progent the skills to quickly ascertain necessary systems and consolidate the surviving parts of your Information Technology system following a ransomware event and rebuild them into a functioning system.

Progent's security team of experts has powerful project management systems to coordinate the sophisticated recovery process. Progent understands the importance of acting quickly and together with a customerís management and Information Technology staff to assign priority to tasks and to put key applications back on-line as soon as possible.

Case Study: A Successful Ransomware Intrusion Response
A business escalated to Progent after their company was taken over by the Ryuk ransomware. Ryuk is generally considered to have been created by North Korean state sponsored hackers, possibly using algorithms exposed from the U.S. National Security Agency. Ryuk goes after specific organizations with little ability to sustain operational disruption and is among the most lucrative incarnations of crypto-ransomware. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing business located in Chicago with about 500 workers. The Ryuk attack had shut down all business operations and manufacturing processes. The majority of the client's system backups had been directly accessible at the time of the intrusion and were eventually encrypted. The client was actively seeking loans for paying the ransom demand (in excess of two hundred thousand dollars) and wishfully thinking for good luck, but ultimately utilized Progent.


"I cannot thank you enough in regards to the expertise Progent provided us throughout the most fearful time of (our) businesses survival. We most likely would have paid the cybercriminals if it wasnít for the confidence the Progent team provided us. That you could get our messaging and production applications back quicker than seven days was amazing. Every single expert I interacted with or messaged at Progent was hell bent on getting us operational and was working 24 by 7 to bail us out."

Progent worked hand in hand the customer to quickly understand and prioritize the essential areas that had to be restored to make it possible to continue company functions:

  • Microsoft Active Directory
  • Microsoft Exchange Email
  • Accounting and Manufacturing Software
To begin, Progent adhered to ransomware incident response best practices by halting the spread and removing active viruses. Progent then began the process of restoring Microsoft Active Directory, the core of enterprise environments built upon Microsoft Windows Server technology. Exchange messaging will not operate without Windows AD, and the customerís financials and MRP system utilized SQL Server, which depends on Active Directory for access to the data.

Within two days, Progent was able to restore Active Directory services to its pre-virus state. Progent then completed setup and hard drive recovery of key servers. All Microsoft Exchange Server ties and attributes were usable, which facilitated the restore of Exchange. Progent was able to collect non-encrypted OST files (Outlook Offline Data Files) on team workstations to recover email data. A recent offline backup of the client's financials/MRP systems made them able to recover these required programs back available to users. Although major work still had to be done to recover completely from the Ryuk damage, the most important systems were restored quickly:


"For the most part, the production operation showed little impact and we produced all customer shipments."

Throughout the next month critical milestones in the recovery process were made in tight cooperation between Progent consultants and the customer:

  • In-house web sites were returned to operation with no loss of data.
  • The MailStore Server containing more than 4 million historical emails was brought online and available for users.
  • CRM/Customer Orders/Invoicing/Accounts Payable (AP)/Accounts Receivables (AR)/Inventory Control capabilities were fully operational.
  • A new Palo Alto 850 security appliance was installed and configured.
  • Ninety percent of the user workstations were being used by staff.

"A lot of what happened those first few days is nearly entirely a fog for me, but we will not forget the countless hours each of you accomplished to help get our company back. Iíve been working together with Progent for the past 10 years, maybe more, and every time Progent has shined and delivered as promised. This event was a stunning achievement."

Conclusion
A likely business catastrophe was averted through the efforts of top-tier experts, a wide range of IT skills, and close collaboration. Although upon completion of forensics the ransomware attack described here should have been identified and disabled with advanced cyber security technology solutions and security best practices, user training, and well thought out security procedures for data protection and proper patching controls, the reality remains that state-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are tireless and will continue. If you do fall victim to a ransomware incursion, feel confident that Progent's roster of professionals has substantial experience in ransomware virus blocking, removal, and data recovery.


"So, to Darrin, Matt, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others that were contributing), thanks very much for making it so I could get some sleep after we got past the most critical parts. All of you did an incredible effort, and if anyone is visiting the Chicago area, dinner is the least I can do!"

Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist



An index of content::

  • 24 Hour Miami Beach Crypto-Ransomware Vulnerability Report Miami Beach, Florida Miami Beach Ransomware Malware Preparedness Review Miami Beach, FL
  • 24-7 Firewall Compliance Audit Miami Beach CISSP Technical Support Miami Beach
  • 24x7x365 Miami Beach, Florida Help Miami Beach, Florida Computer Network Support Firms
  • ADSL2+ Services 24 Hour Consulting Comcast Business Class Cable Internet
  • Miami Beach WannaCry Ransomware Operational-Recovery Miami Beach, Florida, United States
  • After Hours At Home Workers Miami Beach Consulting and Support Services - Integration Consultants Miami Beach Florida, United States Teleworkers Miami Beach Consulting Services - Setup Expertise Miami Beach
  • At Home Workforce Miami Beach Expertise - Integration Solutions Expertise Miami Beach Miami Beach Work from Home Employees Support Guidance Miami Beach
  • BlackBerry Redirector Small Business Outsourcing IT Miami Beach BlackBerry Redirector Specialist Miami Beach
  • Cisco IT Consultants Miami Beach, FL, U.S.A. Miami Beach, Florida, United States Cisco Support services
  • Computer Setup Miami Beach Miami Beach Remote Consulting
  • Consultant Apple Mac Computer Consultant Macintosh
  • Consulting Experts for IT Service Organizations near me in Miami Beach - Short-Term IT Support Help Miami Beach FL Consulting Services for Computer Support Firms near Miami Beach - Seamless Temporary Support Team Expansion Miami Beach Florida
  • Crypto-Ransomware Repair Support Services Miami Beach Miami Beach, United States Miami Beach NotPetya Ransomware Repair
  • Emergency Windows Server 2012 IT Specialist Miami Beach Windows 2008 Server Technical Support Companies Miami Beach
  • Helpdesk Outsourcing Services On-site Support Computer Support Help Desk Services Outsourcing

  • Remote Desktop PC Consulting
    Networking Group Desktop VPN

    Progent's remote connectivity and smartphone synchronization specialists can help you to design and deploy secure access solutions for remote desktops, notebooks, and smartphones so they integrate seamlessly with your information network, enabling your business to improve the efficiency of your remote workers.

  • Emergency Miami Beach Spora Crypto-Ransomware Data-Recovery Miami Beach
  • Immediate Teleworkers Miami Beach Consulting - Collaboration Solutions Consulting Services Teleworkers Miami Beach Consulting Services - Collaboration Technology Consultants Miami Beach, FL
  • Largest Telecommuters Miami Beach Consultants - Conferencing Technology Guidance Miami Beach, Florida Miami Beach Florida At Home Workers Miami Beach Consulting Services - Conferencing Solutions Consulting Services
  • Miami Beach At Home Workforce Security Solutions Consulting Experts Miami Beach 24 Hour At Home Workforce Miami Beach Guidance - Endpoint Security Systems Consulting Services Miami Beach, America
  • Miami Beach Florida SharePoint 2013 IT Services SharePoint IT Consultants Miami Beach FL
  • Miami Beach Florida Small Business IT Consultants Exchange Exchange 2010 Server Computer Services Miami Beach
  • Miami Beach Sodinokibi Crypto-Ransomware Business-Recovery Miami Beach
  • Miami Beach Miami Beach Crypto-Ransomware Business Restoration Miami Beach Ryuk Ransomware Blocking Miami Beach FL, United States
  • Miami Beach Miami Beach Phobos Ransomware Removal Miami Beach WannaCry Crypto-Ransomware Cleanup Miami Beach, US
  • Miami Beach Hermes Ransomware Rollback Miami Beach
  • Miami Beach MongoLock Crypto-Ransomware Settlement Negotiation Help Miami Beach Crypto-Ransomware Settlement Guidance Miami Beach
  • Miami Beach Short Term IT Staffing Services Miami Beach Short-Term IT Staffing Services Consulting Services Miami Beach Florida
  • Miami Beach Snatch Crypto-Ransomware Forensics Miami Beach FL Miami Beach Locky Crypto-Ransomware Forensics Analysis Miami Beach Florida
  • Miami Beach Work from Home Employees Cloud Systems Assistance Miami Beach, Florida At Home Workforce Miami Beach Consulting and Support Services - Cloud Systems Expertise Miami Beach FL
  • Miami Beach, FL Miami Beach Remote Workers Endpoint Management Systems Guidance At Home Workforce Miami Beach Guidance - Management Solutions Consulting Miami Beach, Florida
  • Miami Beach Avaddon Ransomware Recovery Miami Beach Florida, U.S.A.
  • Microsoft Dynamics GP Vender near Miami Beach - Implementation Development Miami Beach, Florida Miami Beach Florida Remote MS Dynamics GP-Software Dealer near Miami Beach - Database Expert
  • Network Specialist Microsoft SQL Server 2017 Miami Beach, FL SQL Server 2012 Tech Support Outsource
  • Radvision XT5000 Technology Professional Cisco TelePresence System 3210 Consultants
  • Ransomware Removal and Restore Miami Beach, FL Netwalker Ransomware Hot Line Miami Beach, U.S.A.
  • Remote Workforce Consultants nearby Miami Beach - VoIP Technology Consulting Experts Miami Beach FL, US Miami Beach Work from Home Employees IP Voice Solutions Consulting Experts
  • Suse Linux, Sun Solaris, UNIX Technical Support CentOS Linux, Solaris, UNIX Technology Consulting Miami Beach, Florida
  • Teleworkers Miami Beach Assistance - Help Desk Outsourcing Consulting and Support Services Miami Beach Florida At Home Workforce Miami Beach Consultants - Help Desk Call Center Augmentation Consulting Miami Beach Florida
  • Urgent Miami Beach Spora Ransomware Recovery Miami Beach Florida Miami Beach NotPetya Crypto-Ransomware Rollback Miami Beach, FL
  • Miami Beach Conti Ransomware Operational-Recovery Miami Beach
  • Urgent Remote Workers Miami Beach Expertise - Data Protection Solutions Consulting Experts Miami Beach, Florida Work at Home Employees Miami Beach Assistance - Backup Technology Consulting Experts Miami Beach Florida
  • Miami Beach Lockbit Crypto-Ransomware Mitigation Miami Beach, Florida
  • Work from Home IP Voice Technical Consultant At Home Workforce IP Voice On-site Technical Support

  • © 2002-2021 Progent Corporation. All rights reserved.