Ransomware : Your Worst IT Nightmare
Crypto-Ransomware  Remediation ConsultantsRansomware has become an escalating cyber pandemic that poses an existential threat for organizations poorly prepared for an attack. Multiple generations of ransomware such as Dharma, WannaCry, Locky, SamSam and MongoLock cryptoworms have been circulating for years and continue to inflict harm. More recent strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, plus additional as yet unnamed newcomers, not only do encryption of on-line data but also infiltrate all accessible system protection. Information synched to cloud environments can also be rendered useless. In a poorly architected system, this can render automatic restore operations hopeless and effectively knocks the network back to square one.

Getting back online services and data after a ransomware event becomes a race against the clock as the targeted business struggles to stop the spread and eradicate the ransomware and to resume business-critical operations. Due to the fact that ransomware needs time to replicate, attacks are usually launched on weekends and holidays, when successful penetrations in many cases take longer to identify. This compounds the difficulty of quickly assembling and coordinating a capable mitigation team.

Progent provides a variety of solutions for securing Lower Manhattan enterprises from crypto-ransomware penetrations. These include user education to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to deployment of the latest generation security appliances with AI technology to automatically discover and suppress day-zero threats. Progent also provides the services of seasoned ransomware recovery professionals with the track record and perseverance to reconstruct a compromised system as rapidly as possible.

Progent's Ransomware Restoration Support Services
Subsequent to a crypto-ransomware attack, even paying the ransom in cryptocurrency does not provide any assurance that cyber criminals will provide the codes to decrypt any of your data. Kaspersky ascertained that 17% of ransomware victims never recovered their files after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is well above the average ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller organizations. The alternative is to setup from scratch the critical elements of your IT environment. Without the availability of complete information backups, this requires a broad range of skill sets, top notch team management, and the capability to work non-stop until the job is complete.

For decades, Progent has made available professional Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have been awarded advanced industry certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned internationally-renowned industry certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise with accounting and ERP application software. This breadth of expertise gives Progent the capability to rapidly identify necessary systems and re-organize the surviving pieces of your Information Technology system following a crypto-ransomware attack and assemble them into an operational network.

Progent's security team deploys best of breed project management tools to orchestrate the complex restoration process. Progent knows the urgency of acting quickly and in unison with a client's management and IT resources to assign priority to tasks and to get critical systems back online as soon as possible.

Client Story: A Successful Ransomware Virus Response
A client engaged Progent after their organization was penetrated by Ryuk ransomware virus. Ryuk is believed to have been deployed by North Korean state sponsored criminal gangs, possibly adopting technology leaked from Americaís NSA organization. Ryuk targets specific companies with little room for disruption and is among the most lucrative incarnations of crypto-ransomware. High publicized victims include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a regional manufacturing business based in the Chicago metro area with about 500 employees. The Ryuk intrusion had disabled all essential operations and manufacturing processes. Most of the client's system backups had been online at the beginning of the attack and were destroyed. The client was taking steps for paying the ransom (in excess of $200K) and hoping for the best, but ultimately brought in Progent.


"I cannot thank you enough in regards to the care Progent gave us throughout the most fearful period of (our) businesses existence. We most likely would have paid the cybercriminals if not for the confidence the Progent experts provided us. That you were able to get our e-mail system and critical servers back on-line quicker than one week was incredible. Each expert I spoke to or texted at Progent was totally committed on getting us restored and was working at all hours on our behalf."

Progent worked together with the client to rapidly understand and assign priority to the critical services that needed to be restored to make it possible to continue company functions:

  • Active Directory (AD)
  • Microsoft Exchange Email
  • Accounting and Manufacturing Software
To start, Progent followed ransomware penetration response industry best practices by halting lateral movement and disinfecting systems. Progent then began the work of restoring Windows Active Directory, the foundation of enterprise systems built on Microsoft technology. Microsoft Exchange messaging will not function without Windows AD, and the customerís financials and MRP software leveraged Microsoft SQL, which needs Windows AD for access to the database.

Within two days, Progent was able to recover Active Directory to its pre-penetration state. Progent then completed setup and storage recovery on mission critical applications. All Exchange Server schema and configuration information were intact, which facilitated the rebuild of Exchange. Progent was also able to find local OST files (Microsoft Outlook Off-Line Folder Files) on staff PCs in order to recover email information. A not too old offline backup of the customerís accounting/MRP systems made them able to restore these essential services back online. Although a large amount of work remained to recover completely from the Ryuk damage, the most important services were returned to operations quickly:


"For the most part, the production line operation never missed a beat and we delivered all customer shipments."

Throughout the next couple of weeks critical milestones in the recovery project were accomplished in close collaboration between Progent engineers and the customer:

  • Self-hosted web sites were brought back up with no loss of information.
  • The MailStore Server with over four million archived messages was brought on-line and available for users.
  • CRM/Orders/Invoicing/AP/AR/Inventory functions were fully operational.
  • A new Palo Alto 850 security appliance was deployed.
  • Nearly all of the desktops and laptops were being used by staff.

"A huge amount of what went on in the initial days is mostly a fog for me, but I will not forget the commitment each of the team accomplished to help get our business back. Iíve utilized Progent for at least 10 years, maybe more, and each time I needed help Progent has outperformed my expectations and delivered. This situation was a stunning achievement."

Conclusion
A possible enterprise-killing disaster was averted through the efforts of dedicated professionals, a broad array of knowledge, and close teamwork. Although in retrospect the ransomware virus incident detailed here would have been prevented with current cyber security systems and ISO/IEC 27001 best practices, user training, and properly executed incident response procedures for information backup and applying software patches, the reality is that state-sponsored cybercriminals from Russia, China and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware incursion, remember that Progent's roster of professionals has proven experience in crypto-ransomware virus blocking, removal, and file restoration.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Chris (along with others who were involved), thanks very much for allowing me to get rested after we made it past the initial push. All of you did an incredible job, and if anyone that helped is in the Chicago area, a great meal is my treat!"

Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist



An index of content::

  • 24/7/365 Telecommuters Lower Manhattan Assistance - Security Systems Consulting Services Manhattan-Downtown, New York, America Telecommuters Lower Manhattan Consulting and Support Services - Network Security Solutions Consultants Lower Manhattan-Wall Street, NY
  • 24 Hour Lower Manhattan Ryuk Ransomware Malware Cleanup Example NYC-East Village
  • At Home Workers Lower Manhattan Consulting - Integration Consulting Lower Manhattan Lower Manhattan Remote Workforce Integration Expertise Lower Manhattan-SoHo
  • At Home Workforce Lower Manhattan Consulting - Connectivity Consulting Experts Downtown Manhattan After Hours Lower Manhattan Teleworkers Connectivity Consulting Services
  • At Home Workforce Lower Manhattan Guidance - Data Protection Systems Guidance Downtown Manhattan-East Village Lower Manhattan At Home Workers Backup/Recovery Systems Consulting Experts
  • BlackBerry Desktop Manager Repair BlackBerry Redirector Contractor Lower Manhattan, New York, USA
  • Lower Manhattan Avaddon Ransomware Restoration Lower Manhattan-Tribeca, New York
  • CISSP-ISSEP Cybersecurity Technology Professional CISSP Certified Cybersecurity Manager Professional
  • Cisco and Microsoft New York, New York Configuration Services New York, NY IT Consulting Company
  • NYC-Wall Street, New York Lower Manhattan NotPetya Crypto-Ransomware Data-Recovery
  • Computer Consultant ASA 5505 Firewall 24-Hour ASA 5550 Firewall Computer Consultants
  • Consulting Expertise for Lower Manhattan IT Support Organizations NYC-East Village, New York Lower Manhattan-East Village, NY Consultants for Lower Manhattan IT Support Firms
  • Contractor Microsoft MCSA Consultant Melbourne Computer Remote Support Career Gold Coast Tweed
  • Downtown Manhattan-SoHo, NY Top Lower Manhattan Ransomware Virus Readiness Audit New York City-Lower Manhattan, New York Lower Manhattan Ransomware Computer-Virus Preparedness Audit

  • 24-Hour Professional Microsoft Live Communications Server
    Microsoft LCS Server Professionals

    Microsoft Office Communications Server delivers Instant Messaging and Real Presence as part of a scalable, enterprise-grade package featuring enhanced security, transparent integration with additional Microsoft software, an extendable, industry-standard development environment, and support for regulatory mandates such as HIPAA, SOX, and Gramm-Leach-Bliley. The product offers cost savings and improved business efficiencies, enhanced worker productivity, and stronger IP security. MS Communications Server 2007 has been superseded by Lync Server, which in turn has been revamped and renamed Skype for Business. Progent's certified IM and Presence consultants can provide online and onsite support and troubleshooting services for your Office Communications Server deployment and can help you to evaluate the costs and benefits of upgrading to Microsoft's Skype for Business. Progent can also help you to plan and execute a smooth upgrade that will add significant strategic value to your IT system

  • Lower Manhattan NotPetya Crypto-Ransomware Removal Manhattan-Downtown, NY
  • Downtown Manhattan-Wall Street, NY Lower Manhattan Teleworkers Management Solutions Consulting and Support Services Lower Manhattan Work at Home Employees Endpoint Management Solutions Consulting Services Manhattan
  • Engineer Microsoft SharePoint 2013 NYC-Wall Street Network Consultant SharePoint Server 2019 Downtown Manhattan-Wall Street, NY

  • Urgent Specialists Windows and UNIX
    Remote Support Services Windows, UNIX, Solaris

    If your office computer system combines UNIX, Linux or Solaris technology with Windows, Progent can show you how to integrate your servers into a unified network that permits all your operating systems to run side by side for easy administration, transparent dataflow, high dependability, superior throughput, and tight security. Progent's UNIX and MS Windows integration assistance offerings include IT infrastructure integration and service, support for Microsoft Windows services for UNIX (SFU), online server monitoring and administration, remote network help and troubleshooting, on-site technical support, and Help Desk Call Center services.

  • Immediate Lower Manhattan Ransomware Settlement Negotiation Consulting New York City-East Village, New York, USA Lower Manhattan Nephilim Crypto-Ransomware Settlement Negotiation Consulting NYC, NY, U.S.A.
  • Knowledge Transfer Online Consulting Expert Training Support Services

  • Exchange 2000 Server Upgrade Remote Technical Support
    Consultants Exchange Server 2000

    Progent is among the most experienced IT support firms for designing email and messaging systems based on Microsoft Exchange 2000 Server. Progent specializes in helping small and mid-size businesses get all the advantages of Exchange 2000 under common scenarios including upgrading from Microsoft Exchange 5.5 Server, migration from an ISP-based or POP3 e-mail system, and outsourcing your Microsoft Exchange 2000 support.

  • Lower Manhattan At Home Workers IP Voice Systems Consulting and Support Services Downtown Manhattan-East Village, NY, USA At Home Workers Lower Manhattan Consulting - VoIP Solutions Consulting Lower Manhattan-East Village, New York, America
  • Lower Manhattan Crypto-Ransomware Counter-Measures Downtown Manhattan-Wall Street, New York Lower Manhattan Hermes Crypto-Ransomware Removal
  • Manhattan-Lower Manhattan, New York Lower Manhattan Ryuk Ransomware Infection Business-Recovery Example
  • Lower Manhattan Crypto-Ransomware Operational Recovery Consultants New York City NY Lower Manhattan Ryuk Crypto-Ransomware Recovery Consultants
  • Lower Manhattan DopplePaymer Ransomware Repair Downtown Manhattan-East Village, New York New York City-Tribeca, NY Lower Manhattan Maze Crypto-Ransomware File-Recovery
  • Lower Manhattan Lockbit Ransomware Forensics Investigation New York City-East Village, New York Lower Manhattan Lockbit Crypto-Ransomware Forensics Analysis Downtown Manhattan-Wall Street
  • Largest Lower Manhattan Egregor Crypto-Ransomware Mitigation Downtown Manhattan-SoHo, New York
  • Lower Manhattan Microsoft Dynamics GP-Software Implementation Consultants Manhattan-Downtown, New York, United States MS Dynamics GP-Great Plains Lower Manhattan Premier Partner - Implementation Consultant New York City-Downtown
  • Lower Manhattan Offsite Workforce Cloud Integration Systems Consulting Manhattan-Lower Manhattan, NY Telecommuters Consultants in Lower Manhattan - Cloud Technology Guidance New York City-Lower Manhattan, NY
  • Lower Manhattan SQL Server 2019 Network Security Consultant Microsoft SQL Server 2016 Setup Service
  • Lower Manhattan-East Village, New York Lower Manhattan CryptoLocker Cleanup Consultants NYC-Wall Street, New York Lower Manhattan Immediate Crypto Recovery
  • Lower Manhattan Ryuk Ransomware Removal Lower Manhattan-Wall Street, New York, United States
  • Manhattan, America Cisco Networking Consultancy Cisco Implementation Consulting Companies Downtown Manhattan-Tribeca, New York
  • Microsoft Dynamics Power BI Developer Firm Microsoft Certified Partner Dynamics GP Analytical Accounting Consultant
  • Microsoft SQL 2008 Configuration Biggest SQL Server 2008 Remote Technical Support
  • NYC-East Village Microsoft Exchange 2010 Integration Consultants New York City-Lower Manhattan, New York Exchange 2019 Consolidate
  • Nephilim Ransomware Hot Line Downtown Manhattan, America Maze Ransomware Hot Line
  • New York City-East Village, New York Security Network Intrusion Penetration Testing Lower Manhattan New York CISSP Security Auditor
  • New York, New York Computer Installation 24x7 NYC-Lower Manhattan Integration Firms
  • On Demand IT Staffing Integration Online Consulting Temporary IT Staff Augmentation Services

  • Computer Consultant ISA 2004 Server
    On-site Support Microsoft ISA 2004 Server

    Progent's certified Internet Security and Acceleration Server consulting experts have extensive backgrounds developing Microsoft-based security solutions for information systems with many locations, remote users, and mission-critical web-based applications. A Progent ISA Server engineer can help your small or mid-size company plan and implement a configuration of Microsoft ISA Server 2004 that meets your IT security requirements without limiting your network.

  • PIX Firewall Technology Consulting PIX Firewall Migration Information Technology Consulting
  • Red Hat Linux, Solaris, UNIX Online Consulting New York City-Lower Manhattan, New York Fedora Linux, Sun Solaris, UNIX Online Support Lower Manhattan
  • SCCM and Exchange Online Troubleshooting SCCM Software Inventory Technology Consulting Services

  • Cybersecurity Company WatchGuard Firewall
    WatchGuard VPN Cybersecurity Consultancy

    Progent offers support services for WatchGuard Firewall security gateways such as the WatchGuard Firebox and XTM families of Firewalls and the Firebox SSL Core VPN Gateway. Progent's WatchGuard consultants can help you choose, deploy, and maintain a WatchGuard Firewall/VPN appliance that fits your network security needs and budget. Progent can assist you to maintain outdated WatchGuard firewall appliances or migrate efficiently to modern WatchGuard firewalls.

  • Staffing for IT Service Organizations Lower Manhattan Temporary IT Staffing Help Downtown Manhattan-SoHo, New York
  • Teleworkers Lower Manhattan Consulting and Support Services - Help Desk Call Center Augmentation Consulting Services Lower Manhattan-Downtown Manhattan-Downtown, New York Award Winning At Home Workforce Lower Manhattan Consulting - Call Desk Augmentation Expertise
  • Windows Network Specialists New York City-Downtown 24 Hour Windows 2019 Server IT Consulting Downtown Manhattan-Tribeca

  • Microsoft Windows 10 Assessment and Deployment Kit Consultant Services
    Services Windows 10 Microsoft Deployment Toolkit

    Progent's Microsoft-certified consulting experts can assist businesses of any size to evaluate Windows 10 or to migrate to Windows 10 from any older release of Microsoft Windows. Remote and onsite evaluation and upgrade services for Microsoft Windows 10 available from Progent include ROI analysis, project coordination, compatibility testing, test lab systems, Hyper-V virtualization strategies, Cloud and hybrid solutions, mobile management, telecommuter access, data and identity security, streamlined provisioning and management, network infrastructure optimization, Wi-Fi support, business continuity planning, custom training for IT support personnel and end users, and ongoing technical help.

  • Work at Home Employees Consulting Services - Lower Manhattan - Collaboration Technology Consulting Services Downtown Manhattan Immediate Telecommuters Guidance nearby Lower Manhattan - Collaboration Technology Assistance
  • Work from Home Employees Consulting Experts near me in Lower Manhattan - Conferencing Technology Consultants Manhattan-Downtown New York City Telecommuters Lower Manhattan Guidance - Video Conferencing Solutions Consulting and Support Services

  • © 2002-2021 Progent Corporation. All rights reserved.