Ransomware : Your Worst Information Technology Catastrophe
Ransomware  Remediation ConsultantsRansomware has become an escalating cyber pandemic that poses an enterprise-level threat for businesses poorly prepared for an assault. Multiple generations of ransomware such as Reveton, Fusob, Locky, NotPetya and MongoLock cryptoworms have been around for a long time and still cause havoc. More recent versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with frequent unnamed newcomers, not only do encryption of on-line information but also infect all configured system protection. Files synched to off-site disaster recovery sites can also be rendered useless. In a poorly designed environment, this can render automated restoration impossible and basically sets the network back to zero.

Getting back online programs and information following a ransomware attack becomes a sprint against the clock as the victim tries its best to contain and remove the ransomware and to restore business-critical operations. Due to the fact that ransomware requires time to spread, attacks are often sprung at night, when successful attacks may take longer to detect. This multiplies the difficulty of quickly assembling and organizing an experienced mitigation team.

Progent provides a variety of solutions for securing Lower Manhattan enterprises from ransomware events. These include user education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) utilizing SentinelOne's AI-based threat defense to detect and suppress zero-day modern malware attacks. Progent in addition provides the services of experienced crypto-ransomware recovery professionals with the track record and perseverance to rebuild a breached network as quickly as possible.

Progent's Ransomware Restoration Services
Soon after a crypto-ransomware event, paying the ransom in Bitcoin cryptocurrency does not provide any assurance that criminal gangs will provide the codes to decrypt any or all of your data. Kaspersky estimated that 17% of crypto-ransomware victims never recovered their files after having paid the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is greatly higher than the average ransomware demands, which ZDNET determined to be in the range of $13,000 for small organizations. The alternative is to re-install the essential components of your Information Technology environment. Absent the availability of essential data backups, this requires a broad range of skills, top notch team management, and the willingness to work 24x7 until the job is complete.

For two decades, Progent has provided expert IT services for companies throughout the United States and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded top industry certifications in foundation technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have earned internationally-recognized certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent in addition has experience with accounting and ERP applications. This breadth of experience gives Progent the capability to rapidly ascertain necessary systems and re-organize the remaining pieces of your network environment after a ransomware attack and rebuild them into a functioning network.

Progent's recovery team of experts deploys powerful project management applications to coordinate the complex restoration process. Progent knows the importance of working swiftly and together with a customer's management and IT staff to assign priority to tasks and to put the most important applications back on line as soon as humanly possible.

Customer Case Study: A Successful Ransomware Penetration Recovery
A client escalated to Progent after their organization was attacked by Ryuk ransomware. Ryuk is generally considered to have been launched by Northern Korean government sponsored hackers, suspected of adopting strategies leaked from the United States National Security Agency. Ryuk targets specific businesses with little tolerance for disruption and is one of the most profitable iterations of crypto-ransomware. Major targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturing business located in the Chicago metro area and has around 500 employees. The Ryuk attack had paralyzed all essential operations and manufacturing capabilities. Most of the client's information backups had been online at the beginning of the attack and were damaged. The client was taking steps for paying the ransom demand (more than two hundred thousand dollars) and wishfully thinking for the best, but ultimately brought in Progent.


"I can't speak enough about the care Progent provided us during the most stressful period of (our) company's survival. We had little choice but to pay the cyber criminals behind the attack if not for the confidence the Progent experts provided us. The fact that you could get our e-mail system and key applications back on-line in less than 1 week was beyond my wildest dreams. Every single person I spoke to or e-mailed at Progent was amazingly focused on getting us back online and was working day and night to bail us out."

Progent worked hand in hand the customer to quickly determine and assign priority to the mission critical systems that needed to be restored in order to restart departmental operations:

  • Active Directory (AD)
  • E-Mail
  • MRP System
To get going, Progent followed Anti-virus penetration response best practices by halting lateral movement and disinfecting systems. Progent then began the task of recovering Active Directory, the key technology of enterprise systems built upon Microsoft Windows technology. Microsoft Exchange Server messaging will not operate without Windows AD, and the client's MRP system used Microsoft SQL Server, which needs Active Directory services for authentication to the information.

Within two days, Progent was able to restore Active Directory services to its pre-attack state. Progent then initiated rebuilding and storage recovery on the most important servers. All Microsoft Exchange Server ties and attributes were intact, which facilitated the restore of Exchange. Progent was able to collect non-encrypted OST data files (Outlook Off-Line Folder Files) on user desktop computers to recover email messages. A not too old offline backup of the businesses manufacturing software made them able to restore these essential programs back servicing users. Although a large amount of work still had to be done to recover fully from the Ryuk virus, critical services were recovered rapidly:


"For the most part, the manufacturing operation showed little impact and we did not miss any customer orders."

Over the following couple of weeks important milestones in the recovery process were made through tight cooperation between Progent consultants and the customer:

  • In-house web applications were brought back up without losing any information.
  • The MailStore Exchange Server with over four million historical emails was brought online and accessible to users.
  • CRM/Orders/Invoices/Accounts Payable/Accounts Receivables/Inventory modules were completely restored.
  • A new Palo Alto Networks 850 security appliance was installed.
  • Most of the user workstations were functioning as before the incident.

"Much of what was accomplished that first week is mostly a fog for me, but my management will not soon forget the dedication all of your team accomplished to help get our company back. I have entrusted Progent for the past 10 years, maybe more, and each time Progent has outperformed my expectations and delivered. This situation was a testament to your capabilities."

Conclusion
A potential company-ending disaster was evaded through the efforts of dedicated professionals, a wide range of subject matter expertise, and close collaboration. Although in hindsight the ransomware attack described here could have been identified and disabled with modern cyber security technology and NIST Cybersecurity Framework best practices, staff training, and well designed incident response procedures for data protection and applying software patches, the reality remains that state-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and are an ongoing threat. If you do fall victim to a ransomware virus, remember that Progent's roster of experts has a proven track record in crypto-ransomware virus defense, cleanup, and file disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Jesse, Arnaud, Allen, Tony and Chris (and any others who were contributing), thank you for making it so I could get rested after we made it through the most critical parts. All of you did an fabulous effort, and if anyone that helped is visiting the Chicago area, dinner is the least I can do!"

Download the Crypto-Ransomware Removal Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Consulting Services in Lower Manhattan
For ransomware recovery consulting services in the Lower Manhattan metro area, call Progent at 800-462-8800 or see Contact Progent.



An index of content::

  • 24-Hour IT Staff Temps for Network Service Teams Downtown Manhattan-Wall Street, NY Largest IT Staff Temps for IT Support Groups New York City-Wall Street
  • At Home Workforce Lower Manhattan Consultants - Integration Assistance Manhattan-Wall Street, United States Lower Manhattan Offsite Workforce Integration Consultants Manhattan-East Village, New York

  • Online Support Windows Server 2019 and SCVMM
    24 Hour Windows Server 2019 PowerShell Computer Consultant

    Progent's certified Windows Server 2019 experts can assist your organization to design and carry out an efficient migration to Windows Server 2019 using existing deployment architecture or a new cloud-based or hybrid model. Windows Server 2019 delivers significant enhancements in capacity, speed, ease of management, Hyper-V virtualization, cybersecurity, hybrid on-prem plus cloud deployments, availability, and container support.

  • At Home Workforce Lower Manhattan Guidance - VoIP Solutions Consulting and Support Services NYC-Lower Manhattan, NY Immediate Lower Manhattan Remote Workers IP Voice Solutions Guidance Lower Manhattan, New York
  • Call Desk Sharing Technology Consulting Virtual Support Desk IT Services
  • Consultancy Data Protection Manager Backup Service Remote DPM Backup and Restore Service Consult
  • Consulting Services Company New York, New York New York Computer Specialists
  • Lower Manhattan Conti Ransomware System-Rebuild
  • CryptoLocker Remediation Help Lower Manhattan New York 24/7/365 Lower Manhattan Ransomware Remediation Support Services New York City
  • Downtown Manhattan-Downtown Manhattan, New York Lower Manhattan WannaCry Crypto-Ransomware Negotiation Services Lower Manhattan Sodinokibi Crypto-Ransomware Settlement Help New York City-Wall Street, New York
  • Emergency BlackBerry Redirector Software Consulting Services Manhattan-East Village, US Manhattan-Downtown, NY RIM BlackBerry Consulting Firms

  • SCCM Policy Settings Consultant Services
    Biggest SCCM Mobile Device Management Support and Setup

    System Center Configuration Manager automates software provisioning across multiple sites, streamlines compliance settings control, keeps track of network resources, protects against corporate data leakage, provides network health monitoring, enables safe end-user self service, and delivers a common control mechanism for managing mixed-operating system networks based on on-premises, cloud-centric, or hybrid deployment architectures. Progent's Microsoft-certified Configuration Manager consulting team and Microsoft Azure cloud experts can assist businesses of any size with any aspect of designing, implementing, using and troubleshooting a SCCM solution for on-premises, cloud-based, or hybrid networks.

  • Exchange Server 2016 Consulting Companies Lower Manhattan, U.S.A. New York City-Wall Street Exchange 2010 Server Security Consulting Services
  • Experts Cisco NYC-SoHo Cisco Network Consulting Service Manhattan-Downtown, NY
  • Fedora Linux, Solaris, UNIX Specialist New York City-East Village, NY Ubuntu Linux, Solaris, UNIX Computer Consultant Downtown Manhattan-East Village, NY, United States
  • Firewall Security Audit Services Manhattan-Wall Street, NY, United States Firewall Network Security Audit Lower Manhattan-East Village

  • ISSAP Certified Cybersecurity Architecture Consultant Services
    ISSAP Certified Cybersecurity Consultant Services

    Progent's ISSAP Certified security experts, or Information Systems Security Architecture Professionals, are experts who have earned ISSAP Certification as a result of rigorous testing and significant experience with network security architecture. ISSAP security experts have comprehensive knowledge of access control mechanisms and techniques, phone system and network infrastructure security, cryptography, requirements analysis, business continuity and disaster recovery planning (DRP), and physical security integration. Progent's ISSAP-certified security consultants can help your business with all aspects of secure network architecture.

  • Lower Manhattan Avaddon Crypto-Ransomware Forensics Analysis New York City-Wall Street, NY Lower Manhattan Locky Ransomware Forensics Analysis Lower Manhattan-Wall Street, NY
  • Lower Manhattan Crypto-Ransomware Phobos ransomware recovery New York City Lower Manhattan Crypto-Ransomware Ryuk Preparedness Review Lower Manhattan, New York

  • 24 Hour Barracuda Backup Software Appliance Computer Consulting
    Barracuda Backup Planning Network Consulting

    Barracuda Backup is an affordable, subscription backup and disaster recovery platform for small and medium-size businesses. A Barracuda Backup deployment can incorporate a purpose-built hardware storage device built by Barracuda or a virtual appliance with comparable features but which utilizes your existing storage hardware. Barracuda Backup protects vital company data generated on-premises, at one or multiple remote sites, or in the cloud. For disaster recovery, you can replicate data to the Barracuda Cloud, to Amazon AWS, or to any location with a Barracuda appliance. Progent is a certified Barracuda partner and Progent's Barracuda Backup consulting experts can provide a wide range of consulting services to assist you to design, configure, operate and troubleshoot a BDR solution based on Barracuda Backup.

  • Lower Manhattan MongoLock Crypto-Ransomware Data-Recovery NYC-Tribeca, United States New York City-Wall Street, NY Lower Manhattan Locky Ransomware System-Rebuild
  • Lower Manhattan MongoLock Crypto-Ransomware System-Rebuild NYC-SoHo Lower Manhattan DopplePaymer Crypto-Ransomware Recovery New York City New York
  • Manhattan, NY Offsite Workforce Lower Manhattan Consulting and Support Services - Infrastructure Assistance Telecommuters Lower Manhattan Assistance - Integration Consultants New York City New York

  • Consultants ProSight ESP Behavior-based Antivirus
    iPhone Security Computer Consultants

    Progent's ProSight Enhanced Security Protection (ESP) services offer ultra-affordable multi-layer security for physical servers and VMs, workstations, mobile devices, and Microsoft Exchange. ProSight ESP uses contextual security and advanced machine learning for continuously monitoring and reacting to security threats from all attack vectors. ProSight ESP delivers two-way firewall protection, intrusion alarms, device management, and web filtering through leading-edge technologies packaged within a single agent managed from a single console. Progent's security and virtualization experts can assist your business to design and implement a ProSight ESP environment that meets your organization's specific needs and that allows you demonstrate compliance with government and industry information security regulations. Progent will help you define and configure security policies that ProSight ESP will manage, and Progent will monitor your IT environment and react to alerts that call for urgent action. Progent's consultants can also assist you to set up and test a backup and restore solution such as ProSight Data Protection Services so you can recover rapidly from a potentially disastrous security attack such as ransomware.

  • Manhattan-East Village, New York Lower Manhattan Remote Workforce Help Desk Augmentation Consultants Emergency Remote Workers Lower Manhattan Guidance - Help Desk Augmentation Assistance Lower Manhattan-Wall Street

  • MOM Case Studies
    MOM Case Study

    Before Progent's Microsoft Operations Manager solution, network problems were approached reactively, once users were impacted by them. With the help of proactive, computer generated warnings and trend analyses sent by Microsoft Operations Manager, Progent is now able to fix network troubles before they grow to be serious enough to impact network availability. Because of Microsoft Operations Manager, Progent can resolve incipient problems before customers know that the problems exist. Progent supports MOM 2005 and MOM 2000 to provide small company IT systems enterprise-class reliability, safety and productivity.

  • Microsoft Dynamics GP-Great Plains Lower Manhattan Supplier - Customization Support Services Manhattan NY Lower Manhattan MS Dynamics GP (Great Plains) Customization Expert New York City, America
  • Microsoft SharePoint Server 2013 Online Support NYC, New York SharePoint Server 2013 Consultants Downtown Manhattan NY

  • Professionals macOS Configuration
    Engineers OS X Troubleshooting

    Progent offers nationwide online phone support and consulting services for companies who operate Apple Mac OS X networks or whose information systems include a combination of Mac with Microsoft Windows technology. Progent's consultants can provide macOS and Mac OS X clients a range of services including desktop assistance, migration to the most recent edition of OS X from earlier editions of Apple macOS and Mac OS X, plus help with Apple macOS and OS X application software. Progent's specialists in Apple technology can also help your business with Apple iPhone and Apple iPad synchronization and troubleshooting, or migrating to Apple's iCloud services. Remote IT help offers optimum return for your IT dollar by protecting user productivity and shortening the time billed for computer analysis and repair. Sophisticated remote access technology and experienced technicians and consultants combine to enable Progent to handle most IT issues without wasting time and expense by going to your site. In the vast majority of situations your network issues can be dealt with by telephone or via a mix of telephone support and remote connectivity. Progent can offer the services of Cisco CCIE infrastructure experts and CISSP and ISSAP certified security professionals to help with the most challenging system problems.

  • Microsoft Windows Server 2019 Tech Consultants New York City-Wall Street, New York Windows Server 2012 R2 Computer Network Specialists New York City, NY
  • Lower Manhattan Ryuk Crypto-Ransomware Mitigation NYC-Downtown, New York
  • New York City, NY Lower Manhattan Lockbit Ransomware Mitigation Lower Manhattan Netwalker Crypto-Ransomware Operational-Recovery NYC-Lower Manhattan, New York

  • Support Services Wi-Fi VoIP phone integration
    8500 Wireless Controller Specialist

    Progent's Cisco-certified wireless technology consulting experts can assist organizations to configure, manage, and troubleshoot Cisco wireless devices such as Aironet and Meraki Wave 2 Wi-Fi access points (APs) plus Cisco's Wireless Network Controllers.

  • Offsite Workforce Lower Manhattan Consulting Services - Security Solutions Consulting Experts Remote Workforce Lower Manhattan Assistance - Cybersecurity Solutions Consultants Lower Manhattan
  • Professionals Lower Manhattan Computer Service Providers Lower Manhattan
  • Remote Workers Lower Manhattan Assistance - Backup Systems Guidance Downtown Manhattan Lower Manhattan Offsite Workforce Backup/Restore Solutions Expertise NYC
  • Remote Workers Lower Manhattan Guidance - Cloud Integration Technology Guidance New York City-Tribeca, New York Lower Manhattan Remote Workforce Cloud Solutions Consulting and Support Services NYC-Wall Street
  • SQL Server Maintenance Lower Manhattan-East Village, New York, USA Lower Manhattan-East Village, New York, United States Computer Consulting Group SQL Server 2012
  • Specialists for Lower Manhattan IT Support Companies Manhattan-East Village Consulting for Network Service Organizations - Lower Manhattan - Temporary Staff Assistance Manhattan New York

  • Windows 8 Consult
    Windows 8.1 Help Desk Setup and Support

    Microsoft Windows 8.1 is designed to power devices from smartphones and slates to engineering workstations. An abundance of new and improved features, such as its touchscreen support and signature tile GUI, provide a wide selection of advantages for companies who understand how to put them to work. Progent's Microsoft-certified consultants can assist get your business up the learning curve with Microsoft Windows 8.1 and make sure you gain significant business advantage from the operating system's various technical enhancements.

  • Spora Ransomware Hot Line Ransomware Hot Line Manhattan-Tribeca, New York
  • Telecommuters Consulting and Support Services near Lower Manhattan - Endpoint Management Systems Expertise Remote Workers Consulting Services in Lower Manhattan - Management Solutions Consulting Experts Downtown Manhattan New York

  • After Hours Exchange Server 2016 Migration Planning Computer Consultant
    Exchange Server 2016 Migration Professional

    Progent can assist you in any and all phases of your upgrade to Exchange 2016 such as designing HA architecture for an on-premises, Microsoft cloud connected or hybrid environment; licensing requirements for Exchange 2016 and Windows Server 2012 R2 or later; migrating mailboxes; Hyper-V strategy; specifying mass storage requirements for your VMs, databases and log files; configuring hardware load balancing (HLB) for fault-tolerant CAS services; planning, setting up and testing Exchange Servers and Windows Servers and Database Availability Groups (DAGs); setting up collaboration with SharePoint Server or SharePoint Online; preparing your firewall; creating SSL certs; performing client integration with Office desktop or Microsoft 365; and configuring Outlook on the web (formerly Outlook Web App).

  • Telecommuting Jobs Network Engineer SF Microsoft MCA Engineer Home Based Jobs Daly City, CA, USA
  • Windows Server 2012 R2 Private Cloud Network Consultant Consulting Services Windows Server 2012 R2 Multitenancy
  • Work from Home Employees Lower Manhattan Consulting - Conferencing Technology Consulting NYC-Lower Manhattan, United States Remote Workforce Consulting Experts nearby Lower Manhattan - Conferencing Technology Assistance New York City, NY

  • Computer Network Support Companies Best Practices
    24x7x365 Network System Support Consultant Access to External Support Databases

    Progent's staff of Microsoft and Cisco Premier Certified consultants average longer than a decade of real-world professional background, at the forefront of IT support, performing a wide range of IT tasks for an extensive mix of businesses. Every Progent support professional shares a proven collection of personal best practices which are incorporated into shared leading practices standards that Progent instills in its consulting staff. This means that you get not just expert IT capability, but also a support engineer with field-tested methods for using technical knowledge to solve real-world network problems quickly.

  • Work from Home Employees Lower Manhattan Consulting Experts - Collaboration Technology Consulting Immediate Teleworkers Consulting Experts in Lower Manhattan - Collaboration Systems Assistance New York City New York
  • 24x7 Lower Manhattan Netwalker Ransomware Rollback New York City-SoHo, New York

  • © 2002-2022 Progent Corporation. All rights reserved.