Crypto-Ransomware : Your Crippling Information Technology Nightmare
Crypto-Ransomware  Recovery ProfessionalsCrypto-Ransomware has become a modern cyber pandemic that poses an existential danger for organizations unprepared for an assault. Versions of ransomware such as CryptoLocker, CryptoWall, Locky, NotPetya and MongoLock cryptoworms have been replicating for a long time and still inflict destruction. Modern strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, as well as daily unnamed malware, not only encrypt online data files but also infect many accessible system backup. Files replicated to cloud environments can also be rendered useless. In a vulnerable system, this can render automated restore operations impossible and effectively knocks the entire system back to square one.

Getting back online services and information following a crypto-ransomware event becomes a sprint against time as the targeted business fights to contain and eradicate the ransomware and to resume mission-critical activity. Because ransomware needs time to replicate, penetrations are frequently sprung at night, when attacks tend to take more time to detect. This multiplies the difficulty of promptly mobilizing and orchestrating an experienced response team.

Progent offers an assortment of solutions for securing Lower Manhattan enterprises from ransomware penetrations. Among these are staff education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based threat defense to discover and suppress day-zero malware attacks. Progent in addition offers the services of expert ransomware recovery consultants with the talent and commitment to re-deploy a compromised network as rapidly as possible.

Progent's Ransomware Restoration Help
Subsequent to a ransomware penetration, paying the ransom in Bitcoin cryptocurrency does not provide any assurance that merciless criminals will respond with the needed keys to decipher any of your information. Kaspersky ascertained that 17% of crypto-ransomware victims never recovered their data even after having sent off the ransom, resulting in additional losses. The gamble is also costly. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is greatly above the typical crypto-ransomware demands, which ZDNET determined to be around $13,000 for small organizations. The other path is to setup from scratch the critical components of your Information Technology environment. Without the availability of full information backups, this requires a broad complement of skills, professional project management, and the ability to work continuously until the task is over.

For decades, Progent has made available certified expert Information Technology services for businesses across the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes engineers who have been awarded top certifications in leading technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cyber security experts have earned internationally-recognized industry certifications including CISM, CISSP, CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has experience in financial management and ERP software solutions. This breadth of experience gives Progent the skills to efficiently identify necessary systems and re-organize the surviving parts of your network system following a ransomware event and assemble them into a functioning network.

Progent's security team of experts utilizes state-of-the-art project management applications to orchestrate the complex restoration process. Progent knows the urgency of acting quickly and in concert with a client's management and Information Technology staff to prioritize tasks and to get critical systems back online as fast as humanly possible.

Case Study: A Successful Ransomware Incident Response
A small business hired Progent after their organization was crashed by Ryuk crypto-ransomware. Ryuk is believed to have been developed by North Korean government sponsored cybercriminals, possibly using technology exposed from the U.S. NSA organization. Ryuk goes after specific companies with limited tolerance for disruption and is among the most profitable instances of crypto-ransomware. Well Known victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturer based in Chicago with about 500 workers. The Ryuk intrusion had shut down all business operations and manufacturing capabilities. The majority of the client's information backups had been directly accessible at the start of the intrusion and were destroyed. The client considered paying the ransom (more than $200K) and praying for good luck, but ultimately engaged Progent.


"I can't thank you enough about the help Progent gave us during the most fearful period of (our) businesses existence. We may have had to pay the Hackers except for the confidence the Progent team gave us. That you could get our e-mail and important servers back into operation in less than one week was beyond my wildest dreams. Every single staff member I interacted with or communicated with at Progent was absolutely committed on getting our system up and was working all day and night on our behalf."

Progent worked together with the customer to rapidly get our arms around and assign priority to the mission critical services that needed to be restored to make it possible to resume company functions:

  • Active Directory
  • Exchange Server
  • Accounting and Manufacturing Software
To begin, Progent followed ransomware event mitigation industry best practices by isolating and clearing up compromised systems. Progent then began the work of restoring Microsoft Active Directory, the heart of enterprise systems built upon Microsoft Windows technology. Microsoft Exchange Server email will not function without AD, and the customer's MRP software utilized SQL Server, which needs Active Directory services for authentication to the data.

Within 2 days, Progent was able to recover Active Directory services to its pre-intrusion state. Progent then performed reinstallations and storage recovery on needed systems. All Microsoft Exchange Server data and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to locate intact OST files (Microsoft Outlook Offline Data Files) on team PCs in order to recover mail information. A not too old offline backup of the customer's accounting/ERP systems made them able to return these essential programs back servicing users. Although significant work was left to recover fully from the Ryuk attack, essential services were recovered quickly:


"For the most part, the production operation never missed a beat and we produced all customer sales."

During the following month key milestones in the recovery process were accomplished in tight cooperation between Progent team members and the customer:

  • Self-hosted web sites were restored with no loss of information.
  • The MailStore Server with over 4 million historical emails was spun up and accessible to users.
  • CRM/Customer Orders/Invoices/Accounts Payable (AP)/Accounts Receivables/Inventory modules were fully restored.
  • A new Palo Alto Networks 850 security appliance was brought on-line.
  • Nearly all of the user desktops were functioning as before the incident.

"A huge amount of what happened that first week is nearly entirely a haze for me, but our team will not soon forget the dedication all of your team accomplished to give us our business back. I've been working together with Progent for the past 10 years, possibly more, and every time I needed help Progent has come through and delivered. This situation was no exception but maybe more Herculean."

Conclusion
A possible business extinction catastrophe was evaded through the efforts of dedicated experts, a wide spectrum of knowledge, and close collaboration. Although in retrospect the ransomware penetration detailed here would have been shut down with up-to-date cyber security solutions and best practices, user training, and well designed incident response procedures for information backup and applying software patches, the fact remains that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a crypto-ransomware penetration, feel confident that Progent's team of experts has substantial experience in ransomware virus blocking, cleanup, and information systems restoration.


"So, to Darrin, Matt, Aaron, Dan, Jesse, Arnaud, Allen, Tony and Chris (and any others who were helping), thank you for allowing me to get rested after we got past the first week. Everyone did an amazing job, and if any of your guys is in the Chicago area, dinner is my treat!"

Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Restoration Expertise in Lower Manhattan
For ransomware recovery consulting in the Lower Manhattan metro area, phone Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24 Hour Lower Manhattan DopplePaymer Ransomware System-Rebuild Lower Manhattan-Tribeca, New York Lower Manhattan Phobos Ransomware Recovery
  • 24/7 Offsite Workforce Lower Manhattan Guidance - Infrastructure Consulting Experts Offsite Workforce Lower Manhattan Consulting - Infrastructure Consulting and Support Services Downtown Manhattan-Tribeca, New York

  • VMM Self-Service Portal Online Technical Support
    VMM Self-Service Portal Online Troubleshooting

    Progent's Microsoft-certified consultants can help organizations of all sizes to follow best practices to set up System Center 2012 Virtual Machine Manager hosts and host groups, fabric, storage systems, and libraries; design, integrate, and manage private clouds, virtual machines, and VMM services in SCVMM 2012; and integrate SCVMM 2012 with SCOM 2012 for comprehensive reporting. Progent can assist you to migrate from a legacy release of System Center Virtual Machine Manager or from a third-party management platform, and Progent can help you to optimize and repair your existing SCVMM environment to make sure you get the highest possible return on investment.

  • 24x7 24x7 Lower Manhattan Crypto-Ransomware Removal Support Services NYC-Downtown Urgent Lower Manhattan Crypto-Ransomware Cleanup New York City-Wall Street, United States
  • At Home Employees Video Conferencing IT Consulting Top Quality Work at Home Teleconferencing Support Outsourcing
  • At Home Workers Consulting and Support Services in Lower Manhattan - Collaboration Technology Expertise NYC-SoHo, New York New York City-East Village At Home Workforce Consulting and Support Services near me in Lower Manhattan - Collaboration Solutions Consulting and Support Services
  • Cisco Tech Support For Small Business New York City-SoHo Top Ranked Cisco Professional Services Manhattan-Downtown, New York
  • Computer Network Specialist BlackBerry Enterprise Server New York City-SoHo, NY BlackBerry Synchronization Computer Network Consulting company Downtown Manhattan New York
  • Consultant Services SCOM 2012 Fabric Monitoring Microsoft Certified Partner Datacenter Monitoring Integration Support
  • Consulting Expertise for Lower Manhattan Network Service Organizations Lower Manhattan-East Village Consulting Experts for Computer Support Firms nearby Lower Manhattan - Temporary Support Staff Help Manhattan-Tribeca, NY
  • Downtown Manhattan, New York, USA Implementation Microsoft SQL Server 2016 Microsoft SQL Server 2016 Server Consultant New York City-Wall Street, NY

  • Integration Windows Server 2019 and SCOM
    Windows Server 2019 Storage Replica Technology Consulting Services

    Progent's Microsoft-certified Windows Server 2019 experts can help your organization to design and implement a cost-effective migration to Windows Server 2019 using your current deployment architecture or a cloud-hosted or hybrid deployment model. Microsoft Windows Server 2019 offers significant improvements in capacity, performance, ease of management, Hyper-V virtualization, security and compliance, hybrid on-prem plus cloud deployments, resilience, and container support.

  • Emergency Lower Manhattan Crypto-Ransomware Rollback Lower Manhattan-Tribeca, New York Lower Manhattan Crypto-Ransomware Cleanup New York City-SoHo
  • Exchange 2016 Data Loss Prevention On-site Technical Support Microsoft Certified Partner Exchange 2016 Collaboration Consulting

  • NetDocs Integration Consultant Services
    NetDocs and Exchange Server Professional

    NetDocuments (NetDocs) is a cloud-based document management system (DMS) designed for law practices. Progent offers remote access to NetDocuments consultants to help legal departments and law firms to design, configure, administer, tune, or troubleshoot a document management system solution powered by NetDocs.

  • New York City-Tribeca, US Lower Manhattan Spora Crypto-Ransomware Recovery
  • Exchange Server 2013 IT Management Downtown Manhattan, New York, USA Exchange 2016 Computer Support Consultants New York City
  • ISSAP Protecting Security Contractor Business Continuity
  • IT Staffing for IT Service Organizations Lower Manhattan-Downtown, New York Supplemental Network Support Staffing Services Consulting
  • Immediate At Home Workforce Lower Manhattan Assistance - Help Desk Augmentation Consultants Telecommuters Lower Manhattan Guidance - Help Desk Solutions Guidance Lower Manhattan-Downtown, NY, America
  • Integration Altaro 365 Total Backup Support Services Altaro 365 Total Backup
  • Lower Manhattan At Home Workers Connectivity Solutions Consulting Lower Manhattan-Lower Manhattan, New York, USA At Home Workforce Lower Manhattan Consulting and Support Services - Set up Guidance New York City-SoHo, NY, United States

  • Supplemental Support Desk Cost Savings Consulting Services
    Top Extended Help Des Cost Savings IT Consulting

    Progent's Help Desk management and co-management services help businesses to reduce costs and increase productivity.

  • Lower Manhattan Offsite Workforce Voice/Video Conferencing Systems Consulting Experts Downtown Manhattan NY Remote Workforce Consulting near me in Lower Manhattan - Conferencing Solutions Assistance Downtown Manhattan-Wall Street, NY
  • Lower Manhattan Ransomware Infection Susceptibility Audit Lower Manhattan Ransomware Sodinokibi Vulnerability Testing New York City-East Village, New York

  • Microsoft ISA Server IT Specialists
    Outsourcing Company Microsoft Windows 2016

    Progent's Microsoft-certified consultants can provide network help and IT consulting services for Microsoft .NET Servers and programs and for Windows Server 2012, 2008 and 2003. Progent's consulting team can help you design, integrate, maintain and manage the entire suite of Windows .NET Servers including Microsoft SQL Server 2012, Microsoft ISA Server, Small Business Server, Microsoft Exchange Server 2013 and Exchange Server 2010, SharePoint Server, Windows Hyper-V, Lync Server, Project Server, and System Center Operations Manager (SCOM).

  • Lower Manhattan Remote Workforce Cloud Systems Consulting Experts New York City-Lower Manhattan 24/7 At Home Workers Lower Manhattan Expertise - Cloud Integration Technology Consulting Downtown Manhattan-East Village
  • Lower Manhattan Remote Workforce Cybersecurity Systems Consulting Experts Manhattan New York Lower Manhattan Work at Home Employees Endpoint Security Systems Consulting New York City-Downtown
  • Lower Manhattan Ryuk Crypto-Ransomware Malware File-Recovery Example Lower Manhattan WannaCry Ransomware File-Recovery Manhattan, United States
  • Lower Manhattan Snatch Crypto-Ransomware Forensics Investigation Award Winning Lower Manhattan Ryuk Crypto-Ransomware Forensics Investigation New York City-Tribeca
  • Lower Manhattan-Wall Street, NY, America Work at Home Employees Lower Manhattan Consulting Services - Data Protection Solutions Consultants Work at Home Employees Consulting Experts near Lower Manhattan - Backup/Recovery Technology Consulting Services Lower Manhattan-Downtown, New York
  • Manhattan New York Lower Manhattan Netwalker Crypto-Ransomware Settlement Negotiation Guidance Lower Manhattan Phobos Crypto-Ransomware Negotiation Services New York City, US
  • Manhattan-East Village, New York Teleworkers Consulting Services near Lower Manhattan - IP Voice Systems Consulting After Hours Lower Manhattan Work at Home Employees IP Voice Systems Consulting Manhattan-SoHo, New York
  • Meraki AP Remote Support Services Meraki AP Technical Support Services

  • ProSight Reporting Infrastructure Monitoring Outsourcing
    24 Hour ProSight Reporting Ticketing Outsourcing

    ProSight Reporting is an expanding line of real-time reporting tools created to work with the leading ticketing and network monitoring platforms such as ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne.

  • NYC-Wall Street, New York SharePoint Server 2013 Support and Setup Microsoft SharePoint Server Online Technical Support NYC

  • Two-factor Authentication (2FA) Engineer
    Duo MFA and Single Sign-on Consulting Services

    Progent's Duo managed services utilize Cisco's Duo cloud technology to defend against compromised passwords by using two-factor authentication. Duo enables one-tap identity verification on iOS, Android, and other out-of-band devices.

  • Lower Manhattan Conti Crypto-Ransomware File-Recovery
  • New York City IT Management Top Rated New York, New York Network Security Consultants
  • New York Phone Support MCSE Expert Certified New York Remote Technical Support
  • Lower Manhattan MongoLock Ransomware Rollback NYC, NY
  • Online Help Suse Linux, Solaris, UNIX CentOS Linux, Sun Solaris, UNIX Consulting Downtown Manhattan-Wall Street, NY
  • Q and A about Cisco Engineering Part-Time Job Questions about Computer Consultants Virtual Office Job

  • Consulting Services SentinelOne Endpoint Protection and Response
    SentinelOne Malware Forensics Experts Network Consulting

    Progent is a reseller and consulting firm for SentinelOne's Singularity product family, a subscription-based, cloud-first threat management platform that incorporates AI software and expert services to deliver cutting-edge endpoint detection and response.

  • Ransomware Data Recovery NYC-Wall Street, NY, America Ransomware Removal and Restore
  • Remote Workforce Lower Manhattan Consulting Services - Endpoint Management Solutions Consulting and Support Services Lower Manhattan-SoHo, U.S.A. Lower Manhattan At Home Workforce Management Tools Assistance NYC-Downtown, NY
  • SQL Server 2019 Cybersecurity Outsourcing Emergency SQL Server 2019 OLTP Network Engineer

  • Network Engineer Call Desk for at Home Workforce
    24/7/365 Telecommuter Solutions Support and Help

    Progent has two decades of background helping small and medium-size companies to design, deploy, optimize, manage, and debug IT networks that support telecommuters.

  • Security Certification WatchGuard Firebox M370 Firewall WatchGuard Firebox M470 Firewall Cybersecurity Organization
  • Lower Manhattan NotPetya Crypto-Ransomware File-Recovery NYC NY
  • Security Contractors CISSP Manhattan Firewall Network Security Auditing Lower Manhattan, NY
  • Top Dynamics GP-Great Plains Lower Manhattan Solution Provider - Implementation Support Services Manhattan-Tribeca Lower Manhattan Microsoft Dynamics GP-Great Plains Migration Experts Lower Manhattan-Wall Street, NY
  • Lower Manhattan NotPetya Ransomware Repair
  • Windows Server 2016 Software Support Lower Manhattan-SoHo, NY Windows Small Office Server Support NYC-SoHo, New York
  • Windows Server 2016 upgrade Specialists Windows Server 2016 Virtual Machine Load Balancing Online Help
  • iPhone Citrix Troubleshooting iPhone LDAP Technology Consulting Services

  • © 2002-2023 Progent Corporation. All rights reserved.