Crypto-Ransomware : Your Crippling IT Nightmare
Ransomware Recovery ProfessionalsCrypto-Ransomware has become a modern cyber pandemic that represents an extinction-level threat for businesses unprepared for an attack. Multiple generations of ransomware such as Reveton, CryptoWall, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for many years and still cause destruction. Newer versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Egregor, plus additional unnamed viruses, not only encrypt online files but also infiltrate any accessible system protection. Information synchronized to off-site disaster recovery sites can also be encrypted. In a vulnerable system, this can make automated restore operations hopeless and basically sets the network back to zero.

Restoring applications and information after a ransomware intrusion becomes a sprint against the clock as the targeted organization fights to contain and cleanup the ransomware and to resume business-critical activity. Due to the fact that ransomware takes time to move laterally, penetrations are often launched on weekends and holidays, when successful attacks typically take more time to uncover. This compounds the difficulty of rapidly assembling and organizing a knowledgeable mitigation team.

Progent provides a range of services for securing Lower Manhattan enterprises from crypto-ransomware penetrations. These include user education to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus installation of next-generation security appliances with artificial intelligence capabilities to automatically discover and disable new threats. Progent also provides the services of experienced crypto-ransomware recovery professionals with the skills and perseverance to rebuild a compromised environment as rapidly as possible.

Progent's Ransomware Recovery Services
Soon after a ransomware penetration, even paying the ransom demands in Bitcoin cryptocurrency does not guarantee that cyber criminals will return the needed codes to unencrypt any or all of your information. Kaspersky determined that seventeen percent of ransomware victims never recovered their information after having paid the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the typical ransomware demands, which ZDNET determined to be approximately $13,000 for smaller organizations. The alternative is to piece back together the key elements of your Information Technology environment. Without the availability of essential system backups, this requires a wide complement of skills, well-coordinated project management, and the ability to work 24x7 until the task is done.

For decades, Progent has offered professional IT services for businesses across the United States and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes consultants who have been awarded top industry certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security engineers have garnered internationally-recognized certifications including CISM, CISSP, ISACA CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent also has expertise in accounting and ERP applications. This breadth of expertise affords Progent the capability to quickly identify necessary systems and organize the remaining parts of your computer network system following a ransomware attack and rebuild them into a functioning network.

Progent's recovery team of experts has best of breed project management tools to coordinate the complex restoration process. Progent appreciates the importance of acting quickly and in unison with a customer’s management and IT staff to prioritize tasks and to put the most important systems back on line as fast as possible.

Customer Case Study: A Successful Ransomware Penetration Recovery
A client hired Progent after their network was crashed by the Ryuk ransomware virus. Ryuk is generally considered to have been created by North Korean state sponsored hackers, suspected of using algorithms exposed from the United States National Security Agency. Ryuk seeks specific organizations with limited room for operational disruption and is among the most lucrative instances of ransomware viruses. Well Known organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturing company based in the Chicago metro area with around 500 employees. The Ryuk penetration had frozen all company operations and manufacturing capabilities. The majority of the client's backups had been online at the beginning of the attack and were encrypted. The client was taking steps for paying the ransom demand (more than $200K) and wishfully thinking for good luck, but in the end brought in Progent.

"I can’t thank you enough about the support Progent gave us throughout the most fearful time of (our) company’s existence. We would have paid the cyber criminals if not for the confidence the Progent team provided us. The fact that you could get our messaging and key servers back online in less than one week was amazing. Each staff member I worked with or communicated with at Progent was hell bent on getting us back online and was working 24 by 7 on our behalf."

Progent worked with the client to rapidly get our arms around and prioritize the essential areas that had to be addressed in order to continue company operations:

  • Windows Active Directory
  • Microsoft Exchange
  • MRP System
To begin, Progent followed Anti-virus event mitigation best practices by stopping lateral movement and disinfecting systems. Progent then began the work of rebuilding Active Directory, the key technology of enterprise environments built on Microsoft technology. Microsoft Exchange Server messaging will not function without Windows AD, and the client's MRP system utilized Microsoft SQL, which depends on Windows AD for access to the information.

In less than 2 days, Progent was able to re-build Windows Active Directory to its pre-intrusion state. Progent then accomplished setup and storage recovery on mission critical applications. All Microsoft Exchange Server ties and configuration information were usable, which accelerated the restore of Exchange. Progent was also able to locate intact OST data files (Outlook Off-Line Data Files) on user desktop computers in order to recover mail information. A not too old offline backup of the client's manufacturing software made it possible to restore these vital services back online for users. Although a lot of work still had to be done to recover fully from the Ryuk damage, core systems were returned to operations quickly:

"For the most part, the production manufacturing operation was never shut down and we produced all customer orders."

During the following month critical milestones in the restoration process were accomplished through tight collaboration between Progent engineers and the customer:

  • Self-hosted web sites were returned to operation with no loss of data.
  • The MailStore Exchange Server containing more than 4 million archived emails was spun up and available for users.
  • CRM/Product Ordering/Invoices/AP/Accounts Receivables/Inventory functions were completely recovered.
  • A new Palo Alto 850 security appliance was brought online.
  • Most of the user PCs were back into operation.
"A lot of what went on in the early hours is nearly entirely a fog for me, but we will not forget the countless hours each and every one of your team accomplished to give us our business back. I have entrusted Progent for at least 10 years, maybe more, and each time I needed help Progent has come through and delivered as promised. This situation was the most impressive ever."

Conclusion
A possible company-ending catastrophe was avoided with dedicated experts, a broad array of knowledge, and tight teamwork. Although in analyzing the event afterwards the crypto-ransomware penetration detailed here could have been prevented with advanced security technology solutions and NIST Cybersecurity Framework best practices, user education, and properly executed incident response procedures for information protection and keeping systems up to date with security patches, the reality is that state-sponsored criminal cyber gangs from Russia, China and elsewhere are relentless and are an ongoing threat. If you do get hit by a ransomware attack, feel confident that Progent's team of experts has extensive experience in ransomware virus defense, mitigation, and file disaster recovery.

"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Chris (and any others that were contributing), thanks very much for making it so I could get some sleep after we got past the initial push. Everyone did an amazing effort, and if anyone that helped is in the Chicago area, a great meal is the least I can do!"

Download the Ransomware Removal Case Study Datasheet
To read or download a PDF version of this ransomware incident report, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist



An index of content::

  • 24-7 Lower Manhattan Sodinokibi Ransomware System-Rebuild Manhattan, New York, USA 24-Hour Lower Manhattan Ryuk Crypto-Ransomware Business-Recovery NYC-Lower Manhattan
  • 24x7 Lower Manhattan Consulting Support for IT Support Providers Manhattan-East Village Lower Manhattan Consulting Experts for IT Service Providers

    • ProSight Managed Services Engineer
    Network Management Outsourcing Engineers

    Progent's ProSight family of managed services are designed to offer businesses who have small internal IT administration and support teams with low-cost help from world-class management platforms and consulting experts. Benefits of Progent's ProSight line of managed IT services include predictable IT management costs, smart automation of common administrative processes, continual adoption of the latest technology, smooth migration from legacy systems to current solutions, close alignment of information technology with business objectives, guidance from veteran network experts, and allowing management to focus on business issues rather than ever-changing information technology.

  • 24x7 Work from Home Employees Lower Manhattan Consulting Experts - Endpoint Management Systems Consultants Lower Manhattan, United States Offsite Workforce Lower Manhattan Consultants - Endpoint Management Systems Consulting Experts
  • After Hours At Home Workers Consulting Services nearby Lower Manhattan - Setup Guidance Lower Manhattan At Home Workers Integration Consulting and Support Services
  • At Home Workers Consulting Experts nearby Lower Manhattan - Collaboration Systems Consulting Experts Downtown Manhattan-East Village, NY Work from Home Employees Lower Manhattan Expertise - Collaboration Technology Consulting Experts
  • At Home Workers Lower Manhattan Consulting - Conferencing Technology Consulting Services Lower Manhattan Work from Home Employees Expertise near Lower Manhattan - Conferencing Systems Consulting Experts New York City-Wall Street, NY
  • Best NYC-Lower Manhattan Server Setup Support Firms New York
  • Best Ransomware Removal and Restore Lower Manhattan-East Village, New York Spora Ransomware Hot Line Downtown Manhattan-Tribeca, New York, USA

    • Cisco Certified Experts 5500 Wireless Controller Technology Consulting Services
    Open Now Online Support Services 5500 Wireless Controller

    Cisco's Catalyst family of Wi-Fi controllers streamline the management of Wi-Fi LANs by unifying the provisioning and management of wireless APs, tuning wireless performance by limiting the impact of radio frequency congestion, improving wireless uptime with rapid failover, and hardening data security by identifying cyber threats and filtering traffic content according to user type and location. Progent can assist you to configure Cisco wireless LAN controllers to manage wireless LANs of all sizes. Progent can help you to maintain and debug your current Cisco-based Wi-Fi solution or implement a smooth migration to Cisco's latest wireless controller technology.

  • CentOS Linux, Sun Solaris, UNIX IT Consulting New York City, New York CentOS Linux, Solaris, UNIX IT Services NYC-SoHo, New York
  • Cisco Planning Tech Support For Small Business Cisco Remote Access Consulting Team
  • Downtown Manhattan-SoHo BlackBerry Exchange Network Manager Top Ranked Consulting Company BlackBerry Enterprise Server Manhattan-East Village, NY
  • HP Data Protector Specialist HP Data Protector Consultancy

    • Windows 2003 Server Support and Help
    24-Hour Microsoft Windows 2003 Help and Support

    Progent's certified Windows Server 2003 engineers can provide computer help and expert consulting services for the entire line of Microsoft .NET Servers, Windows 2003 Server, and Windows Server 2000. Progent's Microsoft Windows 2003 upgrade, integration, administration, and support services include network design, deployment, project management, in-person and remote technical support and troubleshooting, Call Center services, CISM-certified security consulting, turn-key outsourcing, and expert co-sourcing.

  • ISA 2004 Technology Consulting Services Remote Network Engineer Internet Security and Acceleration Server
  • Lower Manhattan At Home Workforce Backup Systems Consultants Downtown Manhattan-SoHo, NY At Home Workers Consulting Experts near Lower Manhattan - Backup Solutions Assistance Downtown Manhattan-East Village
  • Lower Manhattan Ransomware Business-Recovery New York City-East Village
  • Lower Manhattan Crypto-Ransomware Virus Checkup New York City-Downtown Lower Manhattan Crypto-Ransomware Dharma Readiness Audit Manhattan-SoHo, NY
  • Lower Manhattan Netwalker Crypto-Ransomware Forensics NYC-East Village, NY Downtown Manhattan-Tribeca, NY Lower Manhattan Lockbit Crypto-Ransomware Forensics Analysis

    • Network Engineer Citrix MetaFrame
    Application Virtualization Consult

    Progent's Citrix-certified experts can assist you to plan, deploy, manage, and support a virtual application delivery and management solution built on Citrix XenApp. Progent's Cisco CCIE network engineers can show you how to enhance your network for distributing server and client-side applications, and Progent's datacenter management and support consultants can assist you to manage and maintain a remote datacenter that offers high availability, enhanced security, and fast recovery.

  • Lower Manhattan Remote Workers Cloud Solutions Guidance Lower Manhattan New York City Lower Manhattan Offsite Workforce Cloud Integration Systems Consultants

    • Office 365 and iOS Computer Engineer
    Exchange Online Archiving IT Consulting

    Progent can help your business to understand the many subscription plans offered with Office 365 and configure your network with Office 365 so you derive maximum business value. Progent supports cross-platform networks that incorporate Windows, macOS or OS X, and Linux technology. Progent can also help your business to create and manage hybrid ecosystems that seamlessly combine on-premises and cloud products and services.

  • Lower Manhattan Ryuk Ransomware Defense NYC-Lower Manhattan 24-7 Lower Manhattan Locky Crypto-Ransomware Mitigation
  • Lower Manhattan Ryuk Ransomware Settlement Negotiation Expertise Downtown Manhattan-East Village, NY Lower Manhattan Ransomware Settlement Negotiation Guidance NYC-Tribeca, NY
  • Lower Manhattan Telecommuters Cybersecurity Systems Assistance Manhattan Work at Home Employees Lower Manhattan Consultants - Network Security Solutions Consulting Experts Manhattan-Tribeca, New York
  • Lower Manhattan, New York Consolidate 24x7 Integration Consulting Lower Manhattan New York

    • Supplemental Help Desk Online Technical Support
    Shared Help Desk IT Consulting

    Progent offers three essential kinds of Help Desk support : Microsoft and Cisco Helpdesk Outsourcing Services, Virtual Helpdesk Support, and Helpdesk Consulting and Staffing. Progent is a Microsoft-certified Partner and Progent's Help Desk staff of certified Microsoft and Cisco experts offers your clients convenient access to a dependable support group with years of experience delivering phone support and remote access troubleshooting for networks powered by Microsoft products. Progent's focus is on earning the support Call Center a respected image as a key contributor to business productivity. Progent's target is to fix and not simply record problems.

  • Microsoft Dynamics GP Partner - Lower Manhattan - Migration Development NYC-Lower Manhattan, New York Lower Manhattan Microsoft Dynamics GP Customization Support Manhattan-Wall Street, New York
  • Lower Manhattan Dharma Crypto-Ransomware Cleanup New York City-Wall Street, NY
  • Microsoft SQL Consulting SQL Server 2008 Migration Consultant
  • Microsoft SharePoint Server 2013 Remote Consulting Manhattan Microsoft SharePoint 2013 IT Services Downtown Manhattan-Wall Street

    • Professionals SCCM and Exchange
    SCCM Policy Settings Online Consulting

    Configuration Manager automates software deployment and updating, streamlines security and compliance settings control, keeps track of network resources, protects against company data leakage, provides health monitoring, allows safe end-user self service, and delivers a single control mechanism for administering multi-operating system ecosystems based on on-premises, cloud-centric, or hybrid deployment topologies. Progent's Microsoft-certified SCCM consultants and Microsoft Azure cloud integration experts can assist your organization with any facet of designing, installing, operating and repairing a SCCM solution for local, cloud, or hybrid environments.

  • NYC-SoHo Remote Workforce Consulting Experts - Lower Manhattan - Solutions Consulting and Support Services 24x7 Lower Manhattan Offsite Workforce Support Consulting and Support Services Manhattan

    • Meraki Remote Troubleshooting
    Meraki Dashboard Troubleshooting

    Progent's Cisco Meraki Wi-Fi access point consultants provide online and onsite support services to help businesses of any size to design, install, manage, expand or repair Wi-Fi systems that utilize Cisco Meraki APs. Progent can assist you to set up and support Meraki-based wireless infrastructure for environments that can range from a teleworker's home or a branch office all the way to a campus or a nationwide enterprise. Progent can also help you to configure additional Cisco technology such as switches, routers and ASA firewalls to build a cohesive network infrastructure that delivers identical connectivity, responsiveness, security compliance, manageability and uptime for wired and Wi-Fi clients regardless of their mobility or device.

  • Lower Manhattan Lockbit Ransomware File-Recovery Lower Manhattan-Lower Manhattan, New York
  • NYC-SoHo, New York SQL Server 2012 Small Business Computer Consulting Firms Microsoft SQL Server 2017 Networking Specialist New York City-East Village, NY
  • New York City-Tribeca, NY Top Lower Manhattan Conti Ransomware Mitigation
  • NYC-Tribeca Cisco Computer Consulting Firms Cisco Integration Specialists NYC-Wall Street, NY
  • New York City, NY Lower Manhattan Crypto-Ransomware Cleanup Support Services Lower Manhattan Emergency Ransomware Removal Manhattan-East Village, New York, United States
  • Lower Manhattan Hermes Ransomware Operational-Recovery
  • Security Security Tech Services 24-Hour Security Security Auditing Manhattan-SoHo
  • Teleworkers Lower Manhattan Consulting and Support Services - Help Desk Call Center Solutions Consultants Manhattan-Downtown, New York Work at Home Employees Lower Manhattan Consulting Services - Help Desk Call Center Solutions Consultants Manhattan

    • Outlook for Mac Support and Help
    Engineer macOS and Windows

    Microsoft Mac Office allows Apple Macintosh users to receive the benefits of the world's most popular business applications. Progent's Apple-certified Mac consultants can show you how to configure Microsoft Office for Macintosh on a mixed-platform network combining Apple OS X and Windows computers so that Mac users can access the latest features in Microsoft Word, Excel, PowerPoint and Entourage in order to share data and network resources with co-workers who run Windows. Progent's engineers have experience with both Mac and Windows technology and can support networks that mix Apple Macintosh with Microsoft Windows computers with extensive resource sharing, or networks which carefully limit sharing between Apple Mac and Windows systems.

  • Temporary IT Support Staffing Support Consulting Expertise NYC-East Village, NY NYC-Lower Manhattan Lower Manhattan IT Staffing Services
  • Lower Manhattan Dharma Crypto-Ransomware Removal
  • Urgent Exchange 2016 Onsite and Remote Support NYC-SoHo, New York Exchange Server 2013 Computer Consultancy Company Manhattan New York
  • Urgent Lower Manhattan Avaddon Ransomware Removal Manhattan-East Village Manhattan-Wall Street, NY Lower Manhattan Crypto-Ransomware Operational Recovery Experts

    • Specialists Meraki Wi-Fi Access Point
    Network Consultants Meraki MR53 Access Point

    Progent's Cisco-Meraki Wi-Fi access point consultants can assist your organization to plan, set up, administer and troubleshoot Cisco's Meraki-based Wi-Fi networks for environments from a branch office to a large campus or a multi-site enterprise. Progent can also help you to integrate other Cisco devices for centralized management.

  • Windows Server 2008 BranchCache Consultant Consultants Windows Server 2008 Security

    • Windows Hyper-V 2016 PowerShell Support and Help
    Remote Technical Support Hyper-V 2016 Shielded VMs

    Hyper-V 2016 incorporates core technologies first designed for and proven on Microsoft Azure, among the world's largest public clouds. This dramatically improves the suitability of the Windows Server platform to support private cloud and hybrid cloud/on-premises deployment models by enhancing security, uptime, scale, manageability, reliability and disaster recovery. Progent’s Microsoft-certified consultants can assist you to evaluate the advantages of Hyper-V 2016 for your business, configure test systems to confirm the ability of Hyper-V 2016 to run your critical workloads, design an efficient network architecture for a cloud-centric or hybrid installation, create and carry out a smooth migration plan, train your IT administration and technical support personnel, and provide as-needed consulting and debugging services to make sure that your Hyper-V 2016 investment delivers the highest possible business benefit.

  • Lower Manhattan Phobos Ransomware Recovery New York City, United States
  • Windows Server 2012 R2 Consultancies Windows 2008 Server Remote Consulting
  • Work from Home Employees Consulting and Support Services - Lower Manhattan - VoIP Technology Consulting Services New York City-Tribeca, NY Downtown Manhattan-SoHo, NY, United States Offsite Workforce Consulting Services in Lower Manhattan - IP Voice Solutions Expertise

    • Design Firm Microsoft Management Reporter
    Developer Firm Microsoft BI Stack

    Progent can provide online and on premises consulting to assist your organization with any phase of BI reporting from troubleshooting or modernizing reports to planning and implementing a comprehensive business intelligence environment. Progent's management reporting consultants can assist your company to maintain your existing BI system, help you to upgrade reports from a discontinued reporting platform to a current solution, and provide custom remote mentoring tailored to your individual needs. Progent’s management reporting consultants can provide expertise in all popular business analytics reporting platforms such as Microsoft's SQL Server BI suite (Integration Services, Analysis Services, and Reporting Services), Microsoft Management Reporter/FRx, Office Access, Crystal Reports, Microsoft Power BI, Excel business analytics tools including Power Pivot and Power View, Report Designer and Report Builder.

  • Lower Manhattan Ryuk Ransomware Malware Rollback NYC-Tribeca, NY
    •
    © 2002-2021 Progent Corporation. All rights reserved.