Ransomware : Your Feared Information Technology Disaster
Ransomware  Remediation ExpertsRansomware has become a modern cyberplague that poses an enterprise-level threat for businesses of all sizes poorly prepared for an attack. Multiple generations of ransomware like the Reveton, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been replicating for years and continue to inflict destruction. Modern variants of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as more as yet unnamed viruses, not only do encryption of online information but also infect most accessible system backups. Information replicated to off-site disaster recovery sites can also be encrypted. In a poorly designed data protection solution, it can make automated restore operations hopeless and basically sets the entire system back to square one.

Getting back on-line programs and information following a ransomware attack becomes a sprint against time as the targeted business fights to contain the damage and remove the virus and to restore mission-critical operations. Since ransomware needs time to replicate, attacks are often launched on weekends, when attacks tend to take more time to detect. This multiplies the difficulty of quickly mobilizing and orchestrating a qualified mitigation team.

Progent offers an assortment of solutions for protecting Lower Manhattan enterprises from ransomware events. Among these are team training to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring for remote monitoring and management, plus setup and configuration of next-generation security solutions with AI technology to automatically identify and disable zero-day threats. Progent also offers the services of expert ransomware recovery engineers with the track record and perseverance to reconstruct a breached network as quickly as possible.

Progent's Ransomware Recovery Services
Following a crypto-ransomware event, sending the ransom in Bitcoin cryptocurrency does not guarantee that distant criminals will return the needed keys to decrypt any of your files. Kaspersky ascertained that 17% of crypto-ransomware victims never restored their information even after having paid the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is well higher than the usual crypto-ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The alternative is to piece back together the mission-critical components of your Information Technology environment. Absent access to essential data backups, this requires a wide range of skill sets, top notch team management, and the willingness to work 24x7 until the task is completed.

For twenty years, Progent has offered certified expert IT services for companies throughout the U.S. and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have attained top industry certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security specialists have earned internationally-recognized industry certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent also has expertise in accounting and ERP application software. This breadth of experience provides Progent the ability to quickly ascertain critical systems and consolidate the remaining pieces of your IT system after a ransomware event and rebuild them into an operational system.

Progent's security team of experts deploys powerful project management tools to orchestrate the complex recovery process. Progent understands the importance of working quickly and in concert with a client's management and Information Technology staff to assign priority to tasks and to get essential applications back on-line as soon as humanly possible.

Customer Story: A Successful Ransomware Intrusion Response
A business engaged Progent after their network was taken over by the Ryuk ransomware virus. Ryuk is generally considered to have been deployed by Northern Korean state hackers, possibly using technology exposed from the United States NSA organization. Ryuk targets specific companies with little tolerance for operational disruption and is one of the most lucrative examples of crypto-ransomware. Major targets include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturing company based in Chicago with around 500 staff members. The Ryuk penetration had disabled all business operations and manufacturing capabilities. Most of the client's data backups had been online at the beginning of the attack and were destroyed. The client was pursuing financing for paying the ransom (in excess of $200K) and hoping for the best, but in the end called Progent.


"I cannot speak enough in regards to the support Progent provided us during the most stressful period of (our) companyís life. We would have paid the cybercriminals if it wasnít for the confidence the Progent experts afforded us. That you could get our e-mail system and critical applications back online quicker than five days was amazing. Every single expert I talked with or e-mailed at Progent was totally committed on getting my company operational and was working breakneck pace on our behalf."

Progent worked hand in hand the customer to quickly identify and prioritize the essential elements that needed to be recovered in order to restart company operations:

  • Windows Active Directory
  • Electronic Mail
  • MRP System
To get going, Progent adhered to AV/Malware Processes incident response best practices by halting lateral movement and clearing infected systems. Progent then began the process of bringing back online Windows Active Directory, the core of enterprise systems built upon Microsoft Windows Server technology. Exchange messaging will not function without Windows AD, and the customerís MRP software used SQL Server, which depends on Windows AD for access to the databases.

In less than 2 days, Progent was able to recover Active Directory to its pre-penetration state. Progent then performed setup and storage recovery of key systems. All Exchange ties and attributes were usable, which greatly helped the rebuild of Exchange. Progent was also able to find intact OST files (Outlook Email Offline Data Files) on user workstations to recover mail messages. A not too old off-line backup of the businesses manufacturing systems made it possible to restore these essential programs back on-line. Although a large amount of work needed to be completed to recover fully from the Ryuk damage, the most important services were recovered quickly:


"For the most part, the production line operation did not miss a beat and we produced all customer sales."

Over the following month important milestones in the restoration project were completed in tight collaboration between Progent team members and the client:

  • Self-hosted web sites were brought back up with no loss of data.
  • The MailStore Server exceeding 4 million archived emails was brought online and available for users.
  • CRM/Product Ordering/Invoicing/AP/Accounts Receivables/Inventory Control capabilities were completely operational.
  • A new Palo Alto Networks 850 security appliance was brought online.
  • Most of the desktops and laptops were being used by staff.

"A huge amount of what went on in the initial days is nearly entirely a fog for me, but our team will not forget the urgency all of your team accomplished to give us our business back. I have been working with Progent for the past 10 years, possibly more, and every time Progent has impressed me and delivered as promised. This event was a testament to your capabilities."

Conclusion
A potential business catastrophe was dodged due to results-oriented experts, a broad spectrum of subject matter expertise, and tight collaboration. Although in post mortem the ransomware virus penetration detailed here could have been identified and disabled with current cyber security systems and security best practices, staff training, and well designed incident response procedures for backup and keeping systems up to date with security patches, the fact remains that state-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a crypto-ransomware attack, remember that Progent's team of professionals has extensive experience in crypto-ransomware virus blocking, mitigation, and data restoration.


"So, to Darrin, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others that were involved), thank you for allowing me to get some sleep after we got over the most critical parts. All of you did an impressive job, and if any of your team is around the Chicago area, a great meal is my treat!"

Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Expertise in Lower Manhattan
For ransomware cleanup consulting services in the Lower Manhattan area, phone Progent at 800-462-8800 or see Contact Progent.



An index of content::

  • 24-Hour Telecommuters Expertise - Lower Manhattan - Collaboration Technology Consultants Downtown Manhattan-Downtown Manhattan, New York At Home Workforce Consulting Services - Lower Manhattan - Collaboration Technology Expertise New York City-Tribeca, NY
  • 24/7 Lower Manhattan Conti Crypto-Ransomware Cleanup New York City-Tribeca Lower Manhattan MongoLock Crypto-Ransomware Remediation NYC-Wall Street, NY, United States
  • 24x7 Microsoft, Cisco and Security Certified Experts NYC Phone Support Services NYC-Lower Manhattan Software Outsourcing Consultant
  • 24x7 Security Company MS SQL Integration Firm Microsoft T-SQL
  • After Hours Teleworkers Consulting Services nearby Lower Manhattan - Setup Consulting Experts New York City-SoHo, New York Remote Workforce Expertise in Lower Manhattan - Setup Consulting and Support Services New York City-East Village, NY
  • Aironet 802.11ac Access Point Technology Consulting 24/7 Onsite Technical Support Aironet 802.11ac AP
  • At Home Workforce Assistance near me in Lower Manhattan - Security Solutions Guidance Lower Manhattan, New York, United States Manhattan-SoHo Emergency Lower Manhattan At Home Workforce Cybersecurity Systems Consulting Experts
  • BES Express Consulting BES Express Consultants
  • BlackBerry Computer Expert Manhattan, USA BlackBerry Email Migration Companies NYC
  • CISSP Security Consulting Manhattan-SoHo, New York CISSP Computer Security Specialist Downtown Manhattan-Tribeca, New York
  • Consultants Virtualization After Hours Server Virtualization IT Consultant
  • Downtown Manhattan NY Top Remote Workers Lower Manhattan Assistance - Cloud Integration Solutions Consulting Experts Top Quality Telecommuters Consulting Experts - Lower Manhattan - Cloud Integration Technology Assistance Manhattan, NY
  • Dynamics GP-Great Plains Lower Manhattan VAR - Training Support Services NYC-Lower Manhattan MS Dynamics GP Lower Manhattan Supplier - Migration Outsourcing Manhattan-Downtown, NY
  • Emergency Microsoft SUS Consult Microsoft SUS Consultant

  • Microsoft Mac and Linux Desktop Computer Consulting Services
    Microsoft and Apple Mac Desktop Consultancy Services Company

    Progent offers a wide array of cost-effective consulting and support services to assist your company to install, configure, troubleshoot, and manage workstations and notebooks based on Windows, macOS and OS X, or popular versions of Linux. Progent can offer on-premises or online help for individual computers or laptops or work with your business to design and implement a company-wide rollout of new or updated operating system platforms and business applications. Progent can also supply consultants and technical workers to assist your company to plan for and complete an office relocation or consolidation organized to cause minimal interruption to your business.

  • Immediate Lower Manhattan CryptoLocker Remediation Consulting Manhattan-East Village, New York Lower Manhattan CryptoLocker Cleanup
  • Lower Manhattan Avaddon Ransomware Settlement Consultants Downtown Manhattan NY Lower Manhattan Ransomware Settlement Consultants Downtown Manhattan-Wall Street, NY
  • Lower Manhattan Conti Crypto-Ransomware Restoration Lower Manhattan Lower Manhattan MongoLock Ransomware Mitigation Manhattan-East Village, New York
  • Lower Manhattan Crypto-Ransomware NotPetya Readiness Report Lower Manhattan-East Village, NY Manhattan-SoHo, NY Lower Manhattan Crypto-Ransomware Avaddon Preparedness Consultation
  • Lower Manhattan Expertise for Network Support Firms Expertise for Lower Manhattan IT Support Providers Manhattan-SoHo
  • Lower Manhattan Maze Crypto-Ransomware Forensics Investigation Lower Manhattan-Tribeca, New York Lower Manhattan Egregor Crypto-Ransomware Forensics New York City

  • Emergency Amazon S3 backup Coder
    Amazon EC2 instances Developer Firm

    Progent can provide cost-effective remote support to help companies to access Amazon AWS cloud services including Amazon EC2 for virtual machine hosting, Amazon S3 for scalable high-performance storage, and Amazon Glacier for value-priced archival storage. Progent can help you with every phase of Amazon AWS integration including needs analysis, readiness assessment, architectural design, pilot testing, configuration, centralized administration, performance optimization, software license management, backup/restore mechanisms, and security. Progent offers advanced expertise with firewall configuration and VPN connections and can show you how to deploy cloud-centric or hybrid cloud ecosystems that seamlessly incorporate Amazon AWS resources. Progent offers occasional consulting to assist you to overcome technical roadblocks or Progent can deliver comprehensive project management outsourcing or co-sourcing to help you migrate to the Amazon AWS cloud on time and within budget.

  • Lower Manhattan Sodinokibi Crypto-Ransomware File-Recovery Lower Manhattan
  • Lower Manhattan Remote Workers IP Voice Systems Consulting and Support Services Lower Manhattan-Downtown, NY Work at Home Employees Consulting nearby Lower Manhattan - VoIP Technology Consulting Services
  • Manhattan Lower Manhattan Crypto-Ransomware Recovery Experts Lower Manhattan Maze Crypto-Ransomware Operational Recovery New York City New York

  • Microsoft Office SharePoint Server 2007 Support and Integration
    Microsoft Office SharePoint Server 2007 Integration Services

    Progent's Microsoft-authorized experts can help you evaluate the business case for deploying SharePoint Portal Server 2007, consult with you on the appropriate version of SharePoint for your application, offer configuration and deployment services, help you to set up MS SQL Server as a back-end DBM, improve your network infrastructure, integrate your standard and custom application software to operate with Microsoft SharePoint Server 2007, develop a comprehensive security plan that incorporates portal technology, and deliver maintenance and Help Desk support.

  • Manhattan Teleworkers Guidance in Lower Manhattan - Help Desk Call Center Outsourcing Consulting Experts Lower Manhattan Remote Workforce Call Desk Solutions Consulting and Support Services Lower Manhattan-Lower Manhattan, NY
  • Microsoft Exchange Consulting Services Microsoft Exchange Network Consulting
  • Microsoft Exchange Server 2007 Management NYC-SoHo, New York Exchange 2010 Server IT Outsource Manhattan-East Village
  • NYC Online Troubleshooting IT Consulting New York, New York
  • NYC-Wall Street Remote Workers Consulting Experts - Lower Manhattan - Backup/Restore Technology Assistance After Hours Lower Manhattan Remote Workers Data Protection Systems Assistance Lower Manhattan, U.S.A.

  • Moonlight Network Consultant Openings
    Cisco Consultants Contract Jobs

    Progent is seeking a variety of on-staff employees including solutions-driven Microsoft Certified Systems Engineers; network experts who have Cisco CCNP or CCIE credentials; and consultants for advanced network design with experience in mobile access, wireless networking, high-availability systems, business continuity planning, data preservation, and server virtualization. Progent is also looking for desktop support experts, remote service professionals, and CISSP or CISA accredited security consultants. We are also looking for experienced managers who can perform effectively in our high-growth, virtual office model. Progent works with independent professionals with specialized knowledge and working experience in important information technology topics outside Progent's primary service concentration. Our Experts Group hires contractors who offer advice and programming support for mission-critical applications such as MRP, Enterprise Resource Planning, or Customer Relationship Management; possess in-depth knowledge of popular operating systems such as Linux, Macintosh, or Solaris, or can provide world-class help in technologies like telecommunications, web site development, EDI, eCommerce, or database management. Freelance contractors premier by us coordinate with our staff engineers to provide end-to-end solutions for small business networks.

  • Outsource IT Windows Server 2016 Lower Manhattan New York Windows Server 2012 R2 Network Support Service NYC, New York
  • ProSight ESP Ransomware Protection Consultant 24/7 Hyper-V Security Technical Support

  • Onsite Technical Support SCCM 2007 Patch Management
    System Center 2007 Configuration Manager Engineer

    Progent can assist your organization to maintain System Center 2007 Configuration Manager (SCCM 2007) to streamline operations, improve compliance, and boost worker output by ensuring that operating systems and applications are always current, tracking licensing, and monitoring usage patterns so you can make informed purchasing choices. Once you are ready to upgrade your SCCM 2007 device management ecosystem, Progent can help you to plan and implement an efficient migration to System Center 2012 Configuration Manager.

  • Problem Escalation Through Teamwork Professionals Access to External Support Databases IT Outsourcing Group
  • Remote Data Backup and Recovery Service Support and Setup Microsoft DPM Offsite Data Backup Service Technology Consulting Services

  • Cisco Firewall Upgrade Remote Consulting
    ASA 5500 Firewalls Configuration

    Progent's CCIE-certified network infrastructure experts can help your organization to manage older PIX 500 or ASA 5500 firewalls or transition to Cisco ASA 5500-X firewalls. Progent can also help you to configure, administer, upgrade and troubleshoot Cisco ASA 5500-X security appliances with Firepower Services.

  • Remote Support Cisco Manhattan, NY Cisco Information Technology Outsourcing Group New York City
  • Remote Workers Lower Manhattan Consulting Services - Connectivity Solutions Assistance Lower Manhattan, New York, United States Immediate At Home Workers Lower Manhattan Expertise - Set up Consulting Experts Manhattan-Lower Manhattan, NY

  • Mac Disaster Recovery Online Troubleshooting
    Mac Snow Leopard Security Integration Support

    Progent's certified security consultants can help you safeguard your Apple Mac network through expert services including performing security audits, recovery from virus and worm penetrations, setting up firewalls, integrating secure off-site and mobile connectivity, deploying monitoring programs for protection against viruses, spam, and malware, and creating a company-wide security strategy appropriate for the specific goals of your corporate information system.

  • SQL Server On-site IT Support Downtown Manhattan-Wall Street Microsoft SQL Server Experts NYC-Lower Manhattan, New York
  • After Hours Lower Manhattan Phobos Ransomware Remediation New York City-Tribeca, New York
  • SharePoint Support Outsourcing Lower Manhattan-Downtown, U.S.A. Microsoft SharePoint On-site Technical Support Manhattan-Tribeca, New York
  • Sodinokibi Ransomware Hot Line New York City Ransomware Data Recovery
  • Telecommuters Expertise near Lower Manhattan - Endpoint Management Solutions Expertise Lower Manhattan-Downtown, NY Downtown Manhattan-East Village Teleworkers Lower Manhattan Guidance - Endpoint Management Solutions Consulting Services
  • Lower Manhattan Ryuk Crypto-Ransomware Virus Mitigation Case Study
  • Top Rated CentOS Linux, Sun Solaris, UNIX IT Consultants NYC-East Village, New York Ubuntu Linux, Sun Solaris, UNIX Configuration Manhattan-Tribeca
  • Lower Manhattan Netwalker Ransomware Remediation New York City-Wall Street
  • Urgent Short-Term Staffing Help Consulting Experts New York City Staffing for IT Service Organizations
  • VMware Site Recovery Manager and NetApp Specialists VMware Site Recovery Manager Testing Services

  • Exchange 2007 Consulting Services
    Consulting Microsoft Exchange 2007

    Progent's Microsoft certified support team can help you define and implement an efficient in-place Exchange Server 2007 migration plan that avoids network disruption, simplifies ongoing support demands, and makes your Microsoft Exchange 2007 Server easy to administer. For complicated multiple server or multi-location migrations, Progent has the background to complete your project rapidly and affordably. Progent's Microsoft Exchange 2007 help, troubleshooting, and design offerings include assistance with the integration of third-party add-ons to Exchange Server 2007 and the design of unified messaging implementations powered by Microsoft Exchange 2007 Server.

  • Work from Home Employees Lower Manhattan Guidance - Video Conferencing Solutions Expertise NYC NY, United States Teleworkers Lower Manhattan Consulting Experts - Video Conferencing Technology Expertise Downtown Manhattan, NY

  • © 2002-2022 Progent Corporation. All rights reserved.