Ransomware : Your Worst IT Disaster
Crypto-Ransomware  Remediation ProfessionalsRansomware has become a too-frequent cyberplague that presents an enterprise-level danger for businesses unprepared for an attack. Different versions of ransomware like the CrySIS, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been out in the wild for years and continue to inflict harm. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with more as yet unnamed newcomers, not only encrypt on-line information but also infect all accessible system backups. Information replicated to cloud environments can also be encrypted. In a vulnerable data protection solution, this can render automatic restoration hopeless and basically sets the network back to square one.

Restoring applications and information after a crypto-ransomware attack becomes a race against time as the targeted organization fights to contain and cleanup the crypto-ransomware and to restore mission-critical operations. Because ransomware takes time to move laterally, attacks are often launched at night, when successful penetrations are likely to take more time to detect. This multiplies the difficulty of promptly marshalling and coordinating a knowledgeable mitigation team.

Progent provides a variety of help services for securing Dallas organizations from ransomware events. These include team training to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based cyberthreat defense to detect and disable zero-day modern malware attacks. Progent in addition provides the services of seasoned crypto-ransomware recovery engineers with the talent and commitment to restore a compromised system as urgently as possible.

Progent's Ransomware Restoration Support Services
Soon after a ransomware penetration, paying the ransom demands in Bitcoin cryptocurrency does not provide any assurance that criminal gangs will return the needed codes to decrypt all your data. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their files even after having sent off the ransom, resulting in additional losses. The gamble is also very costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is well above the typical crypto-ransomware demands, which ZDNET determined to be around $13,000 for small businesses. The fallback is to re-install the mission-critical elements of your Information Technology environment. Without the availability of full data backups, this requires a broad range of skills, top notch team management, and the ability to work continuously until the task is complete.

For two decades, Progent has offered certified expert Information Technology services for companies across the U.S. and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned high-level certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have earned internationally-renowned industry certifications including CISA, CISSP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has experience with accounting and ERP application software. This breadth of expertise provides Progent the capability to rapidly identify critical systems and re-organize the remaining components of your IT environment following a ransomware event and configure them into an operational network.

Progent's security team uses powerful project management applications to orchestrate the complex recovery process. Progent knows the urgency of working quickly and together with a customer's management and IT team members to prioritize tasks and to put critical applications back online as soon as possible.

Customer Story: A Successful Ransomware Incident Restoration
A customer engaged Progent after their network system was crashed by Ryuk ransomware. Ryuk is thought to have been launched by North Korean government sponsored cybercriminals, suspected of adopting techniques exposed from the United States NSA organization. Ryuk seeks specific companies with limited room for disruption and is one of the most profitable examples of ransomware viruses. High publicized victims include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturing company headquartered in Chicago with around 500 employees. The Ryuk event had frozen all company operations and manufacturing capabilities. The majority of the client's backups had been directly accessible at the start of the attack and were eventually encrypted. The client was actively seeking loans for paying the ransom (more than two hundred thousand dollars) and hoping for good luck, but ultimately engaged Progent.


"I can't say enough in regards to the help Progent gave us during the most stressful time of (our) company's life. We would have paid the criminal gangs except for the confidence the Progent team afforded us. That you could get our e-mail and critical applications back quicker than 1 week was incredible. Each person I worked with or communicated with at Progent was totally committed on getting my company operational and was working 24 by 7 to bail us out."

Progent worked with the customer to quickly understand and prioritize the critical applications that had to be addressed in order to continue company operations:

  • Active Directory (AD)
  • Microsoft Exchange Server
  • Financials/MRP
To start, Progent followed ransomware penetration mitigation industry best practices by isolating and performing virus removal steps. Progent then initiated the work of recovering Microsoft Active Directory, the key technology of enterprise networks built on Microsoft technology. Microsoft Exchange email will not work without Active Directory, and the businesses' financials and MRP applications used Microsoft SQL, which depends on Active Directory services for authentication to the database.

Within 2 days, Progent was able to rebuild Windows Active Directory to its pre-attack state. Progent then initiated reinstallations and hard drive recovery of the most important systems. All Exchange Server ties and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was also able to collect intact OST files (Outlook Email Offline Folder Files) on team desktop computers and laptops in order to recover mail data. A recent offline backup of the customer's financials/MRP systems made them able to recover these vital applications back available to users. Although major work still had to be done to recover totally from the Ryuk damage, essential services were restored quickly:


"For the most part, the production line operation survived unscathed and we delivered all customer orders."

During the next couple of weeks important milestones in the recovery process were made through close collaboration between Progent engineers and the client:

  • Internal web sites were brought back up with no loss of data.
  • The MailStore Server with over four million archived messages was brought online and accessible to users.
  • CRM/Product Ordering/Invoices/AP/Accounts Receivables/Inventory Control capabilities were 100% operational.
  • A new Palo Alto 850 firewall was installed.
  • 90% of the user desktops and notebooks were operational.

"A huge amount of what occurred that first week is nearly entirely a blur for me, but I will not forget the urgency each and every one of the team put in to help get our company back. I've utilized Progent for the past ten years, possibly more, and each time I needed help Progent has shined and delivered. This event was a stunning achievement."

Conclusion
A possible enterprise-killing catastrophe was evaded through the efforts of results-oriented professionals, a wide array of knowledge, and tight collaboration. Although in retrospect the crypto-ransomware incident described here would have been shut down with modern security technology solutions and recognized best practices, user training, and well designed security procedures for backup and applying software patches, the reality is that government-sponsored cybercriminals from China, North Korea and elsewhere are tireless and represent an ongoing threat. If you do get hit by a ransomware incursion, feel confident that Progent's roster of experts has extensive experience in ransomware virus defense, remediation, and file restoration.


"So, to Darrin, Matt, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others who were helping), I'm grateful for allowing me to get some sleep after we got through the initial fire. All of you did an impressive effort, and if anyone that helped is around the Chicago area, dinner is on me!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, please click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Recovery Expertise in Dallas
For ransomware system restoration services in the Dallas area, phone Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 64-bit Processing Consultant 64-bit Migration Professional
  • Altaro Microsoft 365 Total Mailbox Backup Remote Troubleshooting Hornetsecurity 365 Total Backup Remote Troubleshooting

  • Telecommuter Cloud Integration Technology Consulting Services
    Top Quality Remote Consulting Work at Home Cloud Integration

    Progent can help small and mid-size businesses to set up their remote workforce with seamless access to public cloud services.

  • Biggest Dallas Avaddon Ransomware System-Restore Dallas, TX Dallas Conti Ransomware Data-Recovery Dallas DFW, United States
  • Consulting Support for Network Service Providers near me in Dallas - Temporary Support Staff Help Dallas County, United States Dallas County Consulting Support for Network Service Companies in Dallas - Seamless Short-Term IT Support Assistance
  • Dallas - Irving Texas Firewall Cybersecurity Team Emergency Firewall Cybersecurity Companies Dallas, America

  • Consultant ASA and PIX Firewalls
    ASA and PIX Firewalls Network Consultant

    Progent's Cisco-Certified network experts offer experienced PIX Firewall consulting services encompassing architecture, implementation and maintenance of Cisco firewall and Cisco security products. The Cisco PIX 500 Security Appliance Series of Cisco firewalls offers robust user and application policy enforcement, mutlivector threat security, and safe connectivity services. Ranging from small, plug-and-play desktop devices for small businesses and home offices to scalable gigabit products, Cisco PIX firewalls offer a healthy level of security, performance and availability for business environments of all sizes. PIX firewalls are build around a hardened, purpose-built operating system, PIX OS, avoiding potential OS-specific security vulnerabilities. The Cisco PIX Firewall has received ICSA Firewall and IPsec certification plus Common Criteria EAL4 evaluation status. PIX firewalls provide multiple integrated protection and connectivity services, including powerful application-aware firewall services, Voice over IP and multimedia security, site-to-site and remote-access IPsec VPN connectivity, intelligent access services, and extensive management tools. Progent's network experts can show you how to choose and integrate any Cisco PIX 500 Series firewalls including the Cisco PIX 501 Firewall, the Cisco PIX 506 Firewall, the Cisco PIX 506E, PIX 515 Firewalls, the PIX 515E Firewall, the Cisco PIX 520 Firewall, Cisco PIX 525 Firewalls and the Cisco PIX 535.

  • Dallas Fort Worth Largest Network Support Technician Cisco Cisco Server Help Dallas, TX
  • Dallas Immediate CryptoLocker Cleanup Support Services Dallas, TX Immediate Dallas Ransomware Repair Consultants
  • Dallas Ransomware Computer-Malware Vulnerability Testing Dallas Texas Award Winning Dallas Ransomware Netwalker Vulnerability Assessment Dallas Texas, United States
  • Immediate Dallas NotPetya Ransomware Rollback Dallas Texas
  • Dallas Ransomware Removal Services Dallas Nephilim Ransomware Mitigation Dallas Fort Worth
  • Dallas Remote Workers Help Desk Call Center Solutions Consulting Experts Dallas County, US Dallas, TX At Home Workers Dallas Consultants - Help Desk Outsourcing Consulting Experts
  • Dallas Ryuk Crypto-Ransomware Settlement Negotiation Help Dallas Texas Dallas Crypto-Ransomware Settlement Experts Dallas County
  • Dallas Spora Ransomware Forensics Analysis Dallas Fort Worth, USA Dallas Hermes Crypto-Ransomware Forensics Analysis Dallas Fort Worth
  • Dallas Telecommuters Set up Consulting Services Dallas, TX Dallas Work at Home Employees Connectivity Solutions Expertise
  • Dallas Texas BlackBerry BPS Repair BlackBerry BES Server Consulting Group Dallas County, United States

  • Co-managed Service Desk Costs Consultant
    Shared Helpdesk Economics Onsite Technical Support

    Progent's Help Desk outsourcing and co-sourcing services allow companies to save money, increase output, and adapt rapidly to sudden changes in economic conditions.

  • Dallas Texas MS Dynamics GP Dallas VAR - SQL Server Consultants Dallas Dallas MS Dynamics GP-Software Migration Support Services
  • Top Rated Dallas Ransomware Removal Dallas County
  • Dallas, Texas Technical Support Firms Dallas Upgrade
  • Downtown Dallas Dallas Telecommuters Endpoint Management Tools Assistance Dallas Work from Home Employees Management Systems Expertise Downtown Dallas
  • Dynamics NAV MRP Integration Companies Microsoft Experts Programming Company Dynamics NAV MRP
  • Emergency Remote Workforce Consulting and Support Services nearby Dallas - Cybersecurity Solutions Expertise Dallas - Irving Texas Remote Workforce Expertise near me in Dallas - Security Systems Guidance Dallas - Irving Texas
  • Immediate CISA Certified Security Expert System Consultants Dallas, TX Dallas Security Consulting Company

  • Consulting Support for IT Service Providers Network Consulting
    Consulting for IT Service Firms IT Consultants

    Progent's Support Program for IT Service Providers lets you use Progent's consulting experts while retaining your own service brand as a seamless extension of your IT consulting staff.

  • Largest Offsite Workforce Consultants in Dallas - IP Voice Technology Consulting and Support Services Dallas, TX Remote Workforce Expertise - Dallas - VoIP Systems Consultants Dallas Texas
  • Live Communications Server 2007 Consult Microsoft LCS Server 2007 Remote Consulting
  • Microsoft Expert Exchange Server Migration Specialists 24x7 Exchange 2003 to Exchange 2010 Upgrade Engineers
  • Microsoft MCSA Engineer Part Time Job Microsoft MCITP Support From Home Job Sacramento - North Highlands
  • Microsoft MCTS Consulting Career Full-Time Jobs Microsoft MCA Consultant Sydney
  • Network Consultation Exchange Server 2010 Downtown Dallas Microsoft Exchange 2010 Network Management Dallas
  • Offsite Workforce Dallas Guidance - Voice/Video Conferencing Systems Consulting Dallas Teleworkers Dallas Guidance - Video Conferencing Solutions Guidance Dallas Texas, America
  • Dallas Avaddon Ransomware Recovery
  • Private Cloud Integration Consultants Professionals Private Cloud Hosting
  • Professionals Windows 7 Training Windows 7 Training Online Support
  • Ransomware Recovery Readiness Assessment Professionals SentinelOne Ransomware Defense Consultant Services
  • Redhat Linux, Solaris, UNIX Professional Dallas Fort Worth Support Services Redhat Linux, Solaris, UNIX Dallas - Irving Texas
  • Dallas Nephilim Ransomware Removal Dallas
  • SQL Server 2012 Outsource IT Dallas, TX Server Administration SQL 2014 Dallas Fort Worth

  • Microsoft Teams AD Federation Services Consultancy
    Top Ranked Microsoft Teams mobility Consultant

    Progent can assist you to design an upgrade to Microsoft Teams from Skype for Business and install, manage, and debug a cloud-based or mixed implementation of Teams. Progent can help you to connect Teams with Office and Microsoft 365 apps, Exchange, SharePoint, and your PBX.

  • Dallas Sodinokibi Ransomware Repair
  • SharePoint Server 2010 Onsite Technical Support Dallas DFW SharePoint Server 2007 Computer Consulting
  • Short-Term Network Support Staffing Support Services Consulting Specialist Dallas, TX Top Quality Dallas IT Staff Temps Help Dallas - Irving Texas
  • Teleworkers Consulting Experts nearby Dallas - Infrastructure Assistance Dallas DFW Dallas Work at Home Employees Integration Consultants Dallas DFW
  • Teleworkers Dallas Expertise - Collaboration Solutions Consultants Dallas Offsite Workforce Collaboration Solutions Guidance Dallas
  • Dallas MongoLock Ransomware Recovery Dallas, TX
  • Top Dallas Ransomware Repair and Data Restore Downtown Dallas Dallas Ransomware Cleanup Dallas - Irving Texas
  • Top Quality Microsoft Support Openings Dallas Texas Microsoft Support Part-Time Jobs Dallas, TX, United States
  • Top Ranked Dallas At Home Workforce Cloud Technology Assistance Dallas - Irving Texas, United States At Home Workforce Consulting and Support Services near Dallas - Cloud Solutions Guidance Dallas Texas
  • Dallas Nephilim Ransomware Removal Dallas Texas
  • Top Ranked Dallas Remote Workers Backup Systems Consulting and Support Services Dallas, TX Dallas Remote Workers Data Protection Solutions Consulting Services Dallas, TX
  • Urgent Sodinokibi Ransomware Hot Line Dallas, United States Hermes Ransomware Hot Line
  • Windows Network Specialists Dallas - Irving Texas Windows Server 2019 Technicians Dallas - Irving Texas, America

  • © 2002-2024 Progent Corporation. All rights reserved.