Ransomware Protection and Remediation Services Dallas

Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become an escalating cyberplague that poses an extinction-level danger for businesses of all sizes vulnerable to an attack. Different iterations of ransomware such as Dharma, CryptoWall, Locky, SamSam and MongoLock cryptoworms have been replicating for years and continue to cause harm. Newer strains of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Egregor, along with additional as yet unnamed newcomers, not only encrypt online files but also infiltrate most accessible system backup. Data synchronized to cloud environments can also be encrypted. In a poorly architected system, it can make automated recovery impossible and effectively sets the datacenter back to square one.

Getting back online services and data after a crypto-ransomware attack becomes a sprint against the clock as the victim tries its best to contain the damage and remove the crypto-ransomware and to restore mission-critical operations. Since ransomware requires time to spread, penetrations are usually sprung on weekends and holidays, when successful attacks are likely to take more time to identify. This multiplies the difficulty of quickly assembling and orchestrating an experienced response team.

Progent makes available a variety of services for securing Dallas businesses from crypto-ransomware events. These include user education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for remote monitoring and management, in addition to installation of modern security solutions with machine learning capabilities to automatically detect and suppress zero-day cyber threats. Progent also offers the assistance of seasoned ransomware recovery consultants with the track record and commitment to reconstruct a breached system as quickly as possible.

Progent's Ransomware Recovery Support Services
After a ransomware event, sending the ransom in Bitcoin cryptocurrency does not provide any assurance that distant criminals will return the keys to decrypt any or all of your data. Kaspersky Labs determined that 17% of crypto-ransomware victims never restored their data even after having paid the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the average crypto-ransomware demands, which ZDNET estimated to be in the range of $13,000 for small businesses. The other path is to piece back together the mission-critical components of your IT environment. Absent access to complete data backups, this calls for a broad range of skills, well-coordinated project management, and the ability to work continuously until the task is over.

For twenty years, Progent has offered certified expert IT services for businesses across the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded high-level certifications in key technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have earned internationally-recognized industry certifications including CISA, CISSP, CRISC, and SANS GIAC. (See Progent's certifications). Progent also has experience with accounting and ERP application software. This breadth of expertise gives Progent the skills to efficiently determine necessary systems and integrate the surviving parts of your computer network system following a ransomware event and assemble them into an operational network.

Progent's recovery team of experts has best of breed project management tools to orchestrate the complex recovery process. Progent knows the urgency of acting swiftly and in unison with a customer’s management and IT staff to prioritize tasks and to put key systems back on-line as fast as humanly possible.

Customer Story: A Successful Ransomware Penetration Restoration
A business contacted Progent after their company was crashed by the Ryuk crypto-ransomware. Ryuk is believed to have been launched by North Korean state criminal gangs, suspected of adopting algorithms leaked from the U.S. National Security Agency. Ryuk attacks specific organizations with little room for operational disruption and is one of the most lucrative incarnations of ransomware. High publicized organizations include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing business headquartered in Chicago with around 500 workers. The Ryuk penetration had frozen all business operations and manufacturing processes. The majority of the client's data backups had been on-line at the time of the intrusion and were encrypted. The client was pursuing financing for paying the ransom (in excess of $200K) and wishfully thinking for the best, but in the end brought in Progent.

Progent worked hand in hand the client to rapidly identify and assign priority to the mission critical services that needed to be recovered in order to continue company operations:

• Windows Active Directory
• Electronic Mail
• Accounting/MRP

In less than 48 hours, Progent was able to re-build Active Directory to its pre-intrusion state. Progent then assisted with setup and storage recovery of essential servers. All Exchange Server data and configuration information were usable, which accelerated the restore of Exchange. Progent was able to find local OST files (Outlook Email Off-Line Folder Files) on user workstations and laptops in order to recover mail data. A recent offline backup of the client's financials/ERP systems made it possible to recover these vital applications back available to users. Although a lot of work remained to recover totally from the Ryuk event, the most important services were returned to operations rapidly:

Throughout the following few weeks critical milestones in the recovery project were accomplished through tight collaboration between Progent consultants and the client:

• Internal web sites were restored with no loss of data.
• The MailStore Exchange Server containing more than 4 million archived messages was restored to operations and available for users.
• CRM/Product Ordering/Invoices/Accounts Payable/AR/Inventory functions were 100 percent functional.
• A new Palo Alto Networks 850 security appliance was deployed.
• 90% of the user workstations were operational.

Conclusion
A potential business catastrophe was avoided through the efforts of hard-working experts, a wide spectrum of subject matter expertise, and close teamwork. Although in hindsight the ransomware virus penetration described here could have been identified and stopped with up-to-date cyber security systems and recognized best practices, user and IT administrator training, and well thought out security procedures for data backup and keeping systems up to date with security patches, the reality is that state-sponsored criminal cyber gangs from Russia, China and elsewhere are relentless and are not going away. If you do fall victim to a ransomware incursion, remember that Progent's team of professionals has substantial experience in crypto-ransomware virus defense, cleanup, and file recovery.

Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this customer story, please click:
Progent's Crypto-Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist