Ransomware : Your Feared IT Disaster
Ransomware  Remediation ConsultantsRansomware has become a modern cyber pandemic that represents an enterprise-level danger for organizations poorly prepared for an attack. Multiple generations of ransomware such as Reveton, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been around for many years and continue to cause havoc. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus additional unnamed viruses, not only encrypt online critical data but also infect all accessible system restores and backups. Files synchronized to cloud environments can also be rendered useless. In a vulnerable system, this can make automated restoration hopeless and effectively sets the network back to square one.

Restoring programs and data after a crypto-ransomware intrusion becomes a sprint against time as the victim struggles to stop lateral movement, clear the virus, and resume mission-critical operations. Because ransomware requires time to move laterally across a network, assaults are usually sprung on weekends and holidays, when successful penetrations are likely to take longer to uncover. This multiplies the difficulty of quickly marshalling and organizing a knowledgeable mitigation team.

Progent makes available an assortment of solutions for protecting Dallas organizations from crypto-ransomware events. Among these are team education to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's AI-based threat defense to discover and disable day-zero malware attacks. Progent in addition provides the services of expert crypto-ransomware recovery engineers with the skills and perseverance to rebuild a compromised environment as rapidly as possible.

Progent's Ransomware Restoration Support Services
After a crypto-ransomware penetration, paying the ransom in cryptocurrency does not guarantee that distant criminals will return the codes to unencrypt any of your files. Kaspersky Labs determined that 17% of ransomware victims never recovered their information after having sent off the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms are typically several hundred thousand dollars. For larger enterprises, the ransom demand can reach millions. The fallback is to piece back together the mission-critical parts of your Information Technology environment. Absent access to complete system backups, this calls for a wide complement of IT skills, well-coordinated project management, and the willingness to work non-stop until the task is done.

For twenty years, Progent has provided certified expert IT services for businesses across the US and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have attained advanced industry certifications in key technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has expertise in financial management and ERP applications. This breadth of experience gives Progent the ability to quickly identify critical systems and organize the surviving parts of your computer network system following a crypto-ransomware penetration and configure them into a functioning system.

Progent's ransomware group uses best of breed project management applications to orchestrate the complicated restoration process. Progent knows the urgency of acting quickly and in unison with a customer's management and Information Technology staff to assign priority to tasks and to get key systems back on-line as fast as humanly possible.

Case Study: A Successful Ransomware Penetration Restoration
A customer escalated to Progent after their network system was taken over by Ryuk ransomware virus. Ryuk is thought to have been deployed by North Korean government sponsored criminal gangs, possibly using algorithms exposed from America's National Security Agency. Ryuk attacks specific businesses with little room for operational disruption and is among the most lucrative versions of crypto-ransomware. High publicized victims include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturing company located in the Chicago metro area and has about 500 workers. The Ryuk penetration had shut down all essential operations and manufacturing processes. The majority of the client's backups had been directly accessible at the start of the attack and were encrypted. The client was pursuing financing for paying the ransom (in excess of $200,000) and praying for good luck, but ultimately brought in Progent.


"I cannot thank you enough in regards to the help Progent gave us throughout the most stressful time of (our) company's life. We may have had to pay the criminal gangs if it wasn't for the confidence the Progent experts afforded us. That you could get our e-mail and critical applications back on-line sooner than a week was beyond my wildest dreams. Each consultant I got help from or messaged at Progent was totally committed on getting us back on-line and was working 24/7 to bail us out."

Progent worked hand in hand the customer to quickly determine and prioritize the key areas that needed to be restored to make it possible to resume departmental operations:

  • Microsoft Active Directory
  • Microsoft Exchange
  • Financials/MRP
To begin, Progent adhered to Anti-virus incident response industry best practices by halting lateral movement and clearing infected systems. Progent then started the task of restoring Active Directory, the core of enterprise systems built on Microsoft Windows Server technology. Exchange messaging will not work without AD, and the businesses' financials and MRP applications utilized SQL Server, which needs Windows AD for security authorization to the data.

Within 48 hours, Progent was able to re-build Active Directory to its pre-penetration state. Progent then charged ahead with reinstallations and storage recovery on the most important servers. All Exchange data and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was able to collect non-encrypted OST data files (Microsoft Outlook Off-Line Folder Files) on various workstations and laptops to recover mail information. A not too old off-line backup of the customer's manufacturing systems made them able to recover these required applications back online for users. Although a lot of work still had to be done to recover completely from the Ryuk event, the most important services were restored quickly:


"For the most part, the production operation did not miss a beat and we delivered all customer orders."

During the next few weeks important milestones in the restoration project were achieved in close collaboration between Progent engineers and the customer:

  • Internal web applications were restored with no loss of information.
  • The MailStore Exchange Server containing more than 4 million historical messages was spun up and accessible to users.
  • CRM/Customer Orders/Invoicing/Accounts Payable (AP)/Accounts Receivables (AR)/Inventory Control functions were completely restored.
  • A new Palo Alto Networks 850 security appliance was deployed.
  • Nearly all of the desktops and laptops were being used by staff.

"So much of what transpired in the early hours is mostly a blur for me, but our team will not forget the countless hours each and every one of the team put in to give us our company back. I've entrusted Progent for the past ten years, maybe more, and each time Progent has impressed me and delivered. This time was a testament to your capabilities."

Conclusion
A likely business-killing catastrophe was evaded by results-oriented experts, a broad spectrum of knowledge, and tight teamwork. Although in post mortem the ransomware incident described here would have been identified and blocked with modern security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, team education, and appropriate incident response procedures for information protection and proper patching controls, the reality remains that state-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do fall victim to a crypto-ransomware incident, remember that Progent's team of experts has substantial experience in ransomware virus blocking, removal, and file recovery.


"So, to Darrin, Matt, Aaron, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others that were involved), thanks very much for letting me get rested after we made it through the most critical parts. All of you did an incredible job, and if anyone that helped is visiting the Chicago area, dinner is my treat!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Restoration Services in Dallas
For ransomware system restoration consulting in the Dallas metro area, phone Progent at 800-462-8800 or visit Contact Progent.



An index of content::

  • 24/7 Dallas Offsite Workforce Help Desk Call Center Solutions Assistance Dallas DFW, America Remote Workers Expertise near me in Dallas - Call Desk Augmentation Consulting Services Dallas - Irving Texas
  • Advantages of IT Outsourcing White Papers White Paper Advantages of IT Outsourcing
  • At Home Workforce Dallas Guidance - Collaboration Systems Guidance Dallas Fort Worth Dallas Remote Workers Collaboration Systems Expertise Dallas DFW
  • Award Winning Computer Setup BlackBerry Professional Software Dallas BlackBerry Technical Support Organization Dallas, TX, USA

  • Consultant Small Business WAP371
    Emergency CCNP Expert Certified Small Business WAP321 On-site Support

    Progent's Cisco-certified Wi-Fi technology consulting experts can assist organizations to deploy, manage, and troubleshoot Cisco Small Business 100/300/500 Wireless Access Points.

  • Best Netwalker Ransomware Hot Line Downtown Dallas Ransomware Cleanup and Recovery Downtown Dallas
  • CryptoLocker Remediation Experts Dallas 24/7 Dallas Ransomware Recovery Dallas, TX, United States
  • Dallas - Irving Texas, United States Telecommuters Dallas Consulting Experts - Integration Consulting Dallas Remote Workers Setup Assistance Dallas

  • After Hours Snatch ransomware hot line Specialist
    Consultant Services Phobos ransomware hot line

    Progent's Ransomware Hot Line provides 24x7 access to a proven ransomware recovery consultant who can assist you to contain the spread of an active ransomware breach. Call 800-462-8800

  • Dallas County Consulting for Network Support Organizations near Dallas - Seamless Temporary Support Team Expansion Expertise for IT Service Companies in Dallas - Transparent Temporary IT Support Augmentation Dallas Fort Worth, US
  • Dallas County Firewall Cybersecurity Contractor Security Security Companies Dallas Fort Worth
  • Dallas Crypto-Ransomware Malware Repair Dallas Fort Worth Dallas NotPetya Crypto-Ransomware System-Rebuild Dallas Texas
  • Dallas Crypto-Ransomware MongoLock Preparedness Evaluation Dallas, TX, United States Best Dallas Crypto-Ransomware Maze Vulnerability Consultation Dallas DFW, United States
  • Dallas DFW 24-7 CISA Consultant Job Openings Microsoft MCITP Remote Engineer Careers Dallas DFW
  • Dallas DFW Dallas Telecommuters Integration Consulting and Support Services Telecommuters Dallas Assistance - Support Consulting Experts Dallas
  • Dallas DFW Microsoft Dynamics GP Gold Partner - Dallas - Training Consulting MS Dynamics GP Vendor near Dallas - Upgrade Programming and Support

  • Microsoft Azure hybrid cloud integration Consult
    Microsoft Azure enterprise hybrid cloud solutions Professionals

    Progent offers expert remote support services to help organizations connect their networks with popular public clouds such as Microsoft Azure and Amazon Web Services (AWS). Progent can help you to design and administer hybrid ecosystems that can include Windows and Linux operating systems and applications in both cloud-centric solutions or in hybrid topologies that combine physical IT assets along with cloud services. To assist you to integrate public clouds with physical datacenters, Progent offers a variety of cloud migration services such as Azure enterprise hybrid cloud planning and deployment services, Amazon Web Services (AWS) cloud integration, and Amazon Web Marketing Service (WMS) programming and troubleshooting. Progent has more than two decades of experience delivering high-level consulting services online, and Progent can help you successfully carry out your cloud integration initiatives quickly and within your budget.

  • Dallas Fort Worth Network Outsource Windows Server 2019 Windows Server 2012 Small Business IT Consultants Dallas Fort Worth, U.S.A.
  • Dallas Locky Ransomware System-Restore Dallas Dallas MongoLock Ransomware Business-Recovery
  • Dallas MongoLock Crypto-Ransomware Forensics Dallas Dallas Phobos Crypto-Ransomware Forensics Dallas, TX, United States
  • Dallas Ryuk Ransomware Virus Business-Recovery Example Dallas - Irving Texas
  • Dallas Network Architect Dallas, Texas Management

  • On-site Support Temporary IT Staff Augmentation Services
    On Demand IT Staffing Services Onsite Technical Support

    Progent's short-term staff augmentation services allow businesses to meet the need for IT support personnel without dealing with the expense and hassle associated with vetting and hiring experienced technical workers and without adding to your permanent workforce.

  • Dallas Network Architect Firms Dallas Remote Support
  • Dallas Staffing Services Downtown Dallas Temporary Staffing Support Consulting Support Dallas - Irving Texas
  • Dallas Telecommuters Endpoint Management Solutions Consulting and Support Services Dallas - Irving Texas Work from Home Employees Consulting and Support Services - Dallas - Management Tools Consulting Experts Dallas Fort Worth
  • Downtown Dallas Dallas Spora Crypto-Ransomware Negotiation Experts Dallas Ryuk Crypto-Ransomware Settlement Guidance Dallas
  • Downtown Dallas Work at Home Employees Dallas Consulting - Video Conferencing Technology Consulting and Support Services Remote Workforce Consulting in Dallas - Conferencing Solutions Consulting Experts Dallas, TX, U.S.A.

  • Hornetsecurity Altaro M365 Teams Chat Backup Remote Troubleshooting
    Technology Consulting Hornetsecurity Altaro M365 OneDrive Backup

    Progent is a certified Hornetsecurity/Altaro partner and can plan, install, and manage a deployment of 365 Total Backup to safeguard your Microsoft 365 user and group mailboxes, files residing within your organization's OneDrive Accounts and SharePoint Document Libraries, user and group Teams Chats, plus files on Windows laptops and desktops.

  • Emergency Dallas DopplePaymer Ransomware Business Recovery Downtown Dallas Dallas Avaddon Crypto-Ransomware Remediation Dallas DFW
  • Microsoft SQL Server 2016 Computer Network Firms Dallas County Small Business IT Outsourcing Firm SQL 2014 Dallas, US

  • ProSight Reporting Infrastructure Monitoring Consulting
    ProSight Reporting SentinelOne Remote Network Monitoring Remote Support Services

    ProSight Reporting is a growing family of in-depth reporting utilities created to integrate with the industry's leading ticketing and remote network monitoring applications including ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne.

  • Microsoft Virtual PC for Mac IT Consultant Remote Consulting VirtualPC for Mac
  • Dallas Ryuk Ransomware Mitigation Dallas, TX
  • Offsite Workforce Dallas Consulting Experts - VoIP Solutions Consulting Dallas - Irving Texas Open Now Dallas Teleworkers IP Voice Solutions Consulting Services Dallas DFW
  • Outsourcing SQL Server 2014 Backup SQL Server Management Studio Remote Support
  • Phone Support Exchange 2003 Server Dallas Fort Worth Exchange 2003 Server Information Technology Outsourcing Companies Downtown Dallas
  • Remote Workers Assistance in Dallas - Backup/Recovery Systems Consulting Experts Downtown Dallas Dallas DFW Teleworkers Consultants in Dallas - Backup/Restore Systems Consulting
  • Support OS X Connectivity Immediate iPad Architecture Remote Support
  • System Repair Cisco Dallas, TX Cisco Implementation Services Dallas - Irving Texas
  • Top Ranked Debian Linux, Solaris, UNIX Network Engineer Dallas Fort Worth 24/7 Debian Linux, Solaris, UNIX Remote Troubleshooting Dallas - Irving Texas
  • Urgent SharePoint Server 2013 Outsourcing Dallas DFW, America Microsoft SharePoint Server 2007 Technology Consulting Downtown Dallas
  • Windows Server 2016 Virtual Machine Load Balancing Consultant Windows Server 2016 Stretch Clusters Specialist
  • Work From Home Job Computer Consulting Walnut Creek California Microsoft MCSA Consultant From Home Job Pleasant Hill CA
  • Work from Home Employees Assistance nearby Dallas - Cloud Systems Consulting Services Dallas DFW Dallas DFW Dallas Work at Home Employees Cloud Integration Solutions Assistance
  • Work from Home Employees Consulting Services near Dallas - Cybersecurity Solutions Consultants Dallas Texas, U.S.A. Dallas Work at Home Employees Security Solutions Consulting Dallas Fort Worth

  • Exchange 2000 Server Online Troubleshooting
    Microsoft Exchange Online Troubleshooting

    Progent is among the most experienced network support firms for designing email solutions based on Microsoft Exchange 2000. Progent is skilled in helping small businesses receive all the benefits of Microsoft Exchange Server 2000 for typical situations such as upgrading from Exchange 5.5 Server, moving from an ISP-based or POP3 e-mail environment, and jobbing out your Microsoft Exchange 2000 Server management.


    © 2002-2024 Progent Corporation. All rights reserved.