Crypto-Ransomware : Your Crippling IT Disaster
Ransomware  Remediation ProfessionalsRansomware has become a too-frequent cyberplague that represents an extinction-level threat for organizations poorly prepared for an assault. Multiple generations of ransomware such as CrySIS, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for many years and continue to inflict havoc. Modern strains of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Lockbit and Egregor, along with daily as yet unnamed malware, not only encrypt on-line critical data but also infect any accessible system restores and backups. Data synchronized to the cloud can also be encrypted. In a poorly designed data protection solution, this can render automated recovery impossible and basically sets the network back to zero.

Restoring programs and data following a crypto-ransomware intrusion becomes a sprint against the clock as the victim struggles to stop the spread and remove the ransomware and to resume business-critical operations. Since ransomware requires time to spread, attacks are usually sprung during weekends and nights, when successful penetrations in many cases take more time to uncover. This multiplies the difficulty of quickly mobilizing and organizing an experienced response team.

Progent provides an assortment of services for securing Dallas businesses from crypto-ransomware events. Among these are staff training to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, along with deployment of the latest generation security appliances with AI technology to intelligently detect and disable zero-day threats. Progent in addition provides the assistance of veteran ransomware recovery professionals with the skills and perseverance to restore a compromised system as quickly as possible.

Progent's Crypto-Ransomware Recovery Support Services
Subsequent to a crypto-ransomware event, even paying the ransom demands in Bitcoin cryptocurrency does not ensure that cyber criminals will respond with the codes to decrypt any of your files. Kaspersky Labs determined that seventeen percent of crypto-ransomware victims never restored their files even after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the usual ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller businesses. The other path is to piece back together the vital components of your IT environment. Absent access to complete system backups, this requires a wide complement of IT skills, top notch team management, and the capability to work non-stop until the task is complete.

For decades, Progent has offered expert Information Technology services for businesses throughout the United States and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes engineers who have earned high-level industry certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-renowned certifications including CISM, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (See Progent's certifications). Progent in addition has expertise with financial systems and ERP application software. This breadth of experience provides Progent the ability to efficiently determine necessary systems and organize the surviving pieces of your Information Technology system after a crypto-ransomware attack and configure them into a functioning network.

Progent's security team of experts has state-of-the-art project management tools to orchestrate the complicated recovery process. Progent knows the urgency of acting swiftly and together with a customerís management and Information Technology team members to assign priority to tasks and to put the most important systems back on-line as soon as possible.

Business Case Study: A Successful Ransomware Virus Restoration
A client engaged Progent after their organization was attacked by the Ryuk ransomware. Ryuk is generally considered to have been deployed by North Korean state cybercriminals, possibly adopting strategies exposed from Americaís NSA organization. Ryuk goes after specific organizations with limited room for operational disruption and is among the most profitable instances of ransomware. Major organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturing company based in the Chicago metro area and has around 500 workers. The Ryuk intrusion had paralyzed all business operations and manufacturing processes. Most of the client's information backups had been on-line at the beginning of the intrusion and were encrypted. The client was taking steps for paying the ransom demand (exceeding $200,000) and hoping for good luck, but in the end called Progent.


"I cannot speak enough in regards to the support Progent provided us during the most fearful time of (our) businesses life. We had little choice but to pay the cybercriminals except for the confidence the Progent team gave us. That you could get our e-mail and key servers back online sooner than a week was amazing. Each expert I spoke to or e-mailed at Progent was totally committed on getting us working again and was working 24 by 7 on our behalf."

Progent worked hand in hand the client to quickly determine and prioritize the critical elements that had to be recovered in order to restart departmental functions:

  • Active Directory
  • E-Mail
  • MRP System
To begin, Progent followed AV/Malware Processes incident response industry best practices by halting the spread and cleaning systems of viruses. Progent then initiated the work of restoring Active Directory, the key technology of enterprise systems built upon Microsoft Windows technology. Microsoft Exchange messaging will not function without AD, and the customerís financials and MRP software leveraged Microsoft SQL Server, which needs Active Directory services for access to the database.

In less than 2 days, Progent was able to restore Active Directory to its pre-intrusion state. Progent then completed reinstallations and storage recovery on the most important servers. All Exchange Server schema and attributes were intact, which accelerated the restore of Exchange. Progent was able to locate intact OST files (Outlook Off-Line Data Files) on staff PCs to recover email data. A not too old offline backup of the client's accounting/ERP software made them able to recover these essential services back online. Although significant work was left to recover completely from the Ryuk damage, the most important systems were recovered rapidly:


"For the most part, the production manufacturing operation did not miss a beat and we did not miss any customer sales."

Throughout the next couple of weeks key milestones in the recovery project were made through tight collaboration between Progent engineers and the customer:

  • Internal web applications were returned to operation without losing any data.
  • The MailStore Microsoft Exchange Server exceeding four million historical messages was brought online and available for users.
  • CRM/Product Ordering/Invoices/Accounts Payable (AP)/Accounts Receivables/Inventory Control modules were 100 percent operational.
  • A new Palo Alto Networks 850 firewall was deployed.
  • Nearly all of the user workstations were being used by staff.

"A lot of what happened in the early hours is nearly entirely a fog for me, but I will not forget the care each of the team accomplished to give us our company back. I have been working together with Progent for the past 10 years, maybe more, and every time Progent has outperformed my expectations and delivered. This time was a stunning achievement."

Conclusion
A possible enterprise-killing disaster was averted with hard-working professionals, a wide array of IT skills, and tight teamwork. Although upon completion of forensics the crypto-ransomware penetration detailed here could have been identified and stopped with advanced cyber security technology and security best practices, team training, and properly executed security procedures for information backup and applying software patches, the fact is that state-sponsored cyber criminals from China, Russia, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a crypto-ransomware penetration, remember that Progent's roster of experts has proven experience in ransomware virus defense, remediation, and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Chris (along with others who were helping), thank you for allowing me to get some sleep after we made it over the initial fire. Everyone did an impressive effort, and if anyone that helped is visiting the Chicago area, dinner is the least I can do!"

Download the Crypto-Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist



An index of content::

  • 24-7 MCSE MCSA MCDBA MCIPT MCA Support Jobs Dallas - Irving Texas Downtown Dallas Microsoft MCSA Remote Engineer Home Based Virtual Office
  • At Home Workforce Consultants in Dallas - Backup Systems Consulting and Support Services Dallas Texas Remote Workers Dallas Consultants - Backup/Restore Systems Guidance Dallas - Irving Texas
  • Award Winning Dallas Work from Home Employees VoIP Systems Guidance At Home Workers Consulting and Support Services near Dallas - IP Voice Systems Consulting Services Downtown Dallas
  • BlackBerry BPS Support Organizations Dallas County Dallas, TX Top Rated RIM BlackBerry Small Business Server Support
  • Consulting for Computer Support Firms near Dallas - Seamless Temporary IT Support Augmentation Dallas DFW, America Consultants for IT Support Providers near me in Dallas - Short-Term Staff Help Dallas, TX, US
  • Dallas Dallas At Home Workers Collaboration Solutions Consulting Remote Workers Dallas Consulting Services - Collaboration Solutions Consulting Services Dallas Texas
  • Dallas Egregor Ransomware Recovery Dallas - Irving Texas Dallas County Dallas Netwalker Crypto-Ransomware Repair

  • Exchange Server 2016 Upgrade Remote Consulting
    Exchange 2016 Migration Outsourcing

    Progent can assist you in all facets of your upgrade to Exchange Server 2016 such as designing HA infrastructure for a local, Microsoft cloud connected or hybrid deployment; CAL licensing requirements for Exchange Server and Windows Server 2012 R2 or later; migrating mailboxes; Hyper-V virtualization strategy; determining mass storage requirements for your virtual machines (VMs), mailbox databases and logs; configuring hardware load balancing (HLB) for high-availability CAS services; planning, setting up and testing Exchange Servers and Windows Servers and DAG groups; integration with SharePoint; updating your firewall; resolving SSL issues; providing client remediation with Office desktop or Microsoft Office 365; and configuring Outlook on the web (formerly Outlook Web App).

  • Dallas Fort Worth Dallas Ransomware Data-Recovery Consultants Dallas - Irving Texas 24 Hour Dallas Nephilim Ransomware Remediation
  • Dallas Hermes Ransomware Forensics Analysis Dallas Fort Worth Dallas Hermes Crypto-Ransomware Forensics Dallas
  • Dallas Microsoft Dynamics GP-Great Plains Upgrades Help Downtown Dallas MS Dynamics GP-Great Plains Dallas Vender - Migration Help Dallas
  • Dallas Conti Ransomware Removal Dallas, TX
  • Dallas MongoLock Crypto-Ransomware Settlement Help Dallas Dallas Sodinokibi Ransomware Settlement Negotiation Expertise Downtown Dallas
  • Dallas Network Companies Dallas Migrations
  • Dallas Ransomware Recovery Dallas Dallas, TX Urgent Dallas Lockbit Crypto-Ransomware Business-Recovery
  • Dallas Remote Workforce Call Desk Augmentation Guidance Dallas DFW, USA Work at Home Employees Consultants near Dallas - Help Desk Outsourcing Assistance
  • Dallas Remote Workforce Integration Solutions Consulting At Home Workforce Consultants - Dallas - Integration Consultants Dallas Fort Worth
  • Dallas Teleworkers Management Tools Consulting and Support Services Dallas, TX Dallas Offsite Workforce Management Solutions Assistance Dallas, TX

  • CRISC Certified Risk and Information Systems Control Auditor Specialist
    24/7 CRISC Certified Risk and Information Systems Control Manager Consulting

    Progent can provide the services of a CRISC-certified risk management expert to assist you to design and implement an enterprise risk management solution following best practices promoted by CRISC and crafted to match your company's risk tolerance, business objectives, and IT budget.

  • Dallas Texas Dallas Ransomware Hermes Preparedness Assessment Dallas Crypto-Ransomware Vulnerability Checkup
  • Dallas Texas Dallas Telecommuters Video Conferencing Solutions Consulting At Home Workforce Dallas Guidance - Conferencing Solutions Consultants Dallas, TX, America

  • Professional Co-managed Call Center
    Virtual Support Desk Technical Support Services

    Progent's Network Help Desk Call Center Outsourcing Services for desktop technical support are intended specifically for small organizations who require immediate access to a Help Desk Call Center with professional phone support and effective escalation options but who have to work within a restricted information technology budget. Key features of Progent's Help Desk Outsourcing Support Services include: Helpdesk Phone Support, Secure Remote Access Support, Initial System Evaluation, Problem Prioritization, Virtual Helpdesk Support, By-the-Minute Billing, and Help Desk Software Selection and Integration.

  • Dallas, TX Cisco Network Installation Cisco Technology Consulting Dallas County
  • Downtown Dallas Mandrake Linux, Sun Solaris, UNIX Technology Consulting Suse Linux, Solaris, UNIX Support Services
  • Emergency Dallas Ransomware Repair Consulting Dallas Hermes Ransomware Cleanup Downtown Dallas, United States

  • UNIX, Windows Consultancy
    24 Hour Windows and UNIX Professional

    If your company runs a UNIX or Linux network or a mixed-platform network, Progent's CISM and ISSAP-premier security specialists can help your whole organization in a broad range of security areas such as security administration practices, security architecture and models, connection management systems and methodology, software development security, business processes security, physical security, telecommunications, network and web security, and workplace recovery planning. CISM and ISSAP define the basic competencies and international standards of performance that information security managers are required to possess. These accreditations give IT management the assurance that consultants who have earned their CISA or CISM qualification have the experience and theory to offer effective security management and engineering help.

  • Exchange 2019 Computer Consulting Group Dallas DFW Microsoft Exchange Server 2013 Computer Network Consultant Dallas Texas
  • IT Staffing for IT Support Teams Dallas Texas Dallas Staffing Support Services Dallas Fort Worth

  • Support Azure AD MFA
    Top Ranked Azure AD Hybrid Remote Consulting

    Progentís consultants can assist you to plan and implement a smooth migration from onsite Active Directory to cloud-hosted Azure AD or to a hybrid solution that deploys Azure AD DS and Azure AD Connect to centralize identity services for both on-premises and cloud assets.

  • Microsoft SharePoint 2013 Support and Help Dallas - Irving Texas IT Consulting Microsoft SharePoint 2010 Dallas, TX, US
  • Microsoft VBA for Mac Technical Consultant Word for Mac Consultant
  • Microsoft and Cisco Certified Expert Dallas, Texas Consolidate 24/7 Dallas Server Recovery
  • Offsite Workforce Consulting Experts in Dallas - Setup Guidance Dallas DFW Dallas Remote Workforce Integration Consulting Dallas Fort Worth
  • Offsite Workforce Dallas Consulting Services - Cloud Integration Systems Consultants Dallas County At Home Workforce Dallas Consulting - Cloud Solutions Guidance Dallas - Irving Texas
  • Progent Small Businesses Consulting Group 24/7 Progent Start-Up Companies Network Consulting
  • Ryuk Ransomware Hot Line Dallas WannaCry Ransomware Hot Line Dallas Texas
  • SQL Server 2012 Network Consulting Companies Dallas County SQL Server 2019 Network Recovery Dallas, TX
  • Security Cybersecurity Contractor Dallas Urgent Firewall Security Firms Dallas County
  • Software Support Solaris UNIX Consultant
  • 24 Hour Dallas Netwalker Ransomware Operational-Recovery Dallas
  • Tech Support Windows 2008 Server Dallas Texas, America Design Consultant Windows 2019 Server Dallas, US
  • Dallas Conti Crypto-Ransomware Restoration Dallas - Irving Texas, USA
  • Work from Home Employees Dallas Consulting and Support Services - Cybersecurity Solutions Guidance Dallas Dallas Fort Worth Dallas Remote Workers Network Security Systems Consulting and Support Services

  • 24 Hour SCCM 2016 Azure Integration Online Consulting
    Remote Technical Support SCCM 2016 Distribution Point

    Configuration Manager 2016 automates software deployment across multiple sites, centralizes security and compliance settings control, inventories network assets, protects against corporate data leakage, performs network health reporting, enables safe end-user self service, and offers a single point of control for administering multi-OS ecosystems based on on-premises, cloud, or hybrid deployment topologies. Progent's Microsoft-certified Configuration Manager 2016 consultants and Azure cloud specialists can assist your organization with any facet of planning, installing, operating and troubleshooting a System Center 2016 Configuration Manager deployment for local, cloud, or hybrid networks.


    © 2002-2021 Progent Corporation. All rights reserved.