Ransomware : Your Worst Information Technology Disaster
Ransomware  Remediation ConsultantsRansomware has become a too-frequent cyberplague that represents an existential danger for organizations poorly prepared for an attack. Versions of ransomware like the CryptoLocker, WannaCry, Locky, Syskey and MongoLock cryptoworms have been replicating for many years and continue to inflict destruction. Modern variants of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Nephilim, plus additional unnamed newcomers, not only encrypt on-line files but also infiltrate most configured system backup. Files synched to off-site disaster recovery sites can also be rendered useless. In a vulnerable environment, this can render any restoration impossible and basically knocks the entire system back to square one.

Recovering applications and information after a ransomware outage becomes a race against the clock as the targeted business tries its best to stop lateral movement and eradicate the ransomware and to restore enterprise-critical operations. Since ransomware takes time to move laterally, assaults are frequently sprung during nights and weekends, when attacks in many cases take more time to notice. This multiplies the difficulty of promptly mobilizing and organizing an experienced response team.

Progent has a variety of solutions for securing Dallas organizations from crypto-ransomware events. Among these are staff education to help identify and not fall victim to phishing scams, ProSight Active Security Monitoring for endpoint detection and response using SentinelOne's AI-based threat defense to identify and extinguish day-zero modern malware assaults. Progent also can provide the assistance of seasoned ransomware recovery consultants with the skills and perseverance to restore a compromised network as soon as possible.

Progent's Crypto-Ransomware Recovery Support Services
Subsequent to a ransomware attack, paying the ransom in Bitcoin cryptocurrency does not guarantee that merciless criminals will return the needed keys to unencrypt all your data. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their files even after having paid the ransom, resulting in increased losses. The gamble is also expensive. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the typical ransomware demands, which ZDNET estimated to be in the range of $13,000 for small businesses. The fallback is to re-install the key parts of your IT environment. Without the availability of complete data backups, this calls for a wide range of skill sets, top notch project management, and the ability to work 24x7 until the task is done.

For decades, Progent has provided expert IT services for companies throughout the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes professionals who have been awarded high-level certifications in important technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity engineers have earned internationally-recognized certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has expertise in accounting and ERP applications. This breadth of expertise gives Progent the capability to efficiently determine important systems and integrate the remaining components of your Information Technology environment after a crypto-ransomware attack and rebuild them into an operational network.

Progent's ransomware team has powerful project management applications to orchestrate the complicated recovery process. Progent understands the importance of working quickly and together with a customer's management and IT team members to assign priority to tasks and to put essential applications back on line as soon as possible.

Case Study: A Successful Ransomware Incident Response
A client hired Progent after their company was taken over by the Ryuk crypto-ransomware. Ryuk is thought to have been launched by Northern Korean state sponsored hackers, suspected of using strategies leaked from the U.S. NSA organization. Ryuk seeks specific companies with limited room for operational disruption and is among the most profitable instances of crypto-ransomware. Major victims include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a regional manufacturing business headquartered in Chicago and has around 500 workers. The Ryuk event had paralyzed all essential operations and manufacturing processes. The majority of the client's data backups had been online at the time of the attack and were encrypted. The client considered paying the ransom (in excess of $200K) and praying for good luck, but ultimately utilized Progent.


"I cannot tell you enough about the care Progent provided us throughout the most critical period of (our) businesses existence. We may have had to pay the cyber criminals if it wasn't for the confidence the Progent group gave us. The fact that you were able to get our messaging and important servers back online sooner than a week was incredible. Every single consultant I got help from or texted at Progent was amazingly focused on getting us back on-line and was working 24/7 on our behalf."

Progent worked together with the customer to quickly identify and assign priority to the key elements that needed to be restored to make it possible to continue business operations:

  • Windows Active Directory
  • Microsoft Exchange Email
  • MRP System
To get going, Progent followed ransomware incident mitigation industry best practices by halting lateral movement and clearing infected systems. Progent then initiated the task of recovering Microsoft AD, the core of enterprise networks built upon Microsoft technology. Microsoft Exchange Server email will not operate without Windows AD, and the customer's MRP system utilized Microsoft SQL Server, which needs Windows AD for security authorization to the information.

In less than 48 hours, Progent was able to recover Windows Active Directory to its pre-attack state. Progent then performed reinstallations and storage recovery on critical applications. All Exchange Server ties and configuration information were intact, which facilitated the restore of Exchange. Progent was able to locate intact OST files (Microsoft Outlook Offline Data Files) on staff desktop computers and laptops to recover email data. A recent off-line backup of the client's accounting software made it possible to restore these required applications back online. Although a large amount of work remained to recover completely from the Ryuk virus, core systems were recovered quickly:


"For the most part, the assembly line operation never missed a beat and we made all customer deliverables."

During the following couple of weeks important milestones in the recovery process were made in tight collaboration between Progent consultants and the client:

  • Self-hosted web applications were restored with no loss of information.
  • The MailStore Server containing more than 4 million historical emails was brought on-line and available for users.
  • CRM/Customer Orders/Invoicing/Accounts Payable/AR/Inventory modules were completely recovered.
  • A new Palo Alto Networks 850 firewall was set up.
  • Nearly all of the user PCs were operational.

"So much of what happened those first few days is mostly a fog for me, but my management will not forget the countless hours each of your team accomplished to help get our business back. I've utilized Progent for at least 10 years, maybe more, and each time Progent has shined and delivered. This situation was the most impressive ever."

Conclusion
A potential business-killing catastrophe was dodged through the efforts of results-oriented professionals, a broad spectrum of knowledge, and tight teamwork. Although in retrospect the ransomware virus penetration described here should have been blocked with up-to-date security technology and NIST Cybersecurity Framework best practices, user education, and appropriate incident response procedures for backup and applying software patches, the fact remains that government-sponsored hackers from China, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a ransomware virus, feel confident that Progent's team of experts has substantial experience in ransomware virus blocking, mitigation, and file restoration.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Tony and Chris (and any others who were helping), I'm grateful for allowing me to get rested after we made it through the initial fire. Everyone did an incredible effort, and if any of your team is visiting the Chicago area, a great meal is on me!"

Download the Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Recovery Expertise in Dallas
For ransomware system recovery consulting in the Dallas metro area, phone Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24 Hour Dallas Hermes Crypto-Ransomware Cleanup Dallas County 24 Hour Dallas Critical Crypto-Ransomware Remediation
  • 24 Hour SQL Server 2012 Data Recovery Dallas Texas SQL Server Computer Firms
  • 24-7 Cisco Firepower AVC Remote Troubleshooting ASA Firepower Specialists
  • 24x7x365 At Home Workforce Dallas Guidance - Set up Expertise Dallas County 24/7 Teleworkers Consulting Experts near Dallas - Connectivity Solutions Consulting Dallas
  • After Hours Consulting Services for Dallas Network Support Firms Dallas, TX Dallas, TX Consulting Experts for Network Support Organizations near Dallas - Transparent Short-Term Support Staff Expansion
  • After Hours Ransomware Data Recovery Dallas DFW Spora Ransomware Hot Line Dallas DFW
  • BlackBerry Smartphone Network Security Consultants Dallas, United States Information Technology Consultants BlackBerry Exchange Dallas County

  • Remote Technical Support Server Virtualization
    Server Management Technology Professional

    Server proliferation puts pressure on IT budgets and management resources. Server consolidation via a virtual architecture offers lower TCO of servers and quicker return on investment, more efficient use of physical computers, streamlined operations, enhanced network availability, and easier management. Typical usage scenarios for virtual servers are resource consolidation, economical platforms for line-of-business legacy applications based on obsolete operating systems, and inexpensive isolation of software development or pilot testing systems from production systems.

  • Cisco CCIE Storage Networking Consulting Work From Home Job Dallas, TX CISSP Consulting Telecommuting Jobs Dallas - Irving Texas
  • Dallas - Irving Texas Remote Workforce Dallas Consulting Services - Backup/Recovery Technology Expertise Telecommuters Dallas Consulting - Backup/Restore Systems Guidance Dallas DFW
  • Dallas Spora Crypto-Ransomware File-Recovery Dallas
  • Dallas At Home Workforce Collaboration Technology Consulting Remote Workforce Expertise - Dallas - Collaboration Technology Guidance Dallas, TX, United States
  • Dallas County Teleworkers Consulting Services near me in Dallas - Call Desk Solutions Consulting Services Dallas At Home Workforce Help Desk Outsourcing Expertise Dallas, TX

  • Server Virtualization Consultant
    Mission Critical IT Applications Online Troubleshooting

    Server proliferation puts pressure on IT budgets and administrative resources. Server consolidation via a virtual infrastructure offers lower total cost of ownership of hardware and faster ROI, more leveraged use of physical computers, simplified operations, enhanced network uptime, and easier manageability. Common usage scenarios for virtual servers are resource consolidation, economical hosts for line-of-business legacy applications based on obsolete operating systems, and inexpensive quarantine of software development or pilot testing systems from on-line systems.

  • Dallas DFW At Home Workers Dallas Consulting - VoIP Technology Consulting 24-7 Work at Home Employees Consulting Services in Dallas - VoIP Systems Consulting Experts Dallas - Irving Texas
  • Dallas Egregor Crypto-Ransomware Repair Dallas County After Hours Dallas Snatch Crypto-Ransomware Mitigation
  • Dallas MS Dynamics GP Dallas Reseller - Implementation Development Microsoft Dynamics GP-Software Dallas Vender - Upgrade Help
  • Dallas Netwalker Crypto-Ransomware Forensics Investigation Dallas Dallas Conti Ransomware Forensics Dallas - Irving Texas
  • Dallas WannaCry Crypto-Ransomware File-Recovery Dallas - Irving Texas
  • Dallas Ransomware Checkup Dallas Ransomware Netwalker Preparedness Checkup Dallas DFW
  • Dallas Remote Workers Voice/Video Conferencing Technology Guidance Dallas - Irving Texas, United States Dallas At Home Workforce Conferencing Technology Guidance Dallas County
  • Dallas Remote Workforce Integration Expertise Dallas Work from Home Employees Dallas Expertise - Setup Consulting and Support Services Dallas County
  • Dallas Telecommuters Endpoint Security Systems Assistance At Home Workers Dallas Consulting Services - Network Security Systems Consulting Services Dallas, TX

  • ProSight Remote Infrastructure Management Online Support
    ProSight Remote Infrastructure Monitoring Consultants

    Progent's ProSight WAN Watch is an infrastructure management service that makes it simple and inexpensive for smaller businesses to diagram, monitor, optimize and debug their networking appliances like routers and switches, firewalls, and access points as well as servers, printers, client computers and other devices. Incorporating state-of-the-art Remote Monitoring and Management technology, ProSight WAN Watch ensures that network diagrams are kept current, copies and displays the configuration of virtually all devices connected to your network, tracks performance, and generates notices when potential issues are discovered. By automating time-consuming management activities, ProSight WAN Watch can knock hours off ordinary chores like network mapping, expanding your network, finding devices that need critical software patches, or isolating performance problems.

  • Dallas, Texas Computer Expert Dallas, Texas Small Office IT Consulting
  • Dallas, United States At Home Workforce Consulting and Support Services in Dallas - Endpoint Management Solutions Consultants Work at Home Employees Dallas Expertise - Management Tools Consulting Dallas Fort Worth
  • Downtown Dallas Dallas Avaddon Ransomware Rollback Dallas Maze Ransomware Data-Recovery Downtown Dallas
  • Engineers BlackBerry BES Server Express BlackBerry BES Express Consultancy
  • Exchange 2003 Server Small Business IT Outsourcing Company Dallas - Irving Texas Exchange Server 2013 Technicians Dallas DFW
  • Firewall Technical Support Services Dallas, TX Security Security Audits Dallas, United States
  • Information Technology Consulting Internet Security and Acceleration Server 24x7 Microsoft ISA Server Network Engineer
  • MOM 2000 Example Application MOM 2000 Case Study
  • Microsoft SCOM 2012 Help and Support SCOM 2012 Cloud Monitoring Integration Support
  • Microsoft Windows 2003 Cluster Server Support and Integration High-Availability Systems Remote Technical Support
  • Open Now SBS 2011 IT Services Microsoft Small Business Server 2003 Remote Consulting
  • Outsourcing Company BSD BSD Outsource
  • Downtown Dallas Dallas Lockbit Ransomware Cleanup
  • Remote Dallas Nephilim Ransomware Settlement Negotiation Experts Downtown Dallas Dallas, TX Dallas Crypto-Ransomware Negotiation Expertise
  • Remote Dallas Small Office IT Outsourcing Tech Expert Dallas

  • Microsoft Exchange Server 2019 Outsourcing
    Microsoft Exchange Server 2019 On-site Support

    Progent's Microsoft-certified consultants have 20 years of background designing, integrating, and supporting messaging systems for businesses in the and across the U.S. Progent provides economical Microsoft Exchange Servers consulting services to make sure that your email system offers compliance, high availability, easy access for remote and wireless users, efficient management utilities, and productive integration with telecommunications. Progent provides expertise and integration services for Microsoft Exchange 2016, Microsoft Exchange 2013 Server, Microsoft Exchange 2010 Server, Exchange 2007 Server, Exchange 2003 Server, and MS Exchange 2K Server. Progent can also assist small or medium businesses to migrate to Microsoft Exchange 2016 or Exchange 2013.

  • Dallas Phobos Ransomware Rollback
  • Remote Technical Support Slackware Linux, Solaris, UNIX Dallas Fort Worth, United States Ubuntu Linux, Sun Solaris, UNIX Online Consulting Dallas - Irving Texas

  • Support Aironet 2700 Access Point
    Aironet Wireless AP Engineer

    Progent's Cisco CCIE-certified wireless network consultants can provide remote or onsite configuration and troubleshooting support to help you to design, implement, update, tune, manage and troubleshoot Aironet wireless access point deployments of any scale or topology. Progent's Cisco wireless controller consultants can also assist you to combine your wireless ecosystem with your wired network and cloud-hosted resources to create an enterprise-wide connectivity foundation that is easy to manage and scale. Progent also can provide affordable Wi-Fi site surveys to help you to determine the most appropriate selection, location and setup of Aironet Wi-Fi APs to accommodate your unique office layout, building structure, and expected workloads.

  • Remote Workers Dallas Expertise - Cloud Solutions Consulting Services Remote Workforce Dallas Expertise - Cloud Systems Expertise Downtown Dallas

  • Email Polymorphic Virus Protection Consultants
    Cloud-managed Email Security Consultant

    Progent's ProSight Email Guard solution uses the technology of leading data security vendors to provide centralized management and comprehensive security for all your inbound and outbound email. The hybrid architecture of Email Guard managed service combines a Cloud Protection Layer with a local gateway device to provide complete defense against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks, and other email-based threats. ProSight Email Guard's Cloud Protection Layer serves as a preliminary barricade and keeps the vast majority of unwanted email from making it to your network firewall. This decreases your exposure to inbound attacks and conserves system bandwidth and storage. ProSight Email Guard's onsite security gateway device provides a deeper layer of analysis for incoming email. For outbound email, the on-premises security gateway offers anti-virus and anti-spam filtering, protection against data leaks, and encryption. The on-premises gateway can also help Exchange Server to track and protect internal email that originates and ends within your security perimeter.

  • Ryuk Remote Crypto-Ransomware Remediation Experts Dallas Dallas, TX Dallas Sodinokibi Ransomware Data-Recovery Dallas DFW
  • SharePoint Server 2007 Computer Engineer Dallas, TX SharePoint Server 2019 IT Consulting Dallas, TX, United States
  • Short Term IT Staffing for Computer Support Groups Dallas DFW Short-Term IT Support Staffing Services Expertise Dallas Texas
  • Dallas Crypto-Ransomware Data-Recovery Dallas DFW
  • Urgent Cisco Design Company Dallas - Irving Texas Cisco Small Office Network Consulting Dallas DFW
  • Windows Server 2012 R2 Computer Consultancy Company Dallas - Irving Texas Windows 2019 Server Small Business Network Consulting Services Dallas Texas

  • © 2002-2022 Progent Corporation. All rights reserved.