Ransomware : Your Worst IT Disaster
Ransomware  Recovery ProfessionalsCrypto-Ransomware has become a too-frequent cyber pandemic that poses an enterprise-level threat for organizations unprepared for an attack. Different iterations of ransomware such as Dharma, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been replicating for a long time and still inflict destruction. Modern versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Egregor, plus more as yet unnamed viruses, not only encrypt online files but also infiltrate many configured system protection mechanisms. Files synchronized to the cloud can also be corrupted. In a poorly architected data protection solution, it can render automated restore operations useless and effectively knocks the network back to square one.

Recovering programs and information after a crypto-ransomware event becomes a sprint against the clock as the targeted business struggles to contain and cleanup the ransomware and to resume enterprise-critical activity. Since ransomware requires time to move laterally, attacks are usually launched on weekends and holidays, when attacks in many cases take longer to discover. This multiplies the difficulty of promptly mobilizing and coordinating a qualified mitigation team.

Progent has an assortment of help services for protecting Dallas organizations from ransomware penetrations. These include team education to help identify and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) utilizing SentinelOne's behavior-based threat defense to discover and extinguish zero-day malware attacks. Progent also can provide the services of expert ransomware recovery professionals with the skills and perseverance to rebuild a compromised system as soon as possible.

Progent's Crypto-Ransomware Restoration Support Services
After a ransomware event, paying the ransom demands in cryptocurrency does not ensure that criminal gangs will respond with the needed keys to decrypt all your data. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their data after having sent off the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is significantly above the usual crypto-ransomware demands, which ZDNET estimated to be approximately $13,000 for smaller businesses. The other path is to piece back together the critical elements of your IT environment. Without the availability of essential system backups, this calls for a wide range of IT skills, professional team management, and the willingness to work non-stop until the job is done.

For decades, Progent has provided professional Information Technology services for companies throughout the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes consultants who have earned top industry certifications in foundation technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally-renowned certifications including CISA, CISSP, ISACA CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in accounting and ERP applications. This breadth of experience affords Progent the ability to knowledgably identify critical systems and consolidate the surviving pieces of your computer network environment following a crypto-ransomware event and assemble them into an operational system.

Progent's ransomware team deploys best of breed project management applications to coordinate the sophisticated restoration process. Progent appreciates the urgency of working rapidly and together with a client's management and IT team members to assign priority to tasks and to get essential applications back online as fast as humanly possible.

Business Case Study: A Successful Crypto-Ransomware Incident Restoration
A customer escalated to Progent after their network system was brought down by the Ryuk ransomware virus. Ryuk is believed to have been developed by Northern Korean government sponsored hackers, possibly using techniques leaked from the United States NSA organization. Ryuk attacks specific businesses with limited ability to sustain operational disruption and is one of the most profitable incarnations of ransomware. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a regional manufacturing company headquartered in Chicago and has about 500 employees. The Ryuk penetration had frozen all essential operations and manufacturing capabilities. The majority of the client's data backups had been on-line at the start of the attack and were encrypted. The client was taking steps for paying the ransom (in excess of two hundred thousand dollars) and praying for the best, but in the end made the decision to use Progent.


"I cannot tell you enough about the expertise Progent provided us during the most stressful time of (our) company's survival. We had little choice but to pay the cyber criminals behind the attack if it wasn't for the confidence the Progent team gave us. The fact that you were able to get our messaging and important servers back on-line quicker than one week was something I thought impossible. Each expert I worked with or communicated with at Progent was amazingly focused on getting us back online and was working 24/7 on our behalf."

Progent worked together with the customer to rapidly assess and prioritize the essential systems that had to be addressed to make it possible to continue departmental operations:

  • Active Directory
  • Exchange Server
  • Accounting/MRP
To start, Progent followed ransomware penetration mitigation best practices by stopping lateral movement and cleaning systems of viruses. Progent then began the work of rebuilding Active Directory, the heart of enterprise systems built on Microsoft Windows Server technology. Microsoft Exchange messaging will not function without Active Directory, and the customer's MRP software used Microsoft SQL, which requires Active Directory for access to the databases.

Within 48 hours, Progent was able to restore Active Directory services to its pre-intrusion state. Progent then assisted with setup and storage recovery of the most important servers. All Exchange Server data and configuration information were usable, which accelerated the rebuild of Exchange. Progent was also able to assemble non-encrypted OST data files (Outlook Email Off-Line Data Files) on various workstations and laptops to recover email messages. A not too old off-line backup of the client's accounting/ERP systems made them able to restore these essential services back available to users. Although a lot of work needed to be completed to recover fully from the Ryuk virus, the most important services were restored quickly:


"For the most part, the assembly line operation survived unscathed and we made all customer deliverables."

Over the following couple of weeks critical milestones in the recovery process were achieved through close cooperation between Progent engineers and the client:

  • Internal web applications were returned to operation without losing any data.
  • The MailStore Server exceeding 4 million historical messages was spun up and available for users.
  • CRM/Customer Orders/Invoices/Accounts Payable/AR/Inventory Control modules were completely restored.
  • A new Palo Alto Networks 850 firewall was installed.
  • 90% of the user PCs were fully operational.

"A huge amount of what happened in the early hours is mostly a haze for me, but we will not soon forget the countless hours all of your team put in to give us our business back. I've been working together with Progent for the past ten years, maybe more, and each time Progent has come through and delivered as promised. This event was a testament to your capabilities."

Conclusion
A probable business catastrophe was avoided due to hard-working experts, a broad range of IT skills, and tight collaboration. Although in hindsight the crypto-ransomware incident described here would have been prevented with modern cyber security technology solutions and ISO/IEC 27001 best practices, team education, and well designed security procedures for backup and applying software patches, the fact remains that state-sponsored cybercriminals from China, North Korea and elsewhere are tireless and will continue. If you do get hit by a crypto-ransomware incursion, remember that Progent's roster of professionals has proven experience in ransomware virus defense, cleanup, and information systems restoration.


"So, to Darrin, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were contributing), thanks very much for letting me get rested after we got past the initial push. All of you did an impressive job, and if anyone is around the Chicago area, a great meal is on me!"

Download the Ransomware Cleanup Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware System Restoration Consulting Services in Dallas
For ransomware system recovery services in the Dallas area, call Progent at 800-462-8800 or visit Contact Progent.



An index of content::

  • 24x7 BlackBerry Exchange Remote Technical Support BlackBerry Software Technical Support Group Dallas - Irving Texas
  • Active Directory Audit Professional ProSight Network Health Evaluation Consulting Services
  • After Hours Phobos Ransomware Hot Line Dallas - Irving Texas Ransomware Business Recovery Dallas Texas

  • Ekahau Onsite Wi-Fi Site Survey IT Services
    IT Consultant Ekahau Wi-Fi Planning

    Progent's Ekahau-certified Wi-Fi experts can help you to design, install, optimize, manage and troubleshoot a Wi-Fi network customized for your environment. Progent offers online or on-premises expertise for Ekahau Pro for predictive Wi-Fi design and Ekahau Sidekick for on-premises RF measurement.

  • After Hours Remote Workforce Expertise nearby Dallas - Setup Assistance Downtown Dallas Dallas Texas, America Dallas At Home Workforce Integration Consulting Services
  • At Home Workers Dallas Guidance - Cloud Integration Systems Expertise Dallas, USA Offsite Workforce Dallas Guidance - Cloud Integration Technology Consultants
  • CISM Security Security Small Business Migration 24 Hour Small Office Network Administration
  • Dallas Ransomware Rollback Dallas County, U.S.A.
  • CISSP Network Consultant Dallas Texas Security Consultancy CISSP Dallas Fort Worth
  • Cisco Small Business series NSS2000 Support and Setup Award Winning Cisco NSS2000 Technology Consulting Services
  • Cisco Technical Firms Dallas, U.S.A. Cisco Computer Outsourcing Dallas Texas, US

  • Infor SyteLine CloudSuite Debugging Professionals
    Top Infor SyteLine CloudSuite Factory Track Engineers

    Infor CloudSuite Industrial, formerly called SyteLine, is an ERP platform that incorporates over 25 years of experience helping manufacturing and distribution companies to simplify complicated supply chains and streamline critical processes in order to get products to market quickly and meet customer schedules dependably. Progent can provide the expertise of an ERP consultant with over 20 years of experience working with the SyteLine/CloudSuite Industrial platform. Progent can provide online or onsite services that can range from occasional guidance to end-to-end solution planning and project management. Sample services offered by Progent for Infor CloudSuite Industrial include installation, upgrades, business analysis, application development, Configure/Price/ Quote, web site integration, debugging, ETL, Microsoft 365 integration, disaster recovery planning, and database administration.

  • Cybersecurity Firm Juniper SSL VPN Immediate Juniper SSL VPN Router Cybersecurity Team
  • Dallas At Home Workforce Cybersecurity Systems Consultants Dallas Remote Workers Endpoint Security Systems Consulting Dallas DFW
  • Dallas, TX, United States Dallas Ryuk Ransomware Infection Remediation
  • Dallas Avaddon Crypto-Ransomware Repair Dallas Snatch Crypto-Ransomware Repair Dallas County
  • Dallas Consulting Services for Network Service Firms Dallas Texas Consulting Support for IT Support Organizations in Dallas - Seamless Short-Term Support Team Augmentation
  • Dallas Crypto-Ransomware Avaddon Preparedness Audit Downtown Dallas Dallas Ransomware Lockbit Readiness Assessment Dallas DFW
  • Dallas Crypto-Ransomware Removal Help Dallas County Emergency Dallas Ransomware Removal Experts Dallas Texas

  • On-site Support Internet Security and Acceleration Server 2006
    Remote Consulting Microsoft ISA Server 2006

    ISA 2006 is a comprehensive edge gateway that offers a powerful application layer firewall, virtual private network, and web caching solution for protecting the Internet-facing applications of any sized business against a broad range of attacks. Progent's Microsoft ISA Server consultants can help you design, rationalize, test, install, configure and manage the Standard or Enterprise version of ISA Server on your network.

  • Dallas DFW Dallas Dharma Ransomware Business-Recovery Downtown Dallas Dallas Egregor Crypto-Ransomware Removal
  • Downtown Dallas Dallas Egregor Ransomware Restoration
  • Dallas IT Staff Temps Help Dallas DFW Dallas IT Staffing Services Dallas Texas
  • Dallas Nephilim Crypto-Ransomware Forensics Dallas, TX Dallas County Dallas Ryuk Ransomware Incident Reporting
  • Dallas Spora Ransomware System-Rebuild Dallas Texas Dallas Hermes Ransomware Data-Recovery Downtown Dallas
  • Dallas Texas Dallas Work at Home Employees IP Voice Systems Guidance Dallas Remote Workers IP Voice Solutions Consultants Dallas - Irving Texas
  • Dallas WannaCry Ransomware Settlement Negotiation Services Dallas Spora Crypto-Ransomware Negotiation Guidance Dallas Texas, United States
  • Dallas, TX Network Repair Service Dallas, Texas Onsite and Remote Support

  • Service Desk Sharing Professional
    Service Desk Sharing Troubleshooting

    Progent offers three basic types of Call Center support : Microsoft Helpdesk Outsourcing Services, Virtual Help Desk Support, and Call Center Consulting and Staffing Services. Progent is a Microsoft-certified Partner and Progent's Help Desk team of trained Microsoft experts offers your customers easy access to a dependable technical resource with years of experience providing phone support and online troubleshooting for IT systems based on Microsoft technology. Progent's concentration is on earning the support Help Desk a positive reputation as a solid contributor to company productivity. Progent's target is to fix and not simply record problems.

  • Dallas, TX Windows Server 2016 IT Specialists Manager Windows Server 2016 Dallas - Irving Texas
  • Dynamics GP 2015 Technology Professional Microsoft Certified Expert Dynamics GP 2015 Web Client Consultant Services
  • Emergency At Home Workers Dallas Consultants - Help Desk Outsourcing Consulting and Support Services Dallas, TX Dallas - Irving Texas, US Work from Home Employees Dallas Consultants - Help Desk Augmentation Expertise
  • Exchange Server 2019 Remote Technical Support Microsoft Exchange Server 2007 Integration Group
  • Immediate Dallas MS Dynamics GP-Great Plains Upgrades Expert Dallas, TX Dallas Microsoft Dynamics GP Training Experts Dallas Fort Worth
  • Mandrake Linux, Sun Solaris, UNIX IT Consultants Downtown Dallas Open Now Ubuntu Linux, Sun Solaris, UNIX Professional Dallas Texas
  • Network Consultants SharePoint 2010 Dallas - Irving Texas Microsoft SharePoint 2010 Support and Integration Dallas, TX
  • Dallas DFW Dallas Ryuk Crypto-Ransomware System-Rebuild
  • Offsite Workforce Dallas Consultants - Collaboration Solutions Consulting and Support Services Dallas Largest Teleworkers Dallas Consulting Services - Collaboration Technology Guidance Downtown Dallas
  • Remote Workers Consulting and Support Services nearby Dallas - Management Systems Guidance Dallas Dallas At Home Workers Management Solutions Assistance Dallas, TX
  • Remote Workforce Assistance near Dallas - Connectivity Guidance Dallas Fort Worth At Home Workers Dallas Consulting Experts - Integration Consultants Dallas, TX
  • SQL Server Migration Support PC Consulting Microsoft SQL Server 2016 Dallas
  • Top Rated Dallas Network Services Dallas Small Business IT Outsourcing Firm

  • Certified Information Security Manager (CISM) IT Consulting
    Computer Consultancy Services GIAC Certified Intrusion Analyst (GCIA)

    Progent provides clients the services of consultants who have been awarded some of the IT industry's most prestigious credentials. Progent believes that clients deserve to be sure that their IT support professionals have formal training as well as extensive real-world backgrounds so that Progent's customers can engage Progent's support with trust. In many cases, vendor credentials like the CCIE confers priority for significantly superior vendor help than is offered to non-certified service providers, enabling Progent to offer customers a better class of IT support. In addition, major credentials such as CISM or CISSP for IT security can help enterprise customers to demonstrate compliance with regulatory requirements by engaging the assistance of recognized industry experts.

  • Top Rated Offsite Workforce Dallas Consulting - Voice/Video Conferencing Technology Assistance Dallas DFW Dallas Offsite Workforce Voice/Video Conferencing Systems Consulting Dallas DFW
  • Urgent MCSE MCSA MCDBA MCIPT MCA Remote Consultant From Home Job Dallas DFW, United States Microsoft MCP Remote Engineer Freelance Jobs Downtown Dallas
  • WatchGuard Firebox T55 Firewall Compliance Auditor Emergency Firewall Setup WatchGuard Firebox T15 Firewall
  • Work from Home Employees Dallas Consulting Experts - Backup/Recovery Systems Consultants Work at Home Employees Consulting in Dallas - Backup/Restore Technology Consulting Dallas Fort Worth

  • Microsoft Experts Setup and Support Supplemental Help Desk
    Supplemental Helpdesk Online Consulting

    Progent's Standard Help Desk Services offer a complete solution that handles all aspects of remote Level 1 desktop support from service requests through trouble ticket generation, screen sharing, status tracking, problem solving, and management reports. Support services are provided at a substantial discount from Progent's normal Level 1 desktop service rates, and Progent offers the option of fast as-needed escalation to Level 2 and Level 3 experts to resolve challenging problems.

  • iPhone patch management Consulting Consultant Services Software patch management

  • © 2002-2023 Progent Corporation. All rights reserved.