Ransomware : Your Feared Information Technology Catastrophe
Ransomware  Recovery ProfessionalsCrypto-Ransomware has become an escalating cyberplague that presents an extinction-level danger for organizations vulnerable to an attack. Different versions of ransomware such as CryptoLocker, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been circulating for many years and still cause damage. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Egregor, along with daily as yet unnamed malware, not only do encryption of on-line data but also infect any accessible system backup. Information synchronized to cloud environments can also be corrupted. In a poorly architected environment, this can make any recovery useless and basically knocks the datacenter back to square one.

Restoring programs and information after a crypto-ransomware attack becomes a sprint against the clock as the targeted business struggles to contain and cleanup the virus and to resume business-critical operations. Due to the fact that ransomware takes time to spread, attacks are frequently launched during nights and weekends, when successful penetrations in many cases take more time to discover. This compounds the difficulty of promptly mobilizing and organizing a knowledgeable mitigation team.

Progent provides an assortment of help services for protecting Dallas organizations from crypto-ransomware events. Among these are team training to help identify and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus installation of modern security appliances with AI technology to quickly identify and quarantine new threats. Progent also offers the assistance of veteran ransomware recovery professionals with the skills and commitment to restore a breached system as soon as possible.

Progent's Crypto-Ransomware Restoration Help
After a crypto-ransomware attack, sending the ransom demands in cryptocurrency does not guarantee that cyber hackers will respond with the keys to unencrypt any or all of your information. Kaspersky estimated that 17% of crypto-ransomware victims never recovered their files even after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is significantly above the typical crypto-ransomware demands, which ZDNET estimated to be around $13,000 for smaller businesses. The alternative is to re-install the key components of your IT environment. Absent access to full information backups, this requires a broad complement of skills, well-coordinated project management, and the capability to work non-stop until the job is done.

For twenty years, Progent has provided professional Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes engineers who have attained top certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity consultants have garnered internationally-recognized certifications including CISA, CISSP, CRISC, and GIAC. (Refer to Progent's certifications). Progent also has expertise in financial systems and ERP application software. This breadth of expertise affords Progent the ability to rapidly understand critical systems and organize the remaining pieces of your Information Technology system following a ransomware penetration and rebuild them into a functioning system.

Progent's security team of experts has best of breed project management applications to coordinate the complicated recovery process. Progent appreciates the importance of working quickly and in unison with a customerís management and IT resources to assign priority to tasks and to get critical services back on line as fast as possible.

Client Story: A Successful Ransomware Intrusion Restoration
A client contacted Progent after their organization was attacked by Ryuk ransomware virus. Ryuk is generally considered to have been created by North Korean state sponsored cybercriminals, suspected of using algorithms exposed from the U.S. NSA organization. Ryuk seeks specific businesses with little room for disruption and is one of the most lucrative versions of ransomware. Well Known organizations include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing business based in Chicago and has around 500 workers. The Ryuk intrusion had paralyzed all essential operations and manufacturing processes. Most of the client's information backups had been online at the start of the attack and were eventually encrypted. The client was taking steps for paying the ransom (exceeding $200K) and hoping for good luck, but ultimately called Progent.


"I canít say enough in regards to the help Progent gave us throughout the most fearful time of (our) companyís life. We most likely would have paid the cyber criminals if it wasnít for the confidence the Progent team afforded us. The fact that you were able to get our messaging and key applications back online sooner than five days was beyond my wildest dreams. Every single expert I worked with or communicated with at Progent was laser focused on getting us operational and was working 24 by 7 to bail us out."

Progent worked hand in hand the customer to quickly get our arms around and prioritize the key systems that had to be recovered to make it possible to restart company operations:

  • Windows Active Directory
  • Microsoft Exchange Server
  • Accounting/MRP
To begin, Progent followed ransomware penetration mitigation industry best practices by halting lateral movement and cleaning systems of viruses. Progent then began the work of bringing back online Microsoft AD, the core of enterprise networks built upon Microsoft Windows Server technology. Microsoft Exchange Server email will not operate without Windows AD, and the client's financials and MRP software utilized Microsoft SQL Server, which depends on Windows AD for access to the information.

In less than 48 hours, Progent was able to rebuild Active Directory services to its pre-penetration state. Progent then charged ahead with setup and storage recovery on needed applications. All Microsoft Exchange Server data and configuration information were usable, which accelerated the rebuild of Exchange. Progent was able to locate non-encrypted OST files (Outlook Offline Data Files) on staff workstations to recover email data. A not too old offline backup of the businesses manufacturing systems made them able to recover these required services back online. Although major work still had to be done to recover totally from the Ryuk event, essential services were restored quickly:


"For the most part, the assembly line operation ran fairly normal throughout and we did not miss any customer shipments."

Throughout the next couple of weeks key milestones in the recovery process were made through close cooperation between Progent team members and the customer:

  • In-house web sites were brought back up without losing any information.
  • The MailStore Microsoft Exchange Server containing more than 4 million archived messages was brought on-line and accessible to users.
  • CRM/Product Ordering/Invoices/Accounts Payable/Accounts Receivables (AR)/Inventory capabilities were 100 percent restored.
  • A new Palo Alto Networks 850 firewall was set up and programmed.
  • Ninety percent of the user desktops were functioning as before the incident.

"Much of what went on those first few days is nearly entirely a haze for me, but I will not soon forget the commitment each and every one of you accomplished to give us our business back. Iíve trusted Progent for at least 10 years, maybe more, and each time I needed help Progent has come through and delivered. This situation was a testament to your capabilities."

Conclusion
A possible company-ending catastrophe was evaded due to results-oriented experts, a wide array of knowledge, and close teamwork. Although in hindsight the crypto-ransomware virus attack detailed here could have been identified and blocked with modern security technology and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator education, and appropriate incident response procedures for information protection and proper patching controls, the reality remains that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do fall victim to a crypto-ransomware incident, remember that Progent's team of experts has extensive experience in ransomware virus blocking, cleanup, and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Jesse, Arnaud, Allen, Tony and Chris (and any others who were contributing), thank you for allowing me to get rested after we got past the initial fire. Everyone did an fabulous effort, and if any of your guys is in the Chicago area, dinner is my treat!"

Download the Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this ransomware incident report, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)

File body_ransomware_recovery_contact_city.asp does not exist



An index of content::

  • 24 Hour Work at Home Employees Dallas Guidance - Conferencing Systems Guidance Dallas - Irving Texas Telecommuters Consulting Experts - Dallas - Video Conferencing Solutions Consulting Experts Dallas Fort Worth, United States

  • Hermes ransomware recovery Consultant Services
    Specialists Dharma ransomware recovery

    Progent's experienced ransomware recovery experts can assist you to restore a network damaged by a ransomware crypto-worm such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch or Egregor.

  • 24-7 MCSE Contract Recruiter Microsoft Consultant Positions
  • 24-Hour At Home Workers Assistance in Dallas - Endpoint Management Tools Consulting Services Dallas, TX Dallas Remote Workforce Management Tools Expertise Dallas Texas
  • 24/7 Engineer SQL Server 2017 Standard Microsoft Certified Partner Online Support SQL Server 2017 Development
  • 24/7/365 Microsoft SharePoint Server 2010 IT Consultant Dallas SharePoint Server 2007 Computer Consultants Dallas County
  • Award Winning Microsoft Exchange 2010 System Engineers Dallas DFW, United States Server Help Exchange 2010 Server Dallas County
  • BlackBerry Email Outsourcing Company Downtown Dallas BlackBerry Exchange Small Business Outsourcing Downtown Dallas
  • Cisco Computer Support Company Dallas DFW Cisco Information Technology Consulting Group Dallas DFW

  • Installation support Microsoft Dynamics NAV
    Microsoft Dynamics Business Central Technical Support

    Progent can provide you with experts who can modify your Microsoft Business Solutions ERP, MRP, and accounting system applications to match your specific business requirements. Progentís Microsoft-certified consultants offer expertise in Microsoft Dynamics AX ERP Software, Microsoft Dynamics NAV Business Management Software, Microsoft Solomon, and Microsoft Retail Management Software. Progent also provides custom e-Commerce consulting services for safe, corporate-wide information sharing plus interfacing with Customer Relationship Management packages.

  • Computer Security Solaris UNIX Firewall Configure
  • Dallas At Home Workforce Call Desk Outsourcing Consulting Dallas DFW Teleworkers Dallas Consulting Services - Help Desk Call Center Outsourcing Expertise Dallas Fort Worth, U.S.A.
  • Dallas At Home Workforce Integration Solutions Consulting and Support Services Dallas Dallas Remote Workforce Solutions Assistance Dallas DFW, U.S.A.

  • Support Outsourcing Catalyst Wi-Fi 6 AP Planning
    Cisco Certified Experts Online Help Catalyst Wi-Fi 6 AP

    Progent's Cisco-certified Catalyst 802.11ax Wi-Fi 6 Access Point consultants can provide economical online and on-premises help for Catalyst next-generation Wi-Fi 6 wireless access points.

  • Dallas County Computer Service Companies Dallas, TX IT Management
  • Dallas Fort Worth Dallas Ryuk Crypto-Ransomware Virus Remediation Case Study
  • Dallas County Dallas Ryuk Crypto Identification and Removal Top Ranked 24-Hour Dallas Ransomware Repair Consultants Downtown Dallas
  • Dallas Crypto-Ransomware Cleanup Services Dallas County Dallas Phobos Ransomware Rollback
  • Dallas DFW Dallas Microsoft Dynamics GP-Great Plains Training Help Dallas Microsoft Dynamics GP Upgrades Expert Dallas - Irving Texas, America
  • Dallas Dharma Ransomware Restoration Dallas Fort Worth Dallas Maze Ransomware Rollback Dallas
  • Dallas Fort Worth Dallas Crypto-Ransomware NotPetya Readiness Audit 24x7 Dallas Crypto-Ransomware Audit Dallas Fort Worth

  • Windows and UNIX Consulting
    24 Hour Remote Support UNIX with Windows

    Progent's UNIX platform consulting experts offer small companies and developers support for administering and supporting UNIX, Linux or Solaris environments that operate with Microsoft-based networks. Progent can give your business contact with UNIX consultants, support professionals premier by Microsoft and Cisco, and security specialists with CISM and CISA credentials. This wide range of experience offers you an easy one-stop consulting firm to help you build and manage a secure and reliable cross-platform network and communications environment that supports UNIX and Microsoft interoperability by integrating Microsoft Windows with major versions of UNIX including Apple Mac OS X, Sun Solaris, IBM AIX Open UNIX, Hewlett Packard HP-UX, BSD, SCO UNIX, and Silicon Graphics IRIX (SGI/IRIX or leading Linux platforms such as RedHat, SUSE, CentOS, Ubuntu, PCLinuxOS, fedora Linux, Gentoo, Mandriva Linux, Debian-GNU, and Slackware.

  • Dallas Hermes Crypto-Ransomware Remediation Dallas County Dallas Crypto-Ransomware Remediation and File Restore Dallas DFW
  • Dallas Remote Workers Backup Solutions Consulting and Support Services Dallas DFW Dallas Fort Worth Urgent Dallas Offsite Workforce Backup/Restore Solutions Expertise
  • Dallas Remote Workers Integration Consulting Services Offsite Workforce Dallas Consulting Experts - Infrastructure Assistance Dallas, US
  • Dallas Slackware Linux, Solaris, UNIX IT Consulting Gentoo Linux, Sun Solaris, UNIX Outsourcing Dallas County
  • Dallas Sodinokibi Ransomware Forensics Dallas DFW 24x7 Dallas Crypto-Ransomware Forensics Investigation Downtown Dallas

  • Forefront TMG 2010 Online Technical Support
    24x7 Threat Management Gateway 2010 Consulting Services

    Forefront Threat Management Gateway 2010 builds on the powerful security technologies of Internet Security and Acceleration Server 2006 and provides a easily administered web gateway that delivers a single-server solution for a variety of security features including an multi-layer firewall, URL filtering, antimalware, intrusion protection, reputation services, VPN management, plus HTTP and HTTPS inspection. Microsoft Forefront Threat Management Gateway provides advanced web security logging and reporting capabilities, allows customized reports powered by SQL Server, works with Active Directory to simplify authentication and policy enforcement, and can be installed as a virtual machine to lower expenses and enhance recoverability. Progent's Microsoft-certified engineers can help you to design and execute pilot and production deployments; interface Forefront TMG 2010 with Windows 2008, AD, SQL Server, Microsoft Exchange Server, and Microsoft SharePoint 2010; install Forefront Threat Management Gateway to operate on a virtual machine with Microsoft Windows Hyper-V; and deliver ongoing support and troubleshooting. Progent's consultants can also help you to upgrade economically to Microsoft Forefront Threat Management Gateway 2010 from any version of ISA Server.

  • Dallas Nephilim Ransomware Data-Recovery Dallas County
  • Downtown Dallas Remote Workforce Assistance in Dallas - Collaboration Technology Assistance Best Telecommuters Dallas Consulting Services - Collaboration Technology Assistance Dallas Texas
  • Downtown Dallas, United States Work at Home Employees Assistance nearby Dallas - VoIP Solutions Consulting Services 24x7 At Home Workers Consulting and Support Services - Dallas - IP Voice Solutions Consulting Experts Dallas
  • Emergency MCSE MCSA MCDBA MCIPT MCA Engineer Job Dallas County Microsoft MCSA Remote Support Part Time Job Dallas Texas
  • Enterprise hybrid cloud integration Consultants Professionals Enterprise hybrid cloud integration
  • Expertise for IT Support Companies - Dallas - Transparent Short-Term Staff Help Dallas DFW Consulting Support for Dallas IT Support Firms Dallas Fort Worth, US
  • Microsoft Certified Expert Dallas, TX Network Engineer 24-7 Dallas, Texas Network Solutions
  • Microsoft SQL Server 2017 Consulting Group Downtown Dallas Microsoft SQL 2014 Network Architect Dallas DFW

  • Lync Server 2013 PSTN Gateway Consulting
    Lync Server 2013 high availability Consultant

    Progent's Microsoft-certified consultants can help you to evaluate the value of Microsoft Lync Server for your business and can assist you to plan and carry out a rollout of Lync Server 2010 that consolidates the control of Instant Messaging and Presence and improves the output of your office employees, telecommuters, and mobile workforce. Progent's consultant's can in addition help you to carry out a smooth upgrade to Microsoft Lync Server 2010 from Microsoft Office Communications Server or from Microsoft Live Communications Server, integrate Microsoft Lync Server with Exchange Server, Microsoft SharePoint, and Microsoft SQL Server, show you how you can use Microsoft Lync Server 2010 to enhance the collaborative functions of Microsoft Office programs, and provide training and continuing technical support for Lync and other Microsoft products.

  • Microsoft Virtual PC for Mac Troubleshooting After Hours Integration Support VirtualPC for Mac
  • Offsite Workforce Consulting nearby Dallas - Cloud Systems Consulting Services Dallas - Irving Texas Dallas Offsite Workforce Cloud Integration Systems Consultants Dallas, TX, United States
  • Ransomware Removal and Restore Dallas, TX Ransomware Removal and Restore Dallas Fort Worth
  • Security Network Intrusion Penetration Testing Dallas - Irving Texas Dallas, United States After Hours Intrusion Detection Firewall
  • Technical Consultant Windows Server 2012 R2 Windows Server 2012 R2 Computer Support For Small Offices Downtown Dallas
  • Temporary IT Staffing Services Expertise Dallas Fort Worth, USA Immediate Temporary Network Support Staffing Support Services Consulting Experts
  • Top Rated ProSight Spam Filtering Consultant Services 24 Hour Email Anti-fraud Intelligence Engineer

  • Specialist Temporary IT Staffing Services
    Immediate IT Staffing Support Services

    Progent's temporary IT staffing services enable you to meet the need for network professionals without incurring the costs and hassle associated with vetting and hiring reliable technical workers and without increasing your permanent workforce.

  • Dallas Egregor Ransomware Rollback Dallas - Irving Texas
  • Urgent Dallas Netwalker Crypto-Ransomware Negotiation Expertise Dallas Fort Worth Dallas Netwalker Crypto-Ransomware Settlement Negotiation Services Downtown Dallas
  • Work at Home Employees Dallas Consultants - Security Solutions Consulting Experts Dallas Work at Home Employees Dallas Guidance - Endpoint Security Solutions Guidance Dallas

  • © 2002-2021 Progent Corporation. All rights reserved.