Ransomware : Your Crippling Information Technology Catastrophe
Ransomware  Recovery ConsultantsRansomware has become a too-frequent cyberplague that presents an existential threat for organizations vulnerable to an assault. Different iterations of crypto-ransomware such as Reveton, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been around for many years and continue to cause destruction. Recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit or Nephilim, plus more as yet unnamed newcomers, not only encrypt online critical data but also infiltrate all available system restores and backups. Information replicated to off-site disaster recovery sites can also be rendered useless. In a vulnerable data protection solution, it can make any restoration impossible and basically knocks the entire system back to square one.

Getting back applications and data after a ransomware attack becomes a race against time as the targeted business fights to stop the spread and remove the crypto-ransomware and to resume enterprise-critical activity. Due to the fact that ransomware takes time to spread, assaults are frequently sprung at night, when successful penetrations tend to take more time to uncover. This compounds the difficulty of rapidly marshalling and orchestrating an experienced response team.

Progent offers a variety of help services for securing businesses from ransomware penetrations. These include staff education to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus installation of modern security gateways with AI technology from SentinelOne to identify and extinguish new cyber threats intelligently. Progent in addition offers the services of experienced ransomware recovery professionals with the skills and commitment to re-deploy a compromised system as rapidly as possible.

Progent's Ransomware Restoration Services
Subsequent to a ransomware event, even paying the ransom demands in Bitcoin cryptocurrency does not ensure that cyber hackers will provide the codes to decipher all your files. Kaspersky estimated that 17% of ransomware victims never restored their files after having paid the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is well above the typical ransomware demands, which ZDNET averages to be approximately $13,000. The alternative is to re-install the mission-critical parts of your Information Technology environment. Absent access to full data backups, this calls for a wide complement of skills, top notch project management, and the capability to work 24x7 until the task is done.

For two decades, Progent has offered certified expert IT services for businesses in Downers Grove and throughout the United States and has achieved Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded advanced industry certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distros of Linux. Progent's cyber security consultants have earned internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise with financial systems and ERP applications. This breadth of experience affords Progent the capability to rapidly ascertain necessary systems and organize the surviving components of your computer network system after a ransomware penetration and rebuild them into a functioning network.

Progent's recovery team of experts has top notch project management tools to coordinate the sophisticated recovery process. Progent appreciates the urgency of acting rapidly and in concert with a customer's management and Information Technology team members to prioritize tasks and to put essential applications back on line as fast as humanly possible.

Customer Story: A Successful Crypto-Ransomware Attack Recovery
A business contacted Progent after their company was attacked by Ryuk ransomware. Ryuk is thought to have been developed by Northern Korean state criminal gangs, suspected of using approaches leaked from the U.S. National Security Agency. Ryuk seeks specific businesses with limited tolerance for disruption and is one of the most profitable instances of ransomware. High publicized targets include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing business located in the Chicago metro area with around 500 workers. The Ryuk penetration had brought down all business operations and manufacturing processes. Most of the client's information backups had been on-line at the start of the attack and were eventually encrypted. The client was pursuing financing for paying the ransom demand (exceeding two hundred thousand dollars) and praying for the best, but in the end called Progent.


"I can't thank you enough in regards to the care Progent provided us throughout the most fearful period of (our) businesses life. We had little choice but to pay the cyber criminals behind the attack if it wasn't for the confidence the Progent team afforded us. The fact that you were able to get our e-mail system and production servers back quicker than five days was earth shattering. Each person I interacted with or communicated with at Progent was hell bent on getting us back on-line and was working at all hours to bail us out."

Progent worked hand in hand the customer to rapidly determine and assign priority to the mission critical areas that had to be recovered to make it possible to continue company functions:

  • Microsoft Active Directory
  • E-Mail
  • Financials/MRP
To begin, Progent adhered to ransomware event response industry best practices by isolating and disinfecting systems. Progent then began the process of rebuilding Microsoft Active Directory, the heart of enterprise systems built on Microsoft Windows Server technology. Microsoft Exchange email will not function without AD, and the businesses' MRP applications utilized SQL Server, which requires Windows AD for authentication to the databases.

Within two days, Progent was able to restore Active Directory to its pre-attack state. Progent then performed rebuilding and hard drive recovery of essential systems. All Exchange schema and configuration information were intact, which greatly helped the restore of Exchange. Progent was also able to assemble local OST files (Outlook Off-Line Folder Files) on various desktop computers to recover mail data. A recent offline backup of the customer's accounting software made it possible to return these vital programs back online. Although a lot of work was left to recover fully from the Ryuk damage, critical services were returned to operations rapidly:


"For the most part, the manufacturing operation ran fairly normal throughout and we made all customer sales."

During the next few weeks critical milestones in the restoration project were made in close collaboration between Progent consultants and the client:

  • In-house web applications were returned to operation without losing any information.
  • The MailStore Server with over four million historical messages was spun up and available for users.
  • CRM/Orders/Invoices/Accounts Payable/Accounts Receivables (AR)/Inventory functions were completely operational.
  • A new Palo Alto Networks 850 security appliance was set up and programmed.
  • Ninety percent of the desktop computers were functioning as before the incident.

"A lot of what happened that first week is mostly a fog for me, but my team will not soon forget the urgency each of your team put in to give us our business back. I've entrusted Progent for the past ten years, possibly more, and each time Progent has outperformed my expectations and delivered. This event was the most impressive ever."

Conclusion
A potential business-ending catastrophe was dodged by hard-working experts, a broad range of knowledge, and tight teamwork. Although in post mortem the ransomware attack detailed here could have been prevented with current cyber security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user education, and properly executed incident response procedures for backup and applying software patches, the fact remains that state-sponsored cybercriminals from Russia, North Korea and elsewhere are relentless and will continue. If you do get hit by a crypto-ransomware attack, feel confident that Progent's team of professionals has proven experience in crypto-ransomware virus blocking, remediation, and information systems disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Chris (and any others who were helping), I'm grateful for making it so I could get some sleep after we got past the initial push. Everyone did an fabulous effort, and if any of your guys is in the Chicago area, dinner is the least I can do!"

To review or download a PDF version of this case study, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Crypto-Ransomware Protection Services Available from Progent
Progent can provide businesses in Downers Grove a variety of remote monitoring and security assessment services to help you to minimize the threat from crypto-ransomware. These services utilize next-generation AI technology to uncover new variants of ransomware that can evade traditional signature-based anti-virus solutions.

  • ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
    Progent's ProSight Active Security Monitoring is an endpoint protection (EPP) solution that utilizes SentinelOne's cutting edge behavior-based analysis technology to defend physical and virtual endpoints against modern malware assaults like ransomware and file-less exploits, which routinely evade legacy signature-matching AV products. ProSight Active Security Monitoring safeguards on-premises and cloud-based resources and offers a unified platform to manage the entire threat progression including protection, detection, containment, cleanup, and post-attack forensics. Key features include one-click rollback using Windows Volume Shadow Copy Service and automatic system-wide immunization against newly discovered threats. Progent is a SentinelOne Partner, dealer, and integrator. Learn more about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware defense.

  • ProSight Enhanced Security Protection (ESP): Physical and Virtual Endpoint Protection and Exchange Filtering
    ProSight Enhanced Security Protection (ESP) managed services offer ultra-affordable multi-layer protection for physical and virtual servers, desktops, smartphones, and Microsoft Exchange. ProSight ESP uses contextual security and advanced machine learning for continuously monitoring and reacting to security assaults from all vectors. ProSight ESP offers firewall protection, intrusion alerts, device control, and web filtering via leading-edge tools packaged within one agent managed from a single control. Progent's data protection and virtualization experts can help you to plan and configure a ProSight ESP environment that addresses your company's unique needs and that helps you achieve and demonstrate compliance with legal and industry information protection regulations. Progent will assist you define and implement security policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that call for urgent attention. Progent can also assist you to set up and verify a backup and disaster recovery solution like ProSight Data Protection Services so you can get back in business quickly from a potentially disastrous cyber attack such as ransomware. Learn more about Progent's ProSight Enhanced Security Protection unified physical and virtual endpoint security and Exchange email filtering.

  • ProSight Data Protection Services (DPS): Backup and Recovery Services
    Progent has partnered with leading backup/restore technology providers to produce ProSight Data Protection Services (DPS), a selection of management outsourcing plans that deliver backup-as-a-service (BaaS). ProSight DPS products manage and monitor your data backup processes and enable non-disruptive backup and rapid recovery of vital files, apps, system images, plus VMs. ProSight DPS helps your business protect against data loss resulting from equipment breakdown, natural disasters, fire, cyber attacks such as ransomware, human mistakes, malicious employees, or software bugs. Managed backup services in the ProSight Data Protection Services product line include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup based on Barracuda purpose-built hardware, and ProSight DPS MSP360 Cloud and On-prem Backup. Your Progent service representative can assist you to determine which of these fully managed services are most appropriate for your IT environment.

  • ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
    ProSight Email Guard is Progent's spam and virus filtering service that uses the infrastructure of top data security companies to provide web-based management and comprehensive protection for your email traffic. The powerful structure of Email Guard combines a Cloud Protection Layer with an on-premises gateway appliance to offer complete defense against spam, viruses, Dos Attacks, Directory Harvest Attacks, and other email-borne threats. Email Guard's Cloud Protection Layer serves as a first line of defense and blocks the vast majority of unwanted email from making it to your security perimeter. This decreases your vulnerability to external attacks and saves network bandwidth and storage. Email Guard's onsite security gateway device provides a deeper layer of inspection for incoming email. For outgoing email, the onsite security gateway offers anti-virus and anti-spam protection, policy-based Data Loss Prevention, and email encryption. The on-premises gateway can also help Microsoft Exchange Server to monitor and safeguard internal email that originates and ends inside your corporate firewall. For more information, visit Email Guard spam filtering and data leakage protection.

  • ProSight WAN Watch: Infrastructure Management
    ProSight WAN Watch is a network infrastructure monitoring and management service that makes it easy and affordable for smaller organizations to diagram, monitor, optimize and troubleshoot their networking appliances such as routers, firewalls, and wireless controllers as well as servers, client computers and other devices. Incorporating state-of-the-art RMM technology, WAN Watch ensures that network maps are always current, copies and manages the configuration information of almost all devices connected to your network, tracks performance, and sends notices when potential issues are discovered. By automating complex network management processes, WAN Watch can cut hours off ordinary tasks such as network mapping, expanding your network, finding appliances that need critical software patches, or isolating performance bottlenecks. Learn more details about ProSight WAN Watch infrastructure management services.

  • ProSight LAN Watch: Server and Desktop Remote Monitoring
    ProSight LAN Watch is Progent's server and desktop monitoring service that incorporates advanced remote monitoring and management (RMM) techniques to keep your IT system operating efficiently by checking the health of vital assets that power your information system. When ProSight LAN Watch detects a problem, an alarm is transmitted automatically to your designated IT management staff and your Progent consultant so that any looming problems can be resolved before they have a chance to impact productivity. Learn more about ProSight LAN Watch server and desktop monitoring consulting.

  • ProSight Virtual Hosting: Hosted Virtual Machines at Progent's Tier III Data Center
    With Progent's ProSight Virtual Hosting service, a small business can have its key servers and apps hosted in a protected fault tolerant data center on a high-performance virtual host configured and maintained by Progent's IT support professionals. With Progent's ProSight Virtual Hosting service model, the customer owns the data, the OS platforms, and the apps. Since the environment is virtualized, it can be moved immediately to a different hosting solution without requiring a lengthy and difficult reinstallation procedure. With ProSight Virtual Hosting, your business is not locked into a single hosting service. Learn more details about ProSight Virtual Hosting services.

  • ProSight IT Asset Management: Network Documentation Management
    ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to capture, maintain, retrieve and protect data related to your IT infrastructure, processes, applications, and services. You can instantly find passwords or IP addresses and be alerted about upcoming expirations of SSLs or warranties. By updating and organizing your network documentation, you can save as much as 50% of time wasted trying to find critical information about your network. ProSight IT Asset Management features a common repository for storing and collaborating on all documents related to managing your business network such as standard operating procedures and How-To's. ProSight IT Asset Management also supports advanced automation for gathering and relating IT data. Whether you're making improvements, doing maintenance, or reacting to a crisis, ProSight IT Asset Management delivers the data you need when you need it. Read more about Progent's ProSight IT Asset Management service.

  • Progent Active Defense Against Ransomware: Machine Learning-based Ransomware Identification and Cleanup
    Progent's Active Protection Against Ransomware is an endpoint protection (EPP) service that utilizes cutting edge behavior-based machine learning technology to defend endpoints as well as servers and VMs against new malware assaults such as ransomware and email phishing, which easily get by traditional signature-based anti-virus products. Progent ASM services protect on-premises and cloud-based resources and offers a unified platform to address the complete malware attack lifecycle including protection, infiltration detection, mitigation, remediation, and post-attack forensics. Key capabilities include single-click rollback with Windows VSS and automatic system-wide immunization against newly discovered attacks. Find out more about Progent's ransomware defense and recovery services.

  • Outsourced/Co-managed Service Desk: Support Desk Managed Services
    Progent's Help Center services permit your information technology team to outsource Support Desk services to Progent or split activity for Service Desk support transparently between your internal network support resources and Progent's nationwide roster of IT support technicians, engineers and subject matter experts (SMEs). Progent's Co-managed Service Desk provides a seamless supplement to your internal IT support organization. End user interaction with the Help Desk, delivery of technical assistance, issue escalation, ticket generation and tracking, performance measurement, and management of the service database are cohesive whether issues are resolved by your core network support group, by Progent's team, or a mix of the two. Find out more about Progent's outsourced/co-managed Help Center services.

  • Progent's Patch Management: Patch Management Services
    Progent's managed services for patch management offer organizations of any size a flexible and cost-effective solution for evaluating, validating, scheduling, applying, and tracking updates to your dynamic IT network. In addition to maximizing the protection and reliability of your computer environment, Progent's patch management services permit your IT team to focus on line-of-business projects and tasks that derive the highest business value from your network. Read more about Progent's software/firmware update management support services.

  • ProSight Duo Multi-Factor Authentication: Identity Validation, Endpoint Policy Enforcement, and Protected Single Sign-on (SSO)
    Progent's Duo MFA services incorporate Cisco's Duo cloud technology to protect against compromised passwords by using two-factor authentication. Duo supports one-tap identity verification on iOS, Android, and other out-of-band devices. Using 2FA, whenever you log into a protected online account and give your password you are requested to verify your identity via a unit that only you possess and that is accessed using a separate network channel. A broad range of devices can be utilized for this second means of ID validation including an iPhone or Android or watch, a hardware token, a landline telephone, etc. You may register several verification devices. To find out more about Duo two-factor identity authentication services, see Duo MFA two-factor authentication (2FA) services.

  • ProSight Reporting: Real-time and In-depth Reporting for Ticketing and Network Monitoring Platforms
    ProSight Reporting is an expanding suite of real-time and in-depth management reporting utilities designed to integrate with the leading ticketing and network monitoring platforms including ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting incorporates Microsoft Graph and utilizes color coding to highlight and contextualize critical issues like spotty support follow-through or endpoints with out-of-date AVs. By exposing ticketing or network health problems concisely and in near-real time, ProSight Reporting improves network value, reduces management hassle, and saves money. For details, visit ProSight Reporting for ticketing and network monitoring platforms.
For 24x7 Downers Grove Crypto Removal Help, contact Progent at 800-462-8800 or go to Contact Progent.