Crypto-Ransomware : Your Feared Information Technology Nightmare
Ransomware  Recovery ProfessionalsRansomware has become an escalating cyber pandemic that represents an existential threat for businesses poorly prepared for an attack. Different versions of ransomware like the CryptoLocker, CryptoWall, Locky, SamSam and MongoLock cryptoworms have been replicating for a long time and still inflict destruction. More recent versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit or Nephilim, as well as additional unnamed malware, not only encrypt online data but also infect any configured system protection. Information synchronized to cloud environments can also be rendered useless. In a vulnerable data protection solution, it can make automatic restore operations hopeless and effectively sets the network back to zero.

Recovering services and data after a ransomware attack becomes a sprint against the clock as the victim fights to stop the spread and cleanup the ransomware and to restore business-critical operations. Due to the fact that ransomware requires time to move laterally, attacks are usually sprung on weekends, when penetrations tend to take more time to discover. This compounds the difficulty of rapidly mobilizing and orchestrating a qualified response team.

Progent has a range of solutions for securing businesses from ransomware attacks. Among these are staff education to help recognize and avoid phishing scams, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus setup and configuration of modern security gateways with artificial intelligence technology from SentinelOne to discover and extinguish day-zero cyber threats automatically. Progent also can provide the assistance of seasoned ransomware recovery consultants with the talent and commitment to restore a breached environment as rapidly as possible.

Progent's Crypto-Ransomware Recovery Support Services
Soon after a ransomware attack, sending the ransom demands in Bitcoin cryptocurrency does not guarantee that cyber hackers will return the codes to decrypt any of your data. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their information even after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is well higher than the usual crypto-ransomware demands, which ZDNET estimates to be approximately $13,000. The alternative is to re-install the vital elements of your IT environment. Absent access to full data backups, this requires a wide complement of skill sets, professional project management, and the capability to work non-stop until the recovery project is complete.

For two decades, Progent has made available expert Information Technology services for companies in Uniondale and throughout the US and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have been awarded top industry certifications in key technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security specialists have garnered internationally-recognized certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has expertise in financial management and ERP software solutions. This breadth of experience affords Progent the ability to quickly identify important systems and organize the remaining parts of your IT system after a crypto-ransomware penetration and configure them into a functioning system.

Progent's recovery team of experts has state-of-the-art project management tools to orchestrate the sophisticated restoration process. Progent knows the urgency of acting swiftly and in concert with a customer�s management and IT staff to assign priority to tasks and to get key systems back online as fast as possible.

Customer Story: A Successful Crypto-Ransomware Penetration Response
A business engaged Progent after their network system was penetrated by the Ryuk crypto-ransomware. Ryuk is thought to have been created by North Korean government sponsored cybercriminals, possibly adopting algorithms exposed from America�s NSA organization. Ryuk goes after specific companies with little room for operational disruption and is among the most profitable incarnations of ransomware. Well Known organizations include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturing business headquartered in the Chicago metro area with about 500 workers. The Ryuk penetration had disabled all company operations and manufacturing capabilities. The majority of the client's system backups had been online at the beginning of the attack and were encrypted. The client was actively seeking loans for paying the ransom demand (in excess of $200K) and wishfully thinking for the best, but in the end utilized Progent.


"I cannot say enough in regards to the support Progent gave us during the most critical time of (our) businesses life. We had little choice but to pay the Hackers if it wasn�t for the confidence the Progent experts afforded us. The fact that you were able to get our e-mail system and key applications back into operation faster than one week was beyond my wildest dreams. Every single expert I talked with or e-mailed at Progent was absolutely committed on getting our system up and was working at all hours on our behalf."

Progent worked hand in hand the customer to rapidly determine and prioritize the essential applications that needed to be addressed in order to restart departmental functions:

  • Windows Active Directory
  • Electronic Messaging
  • MRP System
To get going, Progent adhered to ransomware event mitigation industry best practices by halting lateral movement and clearing up compromised systems. Progent then started the task of recovering Microsoft Active Directory, the heart of enterprise systems built on Microsoft Windows technology. Microsoft Exchange Server messaging will not function without AD, and the customer�s MRP system leveraged Microsoft SQL Server, which depends on Active Directory services for authentication to the data.

Within two days, Progent was able to restore Active Directory to its pre-penetration state. Progent then helped perform setup and hard drive recovery of mission critical servers. All Exchange Server data and attributes were intact, which facilitated the restore of Exchange. Progent was able to locate local OST files (Microsoft Outlook Off-Line Folder Files) on staff PCs to recover email information. A recent off-line backup of the customer�s financials/ERP software made them able to recover these essential applications back on-line. Although major work remained to recover completely from the Ryuk attack, core systems were returned to operations rapidly:


"For the most part, the production manufacturing operation ran fairly normal throughout and we did not miss any customer orders."

During the next couple of weeks important milestones in the recovery project were completed through tight collaboration between Progent engineers and the client:

  • In-house web sites were returned to operation with no loss of information.
  • The MailStore Exchange Server with over four million archived emails was brought online and accessible to users.
  • CRM/Customer Orders/Invoicing/Accounts Payable (AP)/Accounts Receivables/Inventory modules were completely operational.
  • A new Palo Alto Networks 850 firewall was brought on-line.
  • Ninety percent of the user desktops and notebooks were being used by staff.

"A huge amount of what transpired during the initial response is mostly a fog for me, but our team will not forget the countless hours each and every one of you accomplished to give us our company back. I have utilized Progent for the past 10 years, maybe more, and each time I needed help Progent has come through and delivered as promised. This situation was a life saver."

Conclusion
A possible business-ending catastrophe was averted due to top-tier professionals, a broad array of technical expertise, and tight teamwork. Although in retrospect the crypto-ransomware penetration detailed here would have been stopped with modern security technology and best practices, team education, and well thought out security procedures for backup and keeping systems up to date with security patches, the reality is that state-sponsored cybercriminals from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do fall victim to a crypto-ransomware penetration, remember that Progent's roster of experts has proven experience in crypto-ransomware virus blocking, removal, and file restoration.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others that were helping), thank you for letting me get rested after we got through the initial push. All of you did an fabulous job, and if anyone is visiting the Chicago area, a great meal is the least I can do!"

To read or download a PDF version of this customer case study, click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Offered by Progent
Progent can provide businesses in Uniondale a portfolio of remote monitoring and security assessment services designed to help you to reduce your vulnerability to crypto-ransomware. These services utilize modern machine learning capability to uncover zero-day strains of crypto-ransomware that are able to get past traditional signature-based security products.

  • ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
    ProSight Active Security Monitoring is an endpoint protection service that utilizes SentinelOne's cutting edge behavior machine learning technology to guard physical and virtual endpoints against new malware assaults such as ransomware and file-less exploits, which routinely get by traditional signature-matching AV tools. ProSight ASM protects local and cloud-based resources and offers a unified platform to address the complete malware attack lifecycle including blocking, detection, mitigation, remediation, and forensics. Top features include one-click rollback with Windows VSS and automatic network-wide immunization against newly discovered attacks. Progent is a SentinelOne Partner. Read more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense.

  • ProSight Enhanced Security Protection (ESP): Physical and Virtual Endpoint Protection and Exchange Filtering
    ProSight Enhanced Security Protection (ESP) services offer affordable multi-layer protection for physical servers and VMs, workstations, mobile devices, and Microsoft Exchange. ProSight ESP uses contextual security and advanced heuristics for round-the-clock monitoring and responding to security threats from all attack vectors. ProSight ESP delivers firewall protection, intrusion alerts, endpoint control, and web filtering via leading-edge technologies packaged within one agent accessible from a single console. Progent's data protection and virtualization consultants can assist your business to plan and configure a ProSight ESP environment that meets your company's unique requirements and that allows you demonstrate compliance with legal and industry information protection standards. Progent will help you specify and configure policies that ProSight ESP will enforce, and Progent will monitor your network and respond to alarms that call for immediate action. Progent's consultants can also help your company to set up and verify a backup and restore system like ProSight Data Protection Services (DPS) so you can recover rapidly from a destructive security attack like ransomware. Find out more about Progent's ProSight Enhanced Security Protection unified endpoint protection and Microsoft Exchange email filtering.

  • ProSight Data Protection Services (DPS): Backup and Recovery Services
    Progent has worked with leading backup software providers to create ProSight Data Protection Services (DPS), a portfolio of subscription-based management outsourcing plans that provide backup-as-a-service (BaaS). ProSight DPS services manage and track your backup operations and allow non-disruptive backup and rapid recovery of vital files/folders, apps, images, plus Hyper-V and VMware virtual machines. ProSight DPS helps you protect against data loss resulting from hardware failures, natural disasters, fire, malware such as ransomware, user error, malicious insiders, or software glitches. Managed backup services in the ProSight Data Protection Services product line include ProSight DPS Ataro VM Backup, ProSight Ataro Office 365 Total Backup, ProSight DPS ECHO Backup based on Barracuda purpose-built hardware, and ProSight MSP360 Cloud and On-prem Backup. Your Progent consultant can assist you to determine which of these fully managed services are best suited for your network.

  • ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
    ProSight Email Guard is Progent's spam filtering service that incorporates the technology of top information security companies to provide centralized management and comprehensive protection for your email traffic. The powerful architecture of Email Guard managed service integrates cloud-based filtering with a local security gateway appliance to provide complete defense against spam, viruses, Denial of Service (DoS) Attacks, DHAs, and other email-based threats. Email Guard's Cloud Protection Layer acts as a first line of defense and keeps most unwanted email from reaching your network firewall. This reduces your exposure to external attacks and conserves system bandwidth and storage space. Email Guard's on-premises security gateway appliance provides a further level of analysis for inbound email. For outbound email, the onsite gateway offers anti-virus and anti-spam protection, DLP, and email encryption. The on-premises security gateway can also help Microsoft Exchange Server to track and protect internal email that originates and ends within your security perimeter. For more details, see Email Guard spam filtering and data leakage protection.

  • ProSight WAN Watch: Infrastructure Management
    Progents ProSight WAN Watch is an infrastructure management service that makes it easy and inexpensive for small and mid-sized businesses to map out, track, optimize and troubleshoot their networking appliances such as routers, firewalls, and access points plus servers, client computers and other networked devices. Using cutting-edge RMM technology, ProSight WAN Watch makes sure that network maps are always current, copies and displays the configuration information of virtually all devices on your network, tracks performance, and sends notices when issues are discovered. By automating complex management and troubleshooting activities, ProSight WAN Watch can knock hours off ordinary tasks such as network mapping, expanding your network, finding devices that need critical updates, or isolating performance bottlenecks. Learn more details about ProSight WAN Watch network infrastructure management services.

  • ProSight LAN Watch: Server and Desktop Monitoring and Management
    ProSight LAN Watch is Progents server and desktop remote monitoring service that incorporates state-of-the-art remote monitoring and management techniques to help keep your IT system operating efficiently by checking the health of critical computers that power your information system. When ProSight LAN Watch uncovers an issue, an alarm is sent automatically to your designated IT personnel and your assigned Progent engineering consultant so that all looming issues can be resolved before they can impact your network. Learn more details about ProSight LAN Watch server and desktop remote monitoring services.

  • ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
    With ProSight Virtual Hosting service, a small or mid-size organization can have its critical servers and applications hosted in a protected fault tolerant data center on a fast virtual machine host configured and maintained by Progent's network support experts. With the ProSight Virtual Hosting service model, the client owns the data, the OS software, and the apps. Because the environment is virtualized, it can be moved easily to a different hardware solution without requiring a lengthy and technically risky configuration process. With ProSight Virtual Hosting, your business is not tied a single hosting service. Find out more about ProSight Virtual Hosting services.

  • ProSight IT Asset Management: Network Documentation Management
    ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to capture, update, find and protect information about your IT infrastructure, procedures, business apps, and services. You can quickly find passwords or IP addresses and be warned automatically about upcoming expirations of SSLs ,domains or warranties. By updating and managing your network documentation, you can eliminate as much as half of time wasted searching for critical information about your network. ProSight IT Asset Management features a centralized location for holding and sharing all documents related to managing your network infrastructure such as standard operating procedures (SOPs) and How-To's. ProSight IT Asset Management also supports advanced automation for collecting and relating IT data. Whether youre planning improvements, doing regular maintenance, or reacting to an emergency, ProSight IT Asset Management delivers the information you need when you need it. Read more about ProSight IT Asset Management service.

  • Progent Active Protection Against Ransomware: Machine Learning-based Ransomware Detection and Cleanup
    Progent's Active Protection Against Ransomware is an endpoint protection (EPP) managed service that utilizes cutting edge behavior analysis tools to guard endpoints as well as servers and VMs against modern malware assaults like ransomware and file-less exploits, which routinely escape traditional signature-matching anti-virus tools. Progent ASM services protect on-premises and cloud-based resources and offers a single platform to address the entire malware attack lifecycle including filtering, identification, mitigation, remediation, and post-attack forensics. Top features include one-click rollback using Windows Volume Shadow Copy Service (VSS) and real-time network-wide immunization against newly discovered attacks. Learn more about Progent's ransomware protection and recovery services.

  • Outsourced/Co-managed Service Center: Call Center Managed Services
    Progent's Call Center services permit your IT staff to outsource Help Desk services to Progent or split responsibilities for support services seamlessly between your in-house network support group and Progent's extensive pool of certified IT support engineers and subject matter experts (SMEs). Progent's Shared Help Desk Service offers a seamless supplement to your core IT support resources. End user access to the Help Desk, provision of technical assistance, problem escalation, ticket creation and tracking, performance measurement, and maintenance of the service database are consistent whether incidents are taken care of by your in-house IT support staff, by Progent, or both. Find out more about Progent's outsourced/shared Call Center services.

  • Progent's Patch Management: Patch Management Services
    Progent's managed services for software and firmware patch management offer organizations of all sizes a flexible and cost-effective solution for evaluating, testing, scheduling, implementing, and documenting updates to your ever-evolving IT network. Besides maximizing the protection and reliability of your computer environment, Progent's software/firmware update management services permit your IT staff to concentrate on line-of-business projects and tasks that deliver the highest business value from your network. Read more about Progent's software/firmware update management support services.

  • ProSight Duo Two-Factor Authentication: ID Confirmation, Endpoint Policy Enforcement, and Secure Single Sign-on
    Progent's Duo authentication services utilize Cisco's Duo cloud technology to defend against compromised passwords through the use of two-factor authentication (2FA). Duo enables single-tap identity verification on Apple iOS, Android, and other out-of-band devices. With Duo 2FA, when you sign into a protected online account and give your password you are asked to verify your identity on a device that only you possess and that is accessed using a different ("out-of-band") network channel. A wide range of devices can be utilized for this second means of authentication such as a smartphone or wearable, a hardware/software token, a landline telephone, etc. You can register multiple verification devices. To find out more about ProSight Duo identity validation services, refer to Cisco Duo MFA two-factor authentication services for access security.
For 24/7 Uniondale Crypto Repair Experts, reach out to Progent at 800-462-8800 or go to Contact Progent.