Crypto-Ransomware : Your Feared IT Catastrophe
Crypto-Ransomware  Recovery ProfessionalsRansomware has become an escalating cyberplague that poses an enterprise-level danger for organizations unprepared for an assault. Versions of crypto-ransomware like the CrySIS, Fusob, Locky, Syskey and MongoLock cryptoworms have been replicating for years and still inflict damage. Modern versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Conti or Nephilim, plus additional unnamed malware, not only encrypt online data files but also infect all available system backups. Information synchronized to off-site disaster recovery sites can also be encrypted. In a poorly architected data protection solution, this can make automatic restore operations impossible and basically knocks the datacenter back to zero.

Recovering services and data after a ransomware outage becomes a sprint against time as the victim fights to contain the damage, eradicate the virus, and restore business-critical activity. Since ransomware requires time to spread, penetrations are usually sprung during weekends and nights, when successful penetrations typically take longer to detect. This multiplies the difficulty of quickly assembling and organizing a qualified response team.

Progent provides a range of services for protecting organizations from ransomware events. These include team member education to help identify and avoid phishing scams, ProSight Active Security Monitoring for remote monitoring and management, plus installation of next-generation security solutions with AI capabilities from SentinelOne to discover and extinguish new cyber threats quickly. Progent also offers the assistance of expert ransomware recovery consultants with the skills and commitment to rebuild a breached environment as urgently as possible.

Progent's Ransomware Recovery Services
After a ransomware penetration, sending the ransom demands in cryptocurrency does not guarantee that cyber criminals will respond with the codes to decrypt any of your information. Kaspersky Labs estimated that 17% of crypto-ransomware victims never restored their data after having sent off the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms are commonly a few hundred thousand dollars. For larger enterprises, the ransom can be in the millions of dollars. The other path is to piece back together the essential components of your Information Technology environment. Absent access to essential system backups, this requires a broad range of skills, well-coordinated project management, and the capability to work non-stop until the recovery project is over.

For decades, Progent has offered expert Information Technology services for businesses across the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have been awarded top certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity engineers have earned internationally-renowned industry certifications including CISM, CISSP, CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has expertise with financial management and ERP application software. This breadth of experience gives Progent the capability to knowledgably understand important systems and organize the surviving components of your network environment after a crypto-ransomware attack and configure them into an operational network.

Progent's ransomware team of experts deploys top notch project management tools to coordinate the complicated recovery process. Progent appreciates the urgency of working swiftly and together with a client's management and IT team members to prioritize tasks and to get critical services back on line as soon as humanly possible.

Client Story: A Successful Crypto-Ransomware Incident Response
A small business escalated to Progent after their network was crashed by the Ryuk crypto-ransomware. Ryuk is believed to have been deployed by Northern Korean state sponsored hackers, suspected of adopting approaches leaked from the U.S. National Security Agency. Ryuk seeks specific businesses with little or no room for operational disruption and is one of the most profitable incarnations of ransomware. High publicized organizations include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a small manufacturing business headquartered in the Chicago metro area with around 500 workers. The Ryuk event had disabled all essential operations and manufacturing capabilities. Most of the client's backups had been on-line at the start of the attack and were eventually encrypted. The client considered paying the ransom (more than $200,000) and praying for the best, but ultimately called Progent.


"I can't thank you enough in regards to the expertise Progent gave us during the most fearful time of (our) businesses life. We would have paid the cyber criminals behind the attack if not for the confidence the Progent team provided us. That you could get our e-mail and key applications back sooner than seven days was amazing. Each expert I talked with or e-mailed at Progent was hell bent on getting us working again and was working day and night on our behalf."

Progent worked together with the customer to quickly determine and assign priority to the critical areas that needed to be restored to make it possible to resume company operations:

  • Active Directory (AD)
  • Microsoft Exchange Email
  • Accounting and Manufacturing Software
To start, Progent adhered to AV/Malware Processes event mitigation industry best practices by halting lateral movement and disinfecting systems. Progent then started the task of restoring Microsoft AD, the key technology of enterprise systems built upon Microsoft technology. Microsoft Exchange messaging will not work without Active Directory, and the client's MRP software used SQL Server, which needs Windows AD for security authorization to the databases.

Within 48 hours, Progent was able to re-build Active Directory services to its pre-attack state. Progent then helped perform reinstallations and storage recovery on needed servers. All Microsoft Exchange Server schema and attributes were usable, which facilitated the restore of Exchange. Progent was able to assemble intact OST data files (Outlook Offline Data Files) on user PCs to recover email messages. A not too old offline backup of the client's financials/MRP software made it possible to return these vital applications back online for users. Although a large amount of work was left to recover completely from the Ryuk virus, core services were returned to operations rapidly:


"For the most part, the assembly line operation never missed a beat and we did not miss any customer orders."

Over the following month important milestones in the recovery process were achieved through close collaboration between Progent consultants and the client:

  • Internal web applications were brought back up without losing any information.
  • The MailStore Server containing more than 4 million archived emails was brought online and accessible to users.
  • CRM/Product Ordering/Invoicing/Accounts Payable/AR/Inventory modules were fully recovered.
  • A new Palo Alto Networks 850 firewall was installed.
  • Most of the user workstations were fully operational.

"A huge amount of what went on those first few days is mostly a haze for me, but my management will not soon forget the countless hours all of you put in to help get our company back. I have been working together with Progent for the past ten years, maybe more, and every time I needed help Progent has impressed me and delivered. This situation was a Herculean accomplishment."

Conclusion
A probable business-killing catastrophe was dodged due to hard-working professionals, a broad array of knowledge, and close teamwork. Although upon completion of forensics the crypto-ransomware incident detailed here would have been identified and disabled with advanced cyber security solutions and recognized best practices, staff education, and well thought out security procedures for backup and applying software patches, the fact is that state-sponsored hackers from Russia, China and elsewhere are relentless and will continue. If you do fall victim to a ransomware incursion, feel confident that Progent's roster of professionals has a proven track record in crypto-ransomware virus defense, removal, and data disaster recovery.


"So, to Darrin, Matt, Aaron, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others who were helping), thanks very much for making it so I could get rested after we made it past the initial push. Everyone did an amazing job, and if anyone is visiting the Chicago area, dinner is the least I can do!"

To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Crypto-Ransomware Protection Services Available from Progent
Progent can provide businesses in Baton Rouge a range of remote monitoring and security evaluation services to assist you to reduce the threat from ransomware. These services utilize next-generation machine learning technology to detect zero-day variants of crypto-ransomware that are able to escape detection by traditional signature-based security solutions.

  • ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection solution that utilizes SentinelOne's next generation behavior machine learning tools to guard physical and virtual endpoint devices against modern malware attacks like ransomware and file-less exploits, which routinely get by traditional signature-based anti-virus tools. ProSight Active Security Monitoring safeguards local and cloud resources and provides a unified platform to address the entire malware attack lifecycle including filtering, detection, containment, remediation, and forensics. Key features include one-click rollback with Windows Volume Shadow Copy Service and automatic system-wide immunization against newly discovered attacks. Progent is a SentinelOne Partner, dealer, and integrator. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense.

  • ProSight Enhanced Security Protection: Endpoint Protection and Microsoft Exchange Email Filtering
    ProSight Enhanced Security Protection services deliver economical multi-layer protection for physical and virtual servers, desktops, smartphones, and Exchange Server. ProSight ESP utilizes adaptive security and modern behavior analysis for round-the-clock monitoring and responding to security assaults from all attack vectors. ProSight ESP delivers firewall protection, penetration alarms, endpoint control, and web filtering via cutting-edge tools packaged within one agent accessible from a single control. Progent's security and virtualization consultants can assist your business to design and implement a ProSight ESP environment that addresses your company's specific needs and that helps you achieve and demonstrate compliance with government and industry data protection standards. Progent will help you define and configure security policies that ProSight ESP will manage, and Progent will monitor your IT environment and react to alerts that require immediate attention. Progent can also assist you to install and test a backup and disaster recovery solution such as ProSight Data Protection Services so you can get back in business quickly from a potentially disastrous security attack like ransomware. Read more about Progent's ProSight Enhanced Security Protection unified endpoint protection and Microsoft Exchange email filtering.

  • ProSight Data Protection Services: Managed Backup and Recovery Services
    Progent has worked with leading backup technology companies to create ProSight Data Protection Services (DPS), a selection of subscription-based offerings that provide backup-as-a-service (BaaS). ProSight DPS products manage and monitor your backup operations and enable transparent backup and fast restoration of important files, applications, images, and Hyper-V and VMware virtual machines. ProSight DPS helps you recover from data loss caused by hardware breakdown, natural calamities, fire, cyber attacks such as ransomware, user mistakes, ill-intentioned insiders, or application bugs. Managed backup services in the ProSight Data Protection Services product family include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup using Barracuda dedicated storage, and ProSight MSP360 Cloud and On-prem Backup. Your Progent service representative can help you to identify which of these managed services are most appropriate for your IT environment.

  • ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
    ProSight Email Guard is Progent's spam filtering and email encryption service that uses the technology of leading data security vendors to provide centralized management and comprehensive protection for all your email traffic. The hybrid architecture of Email Guard managed service integrates a Cloud Protection Layer with a local security gateway device to offer complete defense against spam, viruses, Denial of Service Attacks, DHAs, and other email-borne malware. Email Guard's Cloud Protection Layer serves as a preliminary barricade and blocks the vast majority of unwanted email from making it to your network firewall. This reduces your vulnerability to external attacks and saves network bandwidth and storage space. Email Guard's onsite security gateway appliance adds a deeper level of inspection for incoming email. For outgoing email, the on-premises security gateway provides AV and anti-spam filtering, DLP, and email encryption. The on-premises security gateway can also assist Exchange Server to track and safeguard internal email traffic that stays inside your security perimeter. For more details, see Email Guard spam filtering and data leakage protection.

  • ProSight WAN Watch: Infrastructure Management
    ProSight WAN Watch is an infrastructure management service that makes it easy and affordable for smaller businesses to map, track, reconfigure and debug their connectivity hardware such as routers, firewalls, and load balancers plus servers, client computers and other networked devices. Incorporating state-of-the-art Remote Monitoring and Management (RMM) technology, ProSight WAN Watch makes sure that infrastructure topology diagrams are kept updated, captures and displays the configuration information of virtually all devices connected to your network, tracks performance, and sends alerts when issues are detected. By automating complex network management activities, ProSight WAN Watch can knock hours off common chores like network mapping, expanding your network, finding devices that require important updates, or identifying the cause of performance problems. Find out more about ProSight WAN Watch infrastructure management services.

  • ProSight LAN Watch: Server and Desktop Remote Monitoring
    ProSight LAN Watch is Progent's server and desktop remote monitoring managed service that incorporates advanced remote monitoring and management technology to help keep your IT system running efficiently by checking the state of critical assets that power your business network. When ProSight LAN Watch uncovers an issue, an alarm is sent immediately to your designated IT personnel and your Progent engineering consultant so all potential problems can be addressed before they can impact your network. Find out more about ProSight LAN Watch server and desktop monitoring consulting.

  • ProSight Virtual Hosting: Hosted VMs at Progent's World-class Data Center
    With Progent's ProSight Virtual Hosting service, a small or mid-size business can have its key servers and apps hosted in a protected fault tolerant data center on a fast virtual machine host set up and managed by Progent's network support professionals. With Progent's ProSight Virtual Hosting service model, the client owns the data, the operating system platforms, and the applications. Since the system is virtualized, it can be ported easily to a different hosting solution without a time-consuming and technically risky configuration process. With ProSight Virtual Hosting, you are not tied a single hosting service. Find out more details about ProSight Virtual Hosting services.

  • ProSight IT Asset Management: Network Documentation Management
    Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to create, update, retrieve and safeguard information related to your IT infrastructure, procedures, business apps, and services. You can instantly locate passwords or serial numbers and be warned about upcoming expirations of SSLs or domains. By cleaning up and managing your IT infrastructure documentation, you can eliminate up to 50% of time thrown away searching for critical information about your network. ProSight IT Asset Management features a centralized location for holding and collaborating on all documents required for managing your business network such as standard operating procedures (SOPs) and self-service instructions. ProSight IT Asset Management also offers a high level of automation for gathering and relating IT information. Whether you're making enhancements, performing regular maintenance, or responding to a crisis, ProSight IT Asset Management gets you the information you need when you need it. Find out more about ProSight IT Asset Management service.

  • Active Protection Against Ransomware: AI-based Ransomware Identification and Cleanup
    Progent's Active Protection Against Ransomware is an endpoint protection (EPP) service that incorporates next generation behavior-based machine learning tools to defend endpoints and physical and virtual servers against new malware assaults like ransomware and file-less exploits, which easily get by legacy signature-matching anti-virus products. Progent ASM services protect on-premises and cloud resources and offers a single platform to manage the entire threat lifecycle including protection, infiltration detection, mitigation, cleanup, and post-attack forensics. Key capabilities include single-click rollback using Windows VSS and automatic system-wide immunization against newly discovered attacks. Read more about Progent's ransomware defense and cleanup services.

  • Outsourced/Co-managed Service Center: Help Desk Managed Services
    Progent's Help Center managed services enable your IT team to offload Help Desk services to Progent or divide responsibilities for Service Desk support seamlessly between your in-house network support staff and Progent's extensive roster of IT service technicians, engineers and subject matter experts. Progent's Co-managed Help Desk Service offers a transparent extension of your in-house support staff. Client access to the Help Desk, delivery of technical assistance, problem escalation, trouble ticket generation and tracking, performance measurement, and management of the service database are consistent whether issues are taken care of by your internal network support resources, by Progent's team, or by a combination. Find out more about Progent's outsourced/shared Help Center services.

  • Patch Management: Patch Management Services
    Progent's support services for patch management offer organizations of all sizes a versatile and cost-effective alternative for assessing, validating, scheduling, implementing, and documenting software and firmware updates to your ever-evolving information system. Besides maximizing the protection and functionality of your computer environment, Progent's software/firmware update management services permit your in-house IT team to concentrate on more strategic projects and activities that derive the highest business value from your network. Find out more about Progent's software/firmware update management support services.

  • ProSight Duo Multi-Factor Authentication: Identity Validation, Endpoint Policy Enforcement, and Protected Single Sign-on
    Progent's Duo authentication service plans incorporate Cisco's Duo technology to protect against compromised passwords by using two-factor authentication (2FA). Duo supports single-tap identity verification on Apple iOS, Android, and other personal devices. Using 2FA, when you sign into a protected online account and enter your password you are asked to confirm who you are on a unit that only you possess and that is accessed using a different network channel. A wide range of devices can be used for this added means of ID validation such as a smartphone or watch, a hardware/software token, a landline telephone, etc. You may designate several verification devices. For more information about ProSight Duo identity validation services, visit Cisco Duo MFA two-factor authentication services for access security.

  • ProSight Reporting: Real-time Reporting for Ticketing and Network Monitoring Platforms
    ProSight Reporting is an expanding line of real-time and in-depth management reporting utilities created to integrate with the leading ticketing and network monitoring platforms including ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting incorporates Microsoft Graph and utilizes color coding to surface and contextualize key issues like inconsistent support follow-up or machines with out-of-date AVs. By identifying ticketing or network health concerns clearly and in near-real time, ProSight Reporting enhances network value, reduces management hassle, and saves money. For details, see ProSight Reporting for ticketing and network monitoring applications.
For 24x7 Baton Rouge Crypto-Ransomware Repair Help, reach out to Progent at 800-462-8800 or go to Contact Progent.