24-Hour Chicago Critical Crypto
Virus Assessment and Remediation Consulting
For Essential Information Systems
Case Study: Crypto Infection Removal and Business Continuity of Operations
Ransomware : Your Worst IT Disaster
Crypto-Ransomware has become an escalating cyber pandemic that represents an existential danger for businesses poorly prepared for an assault. Versions of ransomware like the Reveton, Fusob, Bad Rabbit, NotPetya and MongoLock cryptoworms have been out in the wild for many years and still inflict harm. Recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch or Nephilim, along with frequent as yet unnamed newcomers, not only encrypt on-line critical data but also infiltrate all configured system backups. Information replicated to the cloud can also be ransomed. In a vulnerable system, it can make automated recovery useless and effectively sets the datacenter back to square one.
Recovering applications and data following a ransomware outage becomes a sprint against time as the targeted business tries its best to contain the damage and eradicate the ransomware and to resume mission-critical operations. Since ransomware needs time to move laterally, penetrations are often sprung on weekends, when successful attacks are likely to take more time to discover. This multiplies the difficulty of promptly assembling and orchestrating a qualified response team.
Progent has an assortment of support services for protecting organizations from ransomware attacks. Among these are team education to become familiar with and not fall victim to phishing scams, ProSight Active Security Monitoring for remote monitoring and management, in addition to installation of modern security appliances with machine learning technology to automatically discover and disable day-zero cyber threats. Progent also can provide the assistance of expert crypto-ransomware recovery consultants with the track record and commitment to rebuild a breached system as urgently as possible.
Progent's Ransomware Restoration Support Services
Subsequent to a ransomware event, sending the ransom in Bitcoin cryptocurrency does not provide any assurance that distant criminals will respond with the keys to decrypt all your information. Kaspersky Labs determined that 17% of ransomware victims never restored their information after having sent off the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is greatly above the average ransomware demands, which ZDNET determined to be in the range of $13,000. The other path is to piece back together the critical elements of your IT environment. Absent the availability of complete information backups, this requires a wide complement of skills, top notch project management, and the ability to work 24x7 until the job is done.
For twenty years, Progent has offered expert IT services for companies in Chicago and throughout the U.S. and has achieved Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have earned high-level certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have garnered internationally-recognized industry certifications including CISM, CISSP, CRISC, and SANS GIAC. (Refer to Progent's certifications). Progent in addition has experience with financial systems and ERP applications. This breadth of experience provides Progent the capability to rapidly determine critical systems and integrate the surviving pieces of your IT system following a ransomware penetration and assemble them into an operational network.
Progent's recovery team has best of breed project management tools to coordinate the complex recovery process. Progent knows the importance of working quickly and in concert with a client's management and Information Technology staff to prioritize tasks and to put essential systems back on line as fast as possible.
Customer Case Study: A Successful Ransomware Virus Recovery
A customer hired Progent after their network system was taken over by the Ryuk crypto-ransomware. Ryuk is generally considered to have been developed by North Korean state criminal gangs, possibly adopting technology leaked from America’s NSA organization. Ryuk targets specific companies with little tolerance for disruption and is among the most profitable instances of ransomware viruses. Major victims include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturing company based in the Chicago metro area and has about 500 staff members. The Ryuk intrusion had frozen all company operations and manufacturing capabilities. The majority of the client's system backups had been online at the beginning of the intrusion and were eventually encrypted. The client was pursuing financing for paying the ransom demand (more than $200,000) and praying for the best, but ultimately utilized Progent.
Progent worked together with the client to quickly identify and prioritize the critical areas that had to be addressed to make it possible to continue business functions:
- Active Directory
- MRP System
Within two days, Progent was able to recover Active Directory services to its pre-penetration state. Progent then charged ahead with rebuilding and storage recovery of mission critical servers. All Exchange schema and attributes were intact, which accelerated the restore of Exchange. Progent was able to find non-encrypted OST files (Outlook Email Off-Line Folder Files) on staff workstations and laptops in order to recover mail data. A recent off-line backup of the customer’s financials/MRP software made them able to restore these required programs back servicing users. Although a large amount of work needed to be completed to recover fully from the Ryuk event, essential services were restored rapidly:
During the following few weeks critical milestones in the recovery project were made through close cooperation between Progent engineers and the client:
- Self-hosted web applications were restored with no loss of information.
- The MailStore Server exceeding four million historical messages was spun up and available for users.
- CRM/Product Ordering/Invoices/Accounts Payable (AP)/AR/Inventory Control capabilities were completely functional.
- A new Palo Alto 850 firewall was brought on-line.
- 90% of the desktops and laptops were fully operational.
Conclusion
A possible business disaster was dodged with results-oriented experts, a wide spectrum of knowledge, and close collaboration. Although in analyzing the event afterwards the ransomware attack detailed here would have been stopped with current security technology solutions and best practices, team education, and well thought out incident response procedures for data backup and proper patching controls, the fact is that state-sponsored cyber criminals from China, North Korea and elsewhere are tireless and are an ongoing threat. If you do get hit by a ransomware incursion, remember that Progent's roster of experts has substantial experience in ransomware virus defense, mitigation, and data restoration.
To review or download a PDF version of this case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)
Additional Crypto-Ransomware Protection Services Available from Progent
Progent offers businesses in Chicago a variety of online monitoring and security evaluation services designed to assist you to reduce your vulnerability to ransomware. These services include modern artificial intelligence technology to uncover new variants of ransomware that are able to evade traditional signature-based anti-virus products.
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
Progent's ProSight Active Security Monitoring is an endpoint protection (EPP) solution that utilizes cutting edge behavior machine learning tools to defend physical and virtual endpoints against modern malware attacks such as ransomware and file-less exploits, which routinely get by legacy signature-based anti-virus products. ProSight Active Security Monitoring protects on-premises and cloud-based resources and offers a single platform to manage the entire malware attack lifecycle including filtering, identification, containment, cleanup, and forensics. Key capabilities include single-click rollback with Windows Volume Shadow Copy Service and real-time network-wide immunization against new threats. Find out more about Progent'sProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware defense. - ProSight Enhanced Security Protection (ESP): Physical and Virtual Endpoint Security and Exchange Filtering
ProSight Enhanced Security Protection managed services offer ultra-affordable multi-layer protection for physical and virtual servers, workstations, smartphones, and Exchange Server. ProSight ESP utilizes adaptive security and advanced machine learning for round-the-clock monitoring and responding to security assaults from all attack vectors. ProSight ESP provides firewall protection, intrusion alarms, device control, and web filtering via leading-edge technologies incorporated within a single agent managed from a single console. Progent's security and virtualization consultants can assist your business to plan and configure a ProSight ESP environment that meets your company's specific requirements and that helps you achieve and demonstrate compliance with government and industry information security regulations. Progent will help you specify and implement policies that ProSight ESP will enforce, and Progent will monitor your IT environment and react to alarms that require immediate action. Progent can also assist your company to set up and test a backup and disaster recovery solution such as ProSight Data Protection Services so you can get back in business quickly from a potentially disastrous security attack such as ransomware. Find out more about Progent'sProSight Enhanced Security Protection unified endpoint protection and Exchange email filtering. - ProSight Data Protection Services: Managed Backup and Recovery
ProSight Data Protection Services provide small and mid-sized businesses an affordable and fully managed solution for secure backup/disaster recovery. Available at a low monthly cost, ProSight Data Protection Services automates and monitors your backup activities and allows rapid restoration of critical data, apps and virtual machines that have become lost or corrupted due to component breakdowns, software glitches, natural disasters, human mistakes, or malware attacks such as ransomware. ProSight Data Protection Services can help you back up, retrieve and restore files, folders, applications, system images, as well as Microsoft Hyper-V and VMware images/. Critical data can be protected on the cloud, to a local device, or to both. Progent's BDR consultants can provide world-class support to set up ProSight DPS to be compliant with regulatory standards such as HIPAA, FIRPA, and PCI and, whenever necessary, can help you to recover your business-critical information. Find out more about ProSight DPS Managed Backup. - ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
ProSight Email Guard is Progent's spam and virus filtering service that incorporates the technology of top information security companies to deliver centralized management and comprehensive security for all your inbound and outbound email. The hybrid architecture of Email Guard managed service integrates a Cloud Protection Layer with an on-premises security gateway appliance to provide complete protection against spam, viruses, Dos Attacks, Directory Harvest Attacks, and other email-based threats. The cloud filter acts as a first line of defense and keeps the vast majority of unwanted email from reaching your security perimeter. This reduces your exposure to inbound threats and saves system bandwidth and storage space. Email Guard's onsite security gateway appliance provides a deeper level of analysis for inbound email. For outgoing email, the onsite security gateway offers anti-virus and anti-spam protection, DLP, and email encryption. The local security gateway can also assist Exchange Server to monitor and safeguard internal email that stays within your corporate firewall. For more information, visit Email Guard spam and content filtering. - ProSight WAN Watch: Network Infrastructure Management
ProSight WAN Watch is a network infrastructure monitoring and management service that makes it simple and inexpensive for smaller organizations to map out, track, reconfigure and debug their connectivity appliances such as routers, firewalls, and load balancers plus servers, printers, endpoints and other devices. Incorporating state-of-the-art Remote Monitoring and Management technology, WAN Watch ensures that infrastructure topology diagrams are kept current, captures and manages the configuration of virtually all devices on your network, monitors performance, and sends notices when issues are discovered. By automating time-consuming management and troubleshooting processes, WAN Watch can cut hours off common tasks like network mapping, expanding your network, locating devices that need critical software patches, or isolating performance bottlenecks. Learn more about ProSight WAN Watch infrastructure monitoring and management services. - ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progent’s server and desktop monitoring service that uses advanced remote monitoring and management techniques to help keep your network operating at peak levels by checking the state of vital computers that drive your information system. When ProSight LAN Watch uncovers an issue, an alert is transmitted immediately to your specified IT personnel and your Progent engineering consultant so any looming problems can be addressed before they can impact productivity. Learn more about ProSight LAN Watch server and desktop remote monitoring consulting. - ProSight Virtual Hosting: Hosted VMs at Progent's World-class Data Center
With ProSight Virtual Hosting service, a small business can have its key servers and applications hosted in a protected fault tolerant data center on a high-performance virtual machine host configured and managed by Progent's IT support experts. Under Progent's ProSight Virtual Hosting model, the client retains ownership of the data, the OS platforms, and the apps. Since the system is virtualized, it can be moved immediately to an alternate hosting environment without a lengthy and difficult configuration procedure. With ProSight Virtual Hosting, you are not tied one hosting service. Learn more details about ProSight Virtual Hosting services. - ProSight IT Asset Management: Network Documentation Management
ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to create, update, find and protect information related to your IT infrastructure, processes, business apps, and services. You can instantly locate passwords or IP addresses and be alerted about upcoming expirations of SSLs ,domains or warranties. By cleaning up and organizing your IT infrastructure documentation, you can eliminate as much as half of time spent looking for critical information about your network. ProSight IT Asset Management features a centralized location for storing and collaborating on all documents required for managing your network infrastructure such as standard operating procedures and self-service instructions. ProSight IT Asset Management also offers advanced automation for collecting and relating IT data. Whether you’re planning improvements, doing maintenance, or responding to an emergency, ProSight IT Asset Management delivers the knowledge you require as soon as you need it. Learn more about Progent's ProSight IT Asset Management service.
An index of content::
Urgent Exchange 2013 eDiscovery Remote Support Services
24-7 Exchange 2013 Load Balancing Network Consultants
Microsoft Exchange 2013 incorporates major enhancements to the capabilities of Microsoft Exchange Server 2010 and introduces important new features plus a revamped architecture. These enhancements favorably impact key IT areas including ease of administration, high availability (HA), security and compliance, cost of ownership, teamwork, scalability, throughput, cross-version interoperability, and productivity. Progent's certified Exchange 2013 consulting professionals can help you understand the potential advantages of migrating to Exchange Server 2013, create an efficient test and rollout strategy, and train your IT staff to maintain your Microsoft Exchange 2013 environment. Progent also offers ongoing remote support and management services for Exchange 2013.
Apple OS X Tiger Support Services
Apple OSX Tiger Support and Integration
Progent's experts offer Apple macOS and Mac OS X users a range of services such as workstation support, Apple macOS and OS X expertise, Apple Mac integration with Windows networks, Entourage and Exchange Server expertise, network protection services, and one-on-one training. Progent can assist clients to migrate to macOS from OS X or other earlier versions of Apple Mac OS X and Progent can provide expertise with Apple macOS and Mac OS X application software. Progent can also assist your business with iPhone integration and iPad management, or moving to Apple's iCloud services. For business environments built exclusively on macOS or OS X or for networks with a mix of Mac, Linux and Windows powered servers and workstations, Progent's Apple, Cisco, and Microsoft consultants have the background and depth to deal with the difficulty of planning, configuring and maintaining a network infrastructure that is reliable, safe, efficient and able to achieve your organization's objectives.
Microsoft Access reports Services
24x7 Microsoft Office Access Coding
Progent offers affordable remote support for all editions of Microsoft Access including Access desktop and Access Web App and can provide expert support for application development, database migration, performance optimization, report design, and maintenance. Progent also offers custom online classes for Access programming and database administration.
Remote Office Consultant
Branch Location Integration
Years of background providing Microsoft support and Cisco technology consulting has enabled Progent to develop an unmatched capability for supporting branch offices that need network service with the flexibility common to with small firms but which offers professional communications, complete documentation, and compliance with corporate IT protocols. If your corporation has a branch office located anywhere in California or any region covered by Progent's engineers, Progent can provide a wide array of onsite and on-line IT support services and network architecture expertise.
WatchGuard Firebox M270 Firewall Network Security Testing
WatchGuard Firewall Audit
Progent provides consulting expertise for WatchGuard Firewall security gateways including the WatchGuard Firebox and XTM series of Firewalls and the Firebox SSL VPN Gateway. Progent's WatchGuard professionals can help you select, configure, and maintain a WatchGuard Firewall/VPN product that aligns with your security requirements and budget. Progent can help you to manage legacy WatchGuard firewalls or migrate efficiently to current WatchGuard firewall solutions.
Microsoft Windows Technology Support
Microsoft Office Software Consulting
Progent’s IT outsourcing packages offer economical computer consulting for small organizations. Whether it involves planning network architecture, creating an internal Help Desk or outsourcing a one, deploying a new email platform, monitoring your network, or creating an on-line eCommerce solution, outsourcing your IT engineering services can contain costs and minimize uncertainties, allowing IT service expenses to increase in a more moderate and controlled manner than is possible by building up a large, knowledgeable internal network support staff. Progent’s Outsourcing White Paper and datasheets tell you how Progent can enable you to create a protected and highly available system architecture for your critical business software powered by Windows such as Microsoft Office XP, Microsoft Office 2003, and Office 2000.
SharePoint 2019 Hybrid Engineer
SharePoint 2019 On Prem IT Consultant
Progent's certified SharePoint Server 2019 and SharePoint Online consultants can provide economical online and on-premises expertise, software development, and troubleshooting services for businesses of any size who intend to migrate to SharePoint 2019 or SharePoint Online from legacy releases of SharePoint. Progent can assist you design and carry out a cost-effective upgrade to SharePoint 2019 on prem, SharePoint Online, or a hybrid network model that combines local and cloud infrastructure into a seamless information management solution.
CISSP Certified Cybersecurity Services
CISSP Certified Cybersecurity Consultancy
Progent's CISSP-premier cybersecurity consultants can assist organizations of any size with any facet of information system security. Progent can help create cost-effective cybersecurity systems that guard a small business against modern malware attacks or Progent can plan, configure, and manage a comprehensive security strategy for hybrid networks that support onsite, remote, and mobile users sharing IT resources spread across multiple physical datacenters and various clouds.
ISA 2006 Firewall Consultant
ISA Server 2006 On-site Technical Support
Application Publishing with Internet Security and Acceleration Server 2006 provides more protection of intranet resources while supporting increased productivity by making these resources accessible to authorized remote users. ISA Server helps guard corporate applications, services, and information across all network components with stateful packet inspection and powerful publishing tools. Progent's Microsoft-certified ISA Server 2006 experts can show you how to design, deploy, set up, and maintain ISA Server 2006 on your network so your business achieves a smart and affordable balance of security, productivity, and performance.
Barracuda Backup Offsite Vaulting Remote Troubleshooting
Remote Support Services Barracuda Backup Verification
Barracuda Backup is a low-cost, subscription-based backup and disaster recovery platform for small and medium-size organizations. A Barracuda Backup deployment can incorporate a purpose-built hardware appliance built by Barracuda or a software-based appliance with comparable features but which uses your own storage infrastructure. Barracuda Backup protects critical business data generated locally, at one or multiple remote locations, or in the cloud. For disaster preparedness, you can replicate data to the Barracuda Cloud, to Amazon AWS, or to any site with a Barracuda appliance. Progent is a certified Barracuda partner and Progent's Barracuda Backup consulting experts offer a broad array of consulting services to help your business to plan, configure, manage and troubleshoot a BDR solution built on Barracuda technology.
MCSE Expert Certified Remote Support Dynamics GP/Great Plains
Dynamics GP Great Plains Accounting Consultant Services
Dynamics GP can help you grow and control your company better by offering deep availability of strategic information and a fast ROI. Microsoft Dynamics GP/Great Plains offers major productivity benefits including its ability to expand the presence of your company, handle your financials, automate financial processes, standardize procedures throughout your business, refine inventory control, enhance order accuracy, expand revenue and minimize turnaround time, and maximize free cash flow. Progent can show you how to configure and maintain a reliable, safe server and communications infrastructure to support Great Plains, and can provide experienced Microsoft Dynamics GP support professionals to make sure you derive the full benefits of your Dynamics GP/Great Plains software.
Select Topic: