Sherman Oaks 24x7x365 Critical Crypto
Computer Virus Detection and Recovery Consultants

Ransomware : Your Worst IT Nightmare
Ransomware has become a too-frequent cyberplague that poses an existential danger for businesses of all sizes poorly prepared for an assault. Different versions of crypto-ransomware such as Reveton, CryptoWall, Locky, SamSam and MongoLock cryptoworms have been around for a long time and still cause destruction. Recent variants of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti or Nephilim, plus additional unnamed malware, not only encrypt on-line critical data but also infiltrate all configured system protection. Files synchronized to off-site disaster recovery sites can also be corrupted. In a poorly architected environment, it can make automated restoration impossible and effectively knocks the datacenter back to square one.

Retrieving services and data after a ransomware event becomes a sprint against the clock as the victim fights to stop the spread, cleanup the ransomware, and restore mission-critical operations. Since crypto-ransomware takes time to move laterally, penetrations are frequently sprung at night, when successful attacks typically take longer to notice. This multiplies the difficulty of quickly mobilizing and coordinating a capable response team.

Progent has a variety of support services for securing organizations from crypto-ransomware events. Among these are team member training to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring for remote monitoring and management, in addition to deployment of modern security solutions with AI capabilities from SentinelOne to identify and disable new threats automatically. Progent in addition offers the services of expert crypto-ransomware recovery consultants with the track record and perseverance to restore a compromised environment as soon as possible.

Progent's Ransomware Recovery Help
Following a crypto-ransomware event, even paying the ransom demands in cryptocurrency does not ensure that merciless criminals will provide the codes to decipher all your information. Kaspersky Labs ascertained that 17% of ransomware victims never recovered their data even after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms are often several hundred thousand dollars. For larger enterprises, the ransom can reach millions of dollars. The other path is to piece back together the critical parts of your Information Technology environment. Without access to essential system backups, this calls for a broad complement of skills, well-coordinated project management, and the willingness to work 24x7 until the task is complete.

For twenty years, Progent has offered certified expert IT services for businesses across the US and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have attained advanced certifications in key technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity experts have garnered internationally-recognized industry certifications including CISM, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has expertise in financial systems and ERP software solutions. This breadth of experience affords Progent the capability to efficiently understand critical systems and consolidate the surviving parts of your Information Technology system following a crypto-ransomware event and configure them into a functioning network.

Progent's ransomware team of experts has best of breed project management systems to orchestrate the complex restoration process. Progent understands the importance of acting swiftly and in unison with a client's management and IT resources to prioritize tasks and to get the most important applications back online as soon as possible.

Client Case Study: A Successful Ransomware Penetration Response
A small business escalated to Progent after their organization was crashed by the Ryuk ransomware. Ryuk is believed to have been deployed by Northern Korean state hackers, possibly adopting techniques exposed from America's NSA organization. Ryuk seeks specific organizations with limited ability to sustain disruption and is among the most lucrative iterations of ransomware. Well Known targets include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's customer is a small manufacturing business located in Chicago with about 500 staff members. The Ryuk event had paralyzed all company operations and manufacturing processes. The majority of the client's system backups had been on-line at the time of the attack and were eventually encrypted. The client was pursuing financing for paying the ransom demand (in excess of $200,000) and praying for good luck, but ultimately called Progent.

Progent worked with the client to quickly determine and prioritize the essential elements that had to be addressed to make it possible to resume company functions:

• Active Directory (AD)
• E-Mail
• Accounting/MRP

Within 48 hours, Progent was able to recover Active Directory services to its pre-penetration state. Progent then completed reinstallations and hard drive recovery of needed servers. All Microsoft Exchange Server schema and attributes were usable, which greatly helped the rebuild of Exchange. Progent was able to assemble local OST files (Outlook Email Off-Line Folder Files) on user PCs and laptops to recover mail information. A not too old off-line backup of the businesses accounting software made it possible to recover these essential programs back servicing users. Although a lot of work remained to recover completely from the Ryuk damage, critical services were returned to operations quickly:

During the next few weeks critical milestones in the recovery process were achieved in close collaboration between Progent consultants and the customer:

• Internal web applications were restored with no loss of information.
• The MailStore Microsoft Exchange Server with over 4 million historical messages was spun up and accessible to users.
• CRM/Orders/Invoices/Accounts Payable (AP)/Accounts Receivables/Inventory Control modules were fully functional.
• A new Palo Alto Networks 850 security appliance was installed and configured.
• 90% of the desktops and laptops were back into operation.

Conclusion
A likely company-ending disaster was avoided with results-oriented experts, a wide spectrum of technical expertise, and close collaboration. Although upon completion of forensics the ransomware virus penetration described here could have been identified and disabled with current security technology and security best practices, staff education, and well designed incident response procedures for information protection and proper patching controls, the fact is that state-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware virus, feel confident that Progent's roster of experts has a proven track record in crypto-ransomware virus defense, remediation, and data restoration.

To read or download a PDF version of this case study, click:
Progent's Crypto-Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Available from Progent
Progent can provide businesses in Sherman Oaks a range of online monitoring and security assessment services designed to assist you to minimize the threat from crypto-ransomware. These services incorporate next-generation artificial intelligence technology to uncover zero-day strains of ransomware that are able to evade legacy signature-based anti-virus solutions.

• ProSight LAN Watch: Server and Desktop Monitoring
  ProSight LAN Watch is Progent's server and desktop monitoring service that incorporates state-of-the-art remote monitoring and management techniques to keep your network running at peak levels by tracking the health of critical computers that power your business network. When ProSight LAN Watch detects an issue, an alert is sent automatically to your specified IT management staff and your assigned Progent consultant so all potential problems can be addressed before they can impact productivity. Learn more details about ProSight LAN Watch server and desktop remote monitoring consulting.

• ProSight WAN Watch: Network Infrastructure Management
  ProSight WAN Watch is a network infrastructure management service that makes it simple and affordable for small and mid-sized organizations to diagram, track, reconfigure and debug their connectivity hardware such as routers, firewalls, and wireless controllers plus servers, endpoints and other devices. Using cutting-edge Remote Monitoring and Management technology, ProSight WAN Watch makes sure that infrastructure topology maps are kept current, captures and manages the configuration information of almost all devices connected to your network, monitors performance, and generates notices when potential issues are discovered. By automating tedious management activities, WAN Watch can cut hours off ordinary chores such as making network diagrams, expanding your network, finding devices that require important updates, or identifying the cause of performance problems. Learn more details about ProSight WAN Watch network infrastructure management services.

• ProSight Reporting: Real-time Reporting for Ticketing and Network Monitoring Platforms
  ProSight Reporting is an expanding suite of real-time reporting utilities designed to integrate with the industry's top ticketing and network monitoring platforms including ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting incorporates Microsoft Graph and utilizes color coding to surface and contextualize key issues like inconsistent support follow-through or machines with missing patches. By identifying ticketing or network health problems concisely and in near-real time, ProSight Reporting enhances productivity, lowers management hassle, and saves money. For details, see ProSight Reporting for ticketing and network monitoring platforms.

• ProSight Data Protection Services: Backup and Disaster Recovery Services
  Progent has partnered with leading backup/restore technology providers to create ProSight Data Protection Services (DPS), a portfolio of subscription-based offerings that deliver backup-as-a-service (BaaS). ProSight DPS services manage and track your data backup processes and enable non-disruptive backup and rapid recovery of important files, applications, system images, and VMs. ProSight DPS helps your business protect against data loss resulting from equipment failures, natural disasters, fire, cyber attacks like ransomware, human error, malicious employees, or software glitches. Managed backup services available in the ProSight Data Protection Services product line include ProSight Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight DPS ECHO Backup using Barracuda purpose-built storage, and ProSight DPS MSP360 Cloud and On-prem Backup. Your Progent service representative can help you to identify which of these managed backup services are most appropriate for your IT environment.

• ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
  ProSight Email Guard is Progent's spam filtering service that incorporates the infrastructure of leading data security companies to provide web-based control and world-class security for all your email traffic. The powerful structure of Email Guard integrates cloud-based filtering with an on-premises gateway device to provide complete protection against spam, viruses, Dos Attacks, Directory Harvest Attacks, and other email-borne threats. The Cloud Protection Layer acts as a first line of defense and blocks most threats from reaching your security perimeter. This decreases your vulnerability to external attacks and conserves network bandwidth and storage. Email Guard's on-premises gateway appliance adds a deeper level of analysis for incoming email. For outgoing email, the local security gateway provides anti-virus and anti-spam filtering, policy-based Data Loss Prevention, and email encryption. The local security gateway can also assist Exchange Server to monitor and safeguard internal email that stays inside your security perimeter. For more details, see Email Guard spam filtering and data leakage protection.

• ProSight Duo Two-Factor Authentication: Access Security, Endpoint Policy Enforcement, and Protected Single Sign-on
  Progent's Duo MFA service plans incorporate Cisco's Duo technology to protect against compromised passwords by using two-factor authentication (2FA). Duo enables one-tap identity confirmation on iOS, Google Android, and other personal devices. With Duo 2FA, when you log into a secured online account and give your password you are asked to confirm who you are via a device that only you have and that is accessed using a different network channel. A broad range of out-of-band devices can be utilized as this added form of authentication including an iPhone or Android or watch, a hardware token, a landline phone, etc. You can register several verification devices. To find out more about Duo identity authentication services, see Cisco Duo MFA two-factor authentication (2FA) services for access security.

• Progent's Outsourced/Shared Call Center: Call Center Managed Services
  Progent's Support Center managed services enable your IT team to outsource Support Desk services to Progent or split activity for Help Desk services transparently between your internal support group and Progent's extensive pool of IT support technicians, engineers and subject matter experts. Progent's Co-managed Help Desk Service offers a seamless supplement to your corporate IT support team. End user interaction with the Service Desk, delivery of support services, issue escalation, trouble ticket creation and updates, efficiency metrics, and maintenance of the support database are cohesive whether incidents are taken care of by your corporate IT support resources, by Progent's team, or both. Learn more about Progent's outsourced/co-managed Help Desk services.

• Progent Active Protection Against Ransomware: AI-based Ransomware Identification and Remediation
  Progent's Active Defense Against Ransomware is an endpoint protection (EPP) service that incorporates next generation behavior-based machine learning tools to defend endpoints as well as servers and VMs against modern malware assaults like ransomware and file-less exploits, which routinely escape traditional signature-matching anti-virus products. Progent ASM services protect local and cloud-based resources and offers a unified platform to manage the complete malware attack lifecycle including blocking, infiltration detection, containment, remediation, and forensics. Top features include single-click rollback with Windows Volume Shadow Copy Service (VSS) and real-time system-wide immunization against new threats. Read more about Progent's ransomware defense and cleanup services.

• ProSight IT Asset Management: Network Documentation Management
  Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that makes it easy to create, maintain, find and protect information related to your network infrastructure, procedures, business apps, and services. You can instantly locate passwords or IP addresses and be alerted about upcoming expirations of SSLs or domains. By updating and managing your network documentation, you can save up to 50% of time wasted searching for vital information about your IT network. ProSight IT Asset Management includes a centralized repository for holding and sharing all documents related to managing your business network like standard operating procedures and How-To's. ProSight IT Asset Management also offers a high level of automation for collecting and associating IT data. Whether you're making enhancements, doing regular maintenance, or reacting to a crisis, ProSight IT Asset Management gets you the data you require the instant you need it. Read more about Progent's ProSight IT Asset Management service.

• Patch Management: Software/Firmware Update Management Services
  Progent's managed services for software and firmware patch management provide businesses of all sizes a versatile and cost-effective alternative for assessing, validating, scheduling, applying, and tracking software and firmware updates to your ever-evolving IT system. Besides optimizing the protection and reliability of your IT network, Progent's software/firmware update management services permit your in-house IT staff to concentrate on more strategic initiatives and activities that derive maximum business value from your information network. Find out more about Progent's software/firmware update management services.

• ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
  With ProSight Virtual Hosting service, a small business can have its key servers and applications hosted in a protected fault tolerant data center on a high-performance virtual machine host set up and maintained by Progent's network support experts. With Progent's ProSight Virtual Hosting model, the client owns the data, the OS software, and the apps. Because the environment is virtualized, it can be moved easily to an alternate hardware environment without a lengthy and difficult reinstallation procedure. With ProSight Virtual Hosting, your business is not locked into a single hosting service. Find out more details about ProSight Virtual Hosting services.

• ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
  ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) service that incorporates SentinelOne's next generation behavior-based analysis technology to guard physical and virtual endpoint devices against new malware assaults such as ransomware and email phishing, which routinely escape traditional signature-matching anti-virus products. ProSight ASM protects local and cloud resources and provides a single platform to address the complete threat progression including filtering, detection, mitigation, cleanup, and post-attack forensics. Key features include one-click rollback with Windows VSS and real-time system-wide immunization against new threats. Progent is a SentinelOne Partner, reseller, and integrator. Learn more about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware recovery.

• ProSight Enhanced Security Protection: Physical and Virtual Endpoint Security and Exchange Filtering
  Progent's ProSight Enhanced Security Protection (ESP) managed services offer ultra-affordable in-depth security for physical servers and VMs, workstations, mobile devices, and Microsoft Exchange. ProSight ESP uses contextual security and modern behavior analysis for continuously monitoring and reacting to cyber assaults from all vectors. ProSight ESP provides two-way firewall protection, penetration alerts, device control, and web filtering through leading-edge technologies incorporated within one agent managed from a unified control. Progent's security and virtualization consultants can assist you to plan and implement a ProSight ESP deployment that addresses your company's unique needs and that allows you achieve and demonstrate compliance with government and industry data protection regulations. Progent will help you define and configure policies that ProSight ESP will manage, and Progent will monitor your IT environment and respond to alarms that require urgent action. Progent's consultants can also assist you to install and verify a backup and restore system like ProSight Data Protection Services so you can recover quickly from a destructive security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection unified physical and virtual endpoint security and Microsoft Exchange email filtering.