Ransomware: Your Worst IT Nightmare
Ransomware Recovery ConsultantsRansomware has become a modern cyberplague that poses an extinction-level threat for businesses unprepared for an attack. Versions of ransomware like the Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been around for years and continue to do damage. More recent strains of ransomware like Ryuk and Hermes, plus daily unnamed newcomers, not only encrypt online data but also infiltrate any accessible system restores and backups. Data synched to the cloud can also be corrupted. In a vulnerable environment, this can make automated recovery impossible and effectively knocks the datacenter back to square one.

Restoring services and data after a ransomware attack becomes a race against the clock as the victim struggles to contain and remove the virus and to restore business-critical operations. Because ransomware takes time to spread, assaults are often launched during weekends, when attacks may take longer to detect. This compounds the difficulty of promptly mobilizing and coordinating a qualified response team.

Progent offers a variety of services for protecting organizations from ransomware attacks. These include user training to recognize and avoid phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of modern security gateways with AI technology to identify and suppress zero-day threats. Progent also offers the services of experienced ransomware recovery consultants with the skills and commitment to rebuild a compromised network as quickly as possible.

Progent's Ransomware Recovery Services
After a ransomware attack, paying the ransom in Bitcoin cryptocurrency does not guarantee that cyber criminals will provide the keys to decrypt all your data. Kaspersky estimated that 17% of ransomware victims never recovered their files after having paid the ransom. The gamble is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is well above the average ransomware demand, which ZDNET estimates to be around $13,000. The alternative is to piece back together the vital components of your IT environment. Without the availability of full backups, this requires a broad range of expertise, well-coordinated project management, and the willingness to work 24x7 until the job is done.

Progent has provided professional IT services throughout the United States for two decades and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SBEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized certifications including CISA, CISM, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them into a functioning system.

Progent's recovery team uses state-of-the-art project management tools to coordinate the complex recovery process and understands the importance of working quickly and in unison with a client's management and IT staff to prioritize tasks and to get essential services back on line as fast as possible.

Case Study: A Successful Ransomware Recovery
A client engaged Progent after their organization was attacked by Ryuk ransomware. Ryuk is believed to have been launched by North Korean state hackers, possibly using technology leaked from the U.S. National Security Agency. Ryuk targets specific companies with little tolerance for disruption and is one of the most profitable versions of ransomware. Headline victims include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a manufacturer based in Chicago and has about 500 employees. The Ryuk attack had shut down all business operations and manufacturing processes. The majority of the client's backups had been online at the time of the attack and were encrypted. The client considered paying the ransom (in excess of $200,000) and hoping for the best, but in the end called Progent.


"I cannot say enough about the support Progent gave us during the most critical time of (our) business life. We may have had to pay the Hacker if not for the confidence the Progent Team gave us. That you could get our e-mail and Servers back in less than 1 week was something incredible. Every single person I spoke to or e-mailed at Progent was hell bent on getting us operational and was working 24/7 on our behalf."

Progent worked with the client to identify and prioritize the key areas that needed to be addressed in order to restart business operations:

  • Active Directory
  • Email
  • Accounting/ERP
To start, Progent followed AV/Malware Processes best practices by isolating and cleaning up infected systems. Progent then began the task of recovering Active Directory, the heart of enterprise networks built on Microsoft technology. Exchange email will not operate without Active Directory, and the client's accounting and ERP software used Microsoft SQL, which depends on Active Directory for access to the database.

Within two days, Progent was able to restore Active Directory to its pre-attack state. Progent then helped perform reinstallations and hard drive recovery on critical systems. All Exchange ties and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to locate intact OST files (Outlook Offline Folder Files) on various workstations to recover email data. A recent offline backup of the client's accounting/ERP software made it possible to return these vital applications back online. Although significant work remained to recover fully from the Ryuk attack, core services were restored quickly:


"For the most part, the manufacturing operation never missed a beat and we did not miss any customer shipments."

Over the next few weeks important milestones in the recovery process were achieved through close cooperation between Progent and the client:

  • Internal web sites were brought back up with no loss of data.
  • The MailStore Server with over 4 million archived emails was spun up and working.
  • Orders/Invoices/AP/AR/BOM and inventory were 100% restored.
  • A new Palo Alto 850 Firewall was installed.
  • 90% of user workstations were operational.

"A lot of what happened that first week is mostly a blur for me, but we will not forget the countless hours each and everyone of you put in to give us our business back. I have been working with Progent for at least 10 years maybe more and every time, Progent has come through and delivered. This time was no exception but maybe more Herculean."

Conclusion
A potential business disaster was averted by hard work, a broad range of technical expertise, and close teamwork. Although in hindsight the ransomware attack described here could have been prevented with modern security technology, user training, and appropriate procedures for backup and applying software patches, the fact remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to ransomware, remember that Progent's team has proven experience in ransomware virus removal and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were involved), thank you for allowing me to get some sleep after we got past the first week. All of you did an incredible job and if anyone is visiting the Chicago area, dinner is on me!"

To read or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Offered by Progent
Progent offers a range of remote monitoring and security assessment services to help you minimize the threat from ransomware. These services include next-generation machine learning technology to detect new variants of ransomware that can escape detection by traditional signature-based anti-virus solutions.

  • ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Recovery
    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates cutting edge behavior machine learning tools to defend endpoints as well as servers and VMs against modern malware attacks such as ransomware and email phishing, which easily evade legacy signature-matching anti-virus tools. ProSight ASM protects local and cloud-based resources and offers a unified platform to address the entire threat progression including protection, identification, mitigation, remediation, and forensics. Top capabilities include single-click rollback with Windows Volume Shadow Copy Service and automatic system-wide immunization against new attacks. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense.

  • ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Protection
    Progent's ProSight Enhanced Security Protection managed services offer economical multi-layer security for physical servers and virtual machines, workstations, mobile devices, and Exchange Server. ProSight ESP uses contextual security and advanced machine learning for round-the-clock monitoring and reacting to security threats from all attack vectors. ProSight ESP delivers two-way firewall protection, penetration alerts, endpoint management, and web filtering via cutting-edge tools incorporated within a single agent accessible from a single control. Progent's data protection and virtualization experts can assist your business to design and configure a ProSight ESP environment that meets your company's unique requirements and that allows you achieve and demonstrate compliance with legal and industry data security regulations. Progent will assist you define and configure policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that require immediate action. Progent's consultants can also assist your company to install and test a backup and disaster recovery system like ProSight Data Protection Services (DPS) so you can recover rapidly from a destructive security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Microsoft Exchange filtering.

  • ProSight Data Protection Services: Managed Backup and Recovery
    ProSight Data Protection Services offer small and mid-sized organizations an affordable end-to-end solution for reliable backup/disaster recovery. Available at a low monthly rate, ProSight DPS automates and monitors your backup activities and allows rapid recovery of vital files, applications and VMs that have become lost or corrupted as a result of hardware breakdowns, software glitches, disasters, human mistakes, or malware attacks like ransomware. ProSight DPS can help you back up, retrieve and restore files, folders, applications, system images, plus Microsoft Hyper-V and VMware virtual machine images. Critical data can be protected on the cloud, to a local storage device, or mirrored to both. Progent's cloud backup specialists can provide world-class support to configure ProSight Data Protection Services to comply with government and industry regulatory standards like HIPPA, FINRA, PCI and Safe Harbor and, whenever necessary, can assist you to recover your critical data. Read more about ProSight DPS Managed Backup.

  • The ProSight Ransomware Preparedness Report Service
    The ProSight Ransomware Preparedness Report is a low-cost service centered on a phone discussion with a Progent information assurance expert. The interview is intended to assess your organization's preparedness either to stop or recover rapidly from a ransomware attack. Progent will work with you directly to collect information concerning your existing AV defense and backup/recovery platform, and Progent will then produce a written Basic Security and Best Practices Report document describing how you can follow best practices to create a cost-effective security and backup system that meets your business needs. For more information, see Progent's ProSight Ransomware Preparedness Report Service.
Contact Progent for Ransomware Recovery Consulting and Remote Security Monitoring
For ransomware recovery or prevention expertise, call Progent at 800-993-9400 or go to Contact Progent.



An index of content::

  • 24 Hour Fedora Linux, Sun Solaris, UNIX Support Outsourcing Fedora Linux, Sun Solaris, UNIX On-site Technical Support Montgomery Alabama
  • 24-Hour Contractor Jobs Computer Security Consultant Tulsa, OK MCSE MCSA MCDBA MCIPT MCA Consulting Position Tulsa Bartlesville

  • SQL Server 2014 and Hyper-V Support and Setup
    SQL Server 2014 Disaster Recovery Professional

    SQL Server 2014 includes major enhancements in critical areas such as speed, uptime, security, and cloud readiness. Microsoft SQL Server 2014 is the first version of SQL Server that incorporates in-memory technology that operates seamlessly with all types of applications including Online Transaction Processing, enterprise data warehousing, and data analytics. Progent's Microsoft-certified SQL Server 2014 consultants can deliver efficient online and on-premises services that include planning, deployment, management, troubleshooting, and application development expertise to enable organizations of all sizes to realize fast return from their SQL Server 2014 deployment.

  • After Hours Microsoft LCS Server 2007 Consultants Microsoft Live Communications Server Engineers
  • Android Security Onsite Technical Support ProSight Enhanced Security Protection Professional

  • 2900 Router Engineer
    24/7 IOS XR Software IT Consultants

    Cisco has developed a full array of routers that includes routers designed to deliver the protection, performance, and availability demanded by customers ranging from small businesses to worldwide enterprises and service providers. Cisco routers feature support for redundancy, automatic failthrough, and redundant power for improved fault tolerance and network availability. Progent can help you choose and configure Cisco routers to establish a reliable infrastructure for your network and to make it economical to expand as you support new users, start new offices, install new services, open your network to clients and partners, and support an increasingly mobile workforce. Progent offers help with a variety of routers powered by Cisco's IOS platform, including Cisco's 800 series of small office routers, Cisco 1800 and 3800 ISR routers, Cisco 1900 and 3900 G2 Integrated Services Routers, Cisco ASR 1000 and 9000 routers for WAN edge applications, Cisco CRS Carrier Routing System for core Networks, plus older 2500 and 2700 Routers.

  • CISSP Audit Louisville, Louisville-Jefferson County, Kentucky Firewall Security Audits

  • Part-Time CIO Help and Support
    CIO Support and Integration

    Progent can supply small companies with an information management expert who can act as a part-time Chief Information Officer. This part-time Chief Information Officer can offer strategic direction to help you integrate sensible technology to enhance business processes so they match better with your corporate goals. Your company can create and implement a well thought out IT plan without absorbing the expense of a full-time Chief Information Officer.

  • Computer Consulting Company Yolo County IT Management Woodland

  • Windows, UNIX, Solaris Network Consulting
    Microsoft Certified Partner Solaris with Windows Technology Professional

    Progent can help you to design and implement an efficient transition from a UNIX-based IT system to a network based on Windows and capable of running Microsoft's powerful office productivity suites, business applications, and developer tools. Progent's UNIX, Windows and Cisco engineers and application experts can show you how to preserve your information and minimize business disruption by developing an effective transition strategy that preserves your current assets in UNIX application and infrastructure. UNIX-to-Windows migration support expertise available from Progent include evaluation of existing infrastructure, migration planning and testing, Microsoft Exchange migration expertise, data and application migration, and server and media transition and economization.

  • Consultant Services CentOS Linux, Sun Solaris, UNIX Santa Ana Consulting Ubuntu Linux, Sun Solaris, UNIX Newport Beach
  • Consulting Services ProSight ASM Endpoint Protection Signature-matching Virus Protection Consulting
  • Douglas County Nebraska Security Network Consulting Cybersecurity Contractor Firewall Omaha

  • Remote Juniper SRX240 Router Cybersecurity Companies
    Juniper SRX Series Gateway Protecting

    Progent's Juniper-certified network engineers can help you evaluate the business case for adopting Juniper's SRX Series gateways, plan and execute cost-effective deployments, configure equipment to reflect your security strategy, and provide ongoing consulting services to help you monitor, manage, update, and troubleshoot your environment in order to maximize the business value of your SRX gateway solution.

  • Exchange 2013 OWA On-site Support Exchange 2013 Integration Technology Consulting Services
  • Exchange Server 2010 Migration Network Consultants Immediate Exchange 2010 Planning Consulting
  • Exchange Server 2013 Networking Consultants Sherman Oaks-Van Nuys, CA Exchange Server 2013 Network Assessment Sherman Oaks-Encino, CA
  • Firewall Consulting Valencia-San Fernando, California Valencia-Santa Clarita, California Firewall information Systems Audit
  • Georgetown BlackBerry Email Assessment 24-Hour BlackBerry Networking Consultancy Services Georgetown
  • Hartford Enfield Bristol Farmington Remote Help Desk Technicians Engineers Urgent Network Hartford Manchester Southington New Britain
  • IT Services Remote Workers Cloud Integration Telecommuter Cloud Integration Consultants
  • Manhattan Beach Offsite Workforce Management Systems Consultants Manhattan Beach-Hawthorne, CA Manhattan Beach At Home Workforce Endpoint Management Solutions Consulting Manhattan Beach-Torrance

  • Small Business Network Consulting Service
    Repairing Small Office

    Progent's Microsoft and Cisco premier network engineers can provide advanced support for a wide array of products and technologies and can provide that expertise remotely anywhere in the U.S. or in person in major cities throughout the United States and anywhere in . Progent offers online support for information systems based on Microsoft Windows, UNIX, Linux, Solaris, or Apple macOS and OS X, or for systems that include a mix of Windows and UNIX/Linux technology. Progent also can provide access to the help of Cisco CCIE network engineers for complex network problems, as well as the the assistance of CISA and CISM-qualified security engineers to assist with high-level security design and problem solving. Progent has delivered online network support to businesses in all 50 states in the United States.

  • Microsoft Access Programming Firms Office Access Classes
  • Microsoft Dynamics GP (Great Plains) Gold Partner - Saddle Brook - Upgrades Programming and Support Saddle Brook-Clifton Saddle Brook Microsoft Dynamics GP-Great Plains Training Consultant Saddle Brook-Carlstadt, NJ
  • Microsoft Dynamics GP-Software Dallas Solution Provider - Business Intelligence Programming and Support Dallas - Irving Texas Dallas Microsoft Dynamics GP (Great Plains) Training Expert Dallas
  • Microsoft Exchange 2016 Upgrade Computer Consultant Exchange 2016 Upgrade Planning Support
  • Microsoft MRP Technical Support ERP, MRP, Accounting System Development
  • Microsoft SQL 2008 Small Business IT Support Tulsa Green Country Microsoft SQL 2008 IT Manager Tulsa
  • Midtown Manhattan Troubleshooting Computer Consultancy Companies Midtown Manhattan, New York
  • Morgan Hill Computer Installation Gilroy Upgrading

  • 24-Hour Microsoft Expert Fault-tolerant system Support Services
    Consulting Fault-tolerant system

    Progentís fault tolerant system experts provide reliability support, disaster recovery services, network load balancing, 24x7 interoffice access, high-availability Internet architecture design, non-stop data center support, and other high-availability networking services to show your company integrate a non-stop environment for mission-critical applications. Progent has the experience to design economical, fault-tolerant networks by utilizing the evolving library of Microsoft Windows Cluster servers including Windows Cluster Server 2003, Microsoft SQL Cluster Server, and Exchange Cluster. Progentís Microsoft and Cisco authorized engineers can show you how to you design a fault tolerant mutli-site network with a fully redundant Internet connection and efficient system load balancing.

  • Offsite Workforce Expertise near San Diego - IP Voice Solutions Consulting Experts San Diego - La Jolla San Diego Remote Workers VoIP Solutions Guidance
  • ProSight Managed IT Services for Small Businesses Specialists Consulting Services ProSight Managed Services
  • Recruiter Home Based Microsoft Consultant Telecommuter Job Home Based Microsoft Consulting Work From Home Job
  • Remote Workers Columbus Consulting Services - Connectivity Consulting Columbus, Muscogee County Columbus Remote Workforce Integration Solutions Consulting Experts Columbus Georgia
  • Remote Workforce Consulting Services nearby Nashville - Help Desk Outsourcing Consulting Experts Nashville Goodlettsville Teleworkers Consulting Services in Nashville - Help Desk Solutions Assistance Nashville Tennessee
  • SQL 2012 Computer Consulting Group Orlando Florida SQL Server 2012 Network Consulting Group Orlando-Kissimmee
  • Sacramento-Elk Grove Consultancy Services Top Quality Technology Providers Sacramento-Roseville
  • San Francisco Bay Area Work at Home Employees San Francisco Guidance - Management Systems Consulting Services SF Remote Workers Expertise - San Francisco - Endpoint Management Tools Expertise
  • San Francisco Work from Home Employees IP Voice Systems Consulting Daly City, CA Telecommuters Consultants near me in San Francisco - IP Voice Systems Expertise Burlingame, CA
  • SharePoint Networking Consultancy Services Boise City, Ada County, Idaho SharePoint Troubleshoot Idaho - Boise City, ID, Pocatello, ID, Idaho Falls, ID, Lewiston, ID
  • Silicon Valley, California SharePoint 2013 Network Consultant SharePoint Server 2010 Network Consultant
  • Stamford Norwalk Shelton 24/7 CISSP Cybersecurity Group Security Firewall Support Stamford

  • Wireless LAN Online Troubleshooting
    Remote Support Services Wireless Bridge

    Progentís wireless consultants can help small businesses plan, choose, pilot, deploy and maintain protected building-to-building wireless bridging products that integrate transparently into your existing network while offering a level of protection that equals or exceeds wired connections. Progent provides experience in wireless LAN/WAN technology from Cisco Aironet and Meraki, Proxim, and additional small business wireless providers and can show you how to select and install the wireless connectivity solutions that align best your business needs.

  • Top Rated CISSP Consulting Position Colorado Springs Fort Carson Telecommuting Jobs Microsoft MCP Consultant Colorado Springs Colorado
  • Ubuntu Linux, Solaris, UNIX Online Help Polk County Iowa Remote Support Services Ubuntu Linux, Solaris, UNIX Des Moines

  • 802.11 Wireless LAN Setup and Support
    Wi-Fi Network Online Support Services

    Progent can show you how to design, deploy, manage, monitor, and troubleshoot an efficient Wi-Fi LAN architecture, select appropriate hardware and software, and integrate access points, bridges, antennas, wireless controllers, and various wireless accessories. Progent can also show you how to put together a complete 802.11ac wireless network security plan that is well aligned with the security strategy for your entire corporate network.

  • Ubuntu Linux, Sun Solaris, UNIX Consulting Services Lambert International Airport STL Setup and Support CentOS Linux, Sun Solaris, UNIX Lambert International Airport STL
  • Urgent Windows Server 2012 Data Recovery Saddle Brook-Moonachie, New Jersey Saddle Brook-Teterboros Award Winning Windows Server 2016 Support Firm

  • Citrix VM desktops Consulting
    Top Ranked Citrix XenDesktop desktop virtualization Consultants

    Citrix has developed a comprehensive family of platforms that deliver advanced manageability, scalability, and performance for virtualizing servers and for centralized delivery of Windows desktops and applications. For distributing virtualized desktops and applications, Citrix offers XenDesktop and XenApp. For creating and managing virtual servers, Citrix offers Citrix XenServer and Citrix Essentials. Progent's Citrix-certified engineers can help your company to assess the strategic advantages of Citrix technology and help you plan, test, implement, troubleshoot, and support Citrix solutions.

  • Windows Server 2012 R2 Technical Consulting Richmond Virginia Windows Server 2012 Computer Consultation Richmond, VA
  • Work at Home Employees Expertise in Downers Grove - Video Conferencing Technology Consulting Services Downers Grove Remote Workforce Downers Grove Consulting Experts - Video Conferencing Technology Consulting Services Downers Grove-Bolingbrook

  • © 2002-2020 Progent Corporation. All rights reserved.