Ransomware: Your Worst IT Nightmare
Ransomware Recovery ConsultantsRansomware has become a modern cyberplague that poses an extinction-level threat for businesses unprepared for an attack. Versions of ransomware like the Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been around for years and continue to do damage. Modern strains of ransomware like Ryuk, Sodinokibi, Netwalker and Maze, plus daily unnamed newcomers, not only encrypt online data but also infiltrate any accessible system restores and backups. Data synched to the cloud can also be corrupted. In a vulnerable environment, this can make automated recovery impossible and effectively knocks the datacenter back to square one.

Restoring services and data after a ransomware attack becomes a race against the clock as the victim struggles to contain and remove the virus and to restore business-critical operations. Because ransomware takes time to spread, assaults are often launched during weekends, when attacks may take longer to detect. This compounds the difficulty of promptly mobilizing and coordinating a qualified response team.

Progent offers a variety of services for protecting organizations from ransomware attacks. These include user training to recognize and avoid phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of modern security gateways with AI technology to identify and suppress zero-day threats. Progent also offers the services of experienced ransomware recovery consultants with the skills and commitment to rebuild a compromised network as quickly as possible.

Progent's Ransomware Recovery Services
After a ransomware attack, paying the ransom in Bitcoin cryptocurrency does not guarantee that cyber criminals will provide the keys to decrypt all your data. Kaspersky estimated that 17% of ransomware victims never recovered their files after having paid the ransom. The gamble is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is well above the average ransomware demand for small businesses, which ZDNET estimated to be around $13,000. The alternative is to piece back together the vital components of your IT environment. Without the availability of full backups, this requires a broad range of expertise, well-coordinated project management, and the willingness to work 24x7 until the job is done.

Progent has provided professional IT services throughout the United States for two decades and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SBEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized certifications including CISA, CISM, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them into a functioning system.

Progent's recovery team uses state-of-the-art project management tools to coordinate the complex recovery process and understands the importance of working quickly and in unison with a client's management and IT staff to prioritize tasks and to get essential services back on line as fast as possible.

Case Study: A Successful Ransomware Recovery
A client engaged Progent after their organization was attacked by Ryuk ransomware. Ryuk is believed to have been launched by North Korean state hackers, possibly using technology leaked from the U.S. National Security Agency. Ryuk targets specific companies with little tolerance for disruption and is one of the most profitable versions of ransomware. Headline victims include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a manufacturer based in Chicago and has about 500 employees. The Ryuk attack had shut down all business operations and manufacturing processes. The majority of the client's backups had been online at the time of the attack and were encrypted. The client considered paying the ransom (in excess of $200,000) and hoping for the best, but in the end called Progent.


"I cannot say enough about the support Progent gave us during the most critical time of (our) business life. We may have had to pay the Hacker if not for the confidence the Progent Team gave us. That you could get our e-mail and Servers back in less than 1 week was something incredible. Every single person I spoke to or e-mailed at Progent was hell bent on getting us operational and was working 24/7 on our behalf."

Progent worked with the client to identify and prioritize the key areas that needed to be addressed in order to restart business operations:

  • Active Directory
  • Email
  • Accounting/ERP
To start, Progent followed AV/Malware Processes best practices by isolating and cleaning up infected systems. Progent then began the task of recovering Active Directory, the heart of enterprise networks built on Microsoft technology. Exchange email will not operate without Active Directory, and the client's accounting and ERP software used Microsoft SQL, which depends on Active Directory for access to the database.

Within two days, Progent was able to restore Active Directory to its pre-attack state. Progent then helped perform reinstallations and hard drive recovery on critical systems. All Exchange ties and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to locate intact OST files (Outlook Offline Folder Files) on various workstations to recover email data. A recent offline backup of the client's accounting/ERP software made it possible to return these vital applications back online. Although significant work remained to recover fully from the Ryuk attack, core services were restored quickly:


"For the most part, the manufacturing operation never missed a beat and we did not miss any customer shipments."

Over the next few weeks important milestones in the recovery process were achieved through close cooperation between Progent and the client:

  • Internal web sites were brought back up with no loss of data.
  • The MailStore Server with over 4 million archived emails was spun up and working.
  • Orders/Invoices/AP/AR/BOM and inventory were 100% restored.
  • A new Palo Alto 850 Firewall was installed.
  • 90% of user workstations were operational.

"A lot of what happened that first week is mostly a blur for me, but we will not forget the countless hours each and everyone of you put in to give us our business back. I have been working with Progent for at least 10 years maybe more and every time, Progent has come through and delivered. This time was no exception but maybe more Herculean."

Conclusion
A potential business disaster was averted by hard work, a broad range of technical expertise, and close teamwork. Although in hindsight the ransomware attack described here could have been prevented with modern security technology, user training, and appropriate procedures for backup and applying software patches, the fact remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to ransomware, remember that Progent's team has proven experience in ransomware virus removal and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were involved), thank you for allowing me to get some sleep after we got past the first week. All of you did an incredible job and if anyone is visiting the Chicago area, dinner is on me!"

To read or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Offered by Progent
Progent offers a range of remote monitoring and security assessment services to help you minimize the threat from ransomware. These services include next-generation machine learning technology to detect new variants of ransomware that can escape detection by traditional signature-based anti-virus solutions.

  • ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Recovery
    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates cutting edge behavior machine learning tools to defend endpoints as well as servers and VMs against modern malware attacks such as ransomware and email phishing, which easily evade legacy signature-matching anti-virus tools. ProSight ASM protects local and cloud-based resources and offers a unified platform to address the entire threat progression including protection, identification, mitigation, remediation, and forensics. Top capabilities include single-click rollback with Windows Volume Shadow Copy Service and automatic system-wide immunization against new attacks. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense.

  • ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Protection
    Progent's ProSight Enhanced Security Protection managed services offer economical multi-layer security for physical servers and virtual machines, workstations, mobile devices, and Exchange Server. ProSight ESP uses contextual security and advanced machine learning for round-the-clock monitoring and reacting to security threats from all attack vectors. ProSight ESP delivers two-way firewall protection, penetration alerts, endpoint management, and web filtering via cutting-edge tools incorporated within a single agent accessible from a single control. Progent's data protection and virtualization experts can assist your business to design and configure a ProSight ESP environment that meets your company's unique requirements and that allows you achieve and demonstrate compliance with legal and industry data security regulations. Progent will assist you define and configure policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that require immediate action. Progent's consultants can also assist your company to install and test a backup and disaster recovery system like ProSight Data Protection Services (DPS) so you can recover rapidly from a destructive security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Microsoft Exchange filtering.

  • ProSight Data Protection Services: Managed Backup and Recovery
    ProSight Data Protection Services offer small and mid-sized organizations an affordable end-to-end solution for reliable backup/disaster recovery. Available at a low monthly rate, ProSight DPS automates and monitors your backup activities and allows rapid recovery of vital files, applications and VMs that have become lost or corrupted as a result of hardware breakdowns, software glitches, disasters, human mistakes, or malware attacks like ransomware. ProSight DPS can help you back up, retrieve and restore files, folders, applications, system images, plus Microsoft Hyper-V and VMware virtual machine images. Critical data can be protected on the cloud, to a local storage device, or mirrored to both. Progent's cloud backup specialists can provide world-class support to configure ProSight Data Protection Services to comply with government and industry regulatory standards like HIPAA, FINRA, PCI and Safe Harbor and, whenever necessary, can assist you to recover your critical data. Read more about ProSight DPS Managed Backup.

  • The ProSight Ransomware Preparedness Report Service
    The ProSight Ransomware Preparedness Report is a low-cost service centered on a phone discussion with a Progent information assurance expert. The interview is intended to assess your organization's preparedness either to stop or recover rapidly from a ransomware attack. Progent will work with you directly to collect information concerning your existing AV defense and backup/recovery platform, and Progent will then produce a written Basic Security and Best Practices Report document describing how you can follow best practices to create a cost-effective security and backup system that meets your business needs. For more information, see Progent's ProSight Ransomware Preparedness Report Service.
Contact Progent for Ransomware Recovery Consulting and Remote Security Monitoring
For ransomware recovery or prevention expertise, call Progent at 800-993-9400 or go to Contact Progent.



An index of content::

  • 24 Hour Career Opportunities Microsoft MCP Consultant Salinas, United States 24 Hour Microsoft MCITP Engineer Employment Marina, CA
  • 24/7 Small Business Private Clouds Consult 24 Hour Private Cloud Solutions Engineer
  • 24x7x365 Pittsburgh Teleworkers Collaboration Solutions Expertise Pittsburgh Pennsylvania Pittsburgh, PA Work at Home Employees Consulting Services nearby Pittsburgh - Collaboration Technology Assistance

  • NetApp MetroCluster Troubleshooting Consult
    24x7x365 Technology Professional NetApp MetroCluster Switchover

    Progent can provide enterprise customers the help of a certified NetApp consultant to deliver online or on-premises expertise for NetApp's complete line of SAN storage products including ONTAP and Clustered Data ONTAP (CDOT) data management, MetroCluster array-based clustering, FlexPod private cloud infrastructure, SnapMirror data replication, SnapVault and OSSV continuous backup, Virtual Storage Console (VSC) for VMware vSphere, MultiStore for storage partitioning, OnCommand Unified Manager Core, plus NetApp's FAS, AFF, V-Series and N-Series storage products. Areas of NetApp SAN storage solutions supported by Progent include SAN architecture, hybrid-cloud integration, virtualization, migrations, transparent patching, system management, information assurance, disaster recovery, and remediation. Progent can provide Level 3 support to assist you to resolve issues with NetApp SAN deployments efficiently based on best practices.

  • Allentown Pennsylvania Allentown Ryuk Crypto-Ransomware Forensics Investigation Allentown Netwalker Crypto-Ransomware Forensics Investigation Allentown, PA
  • Amazon enterprise hybrid cloud solutions Coder Amazon AWS integration Contract Programming

  • Microsoft Certified Exchange 2000 Upgrade Upgrading
    Microsoft Exchange Upgrade Setup and Support

    Progent is one of the most qualified network support firms for integrating email and messaging solutions based on Microsoft Exchange 2000 Server. Progent is skilled in helping small companies derive the full benefits of Exchange 2000 under common situations such as updating from Exchange 5.5 Server, migration from an ISP-based or POP3 e-mail system, and jobbing out your Exchange 2000 Server support.

  • Arlington, Texas Implementation Consulting Companies Arlington Small Business IT Outsourcing Services
  • Engineers ransomware removal and file recovery
  • At Home Workforce Thousand Oaks Guidance - Infrastructure Consulting Services Ventura County California Thousand Oaks Remote Workforce Infrastructure Consulting Experts Thousand Oaks Moorpark

  • On-site Technical Support SharePoint 2013 Web Parts
    SharePoint 2013 Community Sites IT Consultant

    Progent has been providing SharePoint support since the initial product was released more than a decade ago, and Progent has the scope of technical knowledge to assist organizations of any size to design and carry out a SharePoint Server 2013 installation and create SharePoint 2013 apps that add substantial business benefit to your IT investment. Progent's Microsoft-certified consultants can help you to assess the business advantages of upgrading to SharePoint Server or SharePoint Online from legacy versions of SharePoint or from another collaboration environment; decide if an in-house, online or hybrid deployment is best suited for your organization; and select the most appropriate version of SharePoint 2013 for your purposes. Progent offers comprehensive project management support or can assist in specific tasks related to your SharePoint 2013 deployment.

  • BlackBerry BES Server Recovery Services Tukwila BlackBerry BES Computer Setup
  • BlackBerry BPS Consult Open Now BlackBerry Enterprise Server Online Consulting
  • BlackBerry BPS Information Technology Outsource Guarulhos, São Paulo BlackBerry Software Online Consulting Tatuapé, Guarulhos
  • Broomfield-Louisville, America Broomfield Crypto Cleanup Help Immediate Broomfield CryptoLocker Cleanup
  • Cincinnati, Hamilton County Consulting Expertise for Cincinnati Network Support Companies Cincinnati Consulting Support for IT Service Providers Cincinnati Ohio

  • Outsourcing Company Microsoft Exchange Server 2019
    Sharepoint Portal Server System Support

    Progent's Microsoft-certified consultants can provide computer help and technology consulting services for Microsoft .NET Servers and applications and for Microsoft Windows Server 2012 R2, Windows Server 2008 R2 and Windows Server 2003. Progent’s consulting professionals can help you plan, integrate, maintain and manage the entire family of Windows .NET Servers including SQL Server, Microsoft ISA Server, Microsoft Small Business Server, Exchange Server, Microsoft SharePoint Server, Windows Hyper-V, Microsoft Lync Server, Project Server, and Microsoft System Center Operations Manager.

  • Cisco Management Integration Consulting 24-Hour Cisco Technology Consultancy Firm Ottawa
  • Cisco Network Assessment Cisco Manager
  • DopplePaymer ransomware recovery Consultants
  • Consulting 64-bit Processing Microsoft Certified Engineer 64-bit Migration
  • Specialist DopplePaymer ransomware recovery
  • Dayton Work from Home Employees Consultants - Dayton - Collaboration Solutions Consulting Experts Dayton Remote Workforce Collaboration Technology Consulting and Support Services Dayton

  • Catalyst Ethernet Switch On-site Technical Support
    Catalyst Switch VSS Troubleshooting

    Progent's Cisco-certified CCIE networking consultants can assist you to set up, manage, update, optimize and debug Cisco Catalyst switches. Progent can also assist your business to harden the security of Catalyst switches and move efficiently from outdated switches to modern models.

  • Dynamics GP Premier Partner near Los Angeles - Upgrades Outsourcing Northridge, United States Century City Southern California Dynamics GP-Software Gold Partner in Los Angeles - Migration Help

  • Computer Support Companies Certified Microsoft Partner
    Top Quality Microsoft Certified Designer

    Progent is a Microsoft Certified Partner with accredited competencies such as Advanced Infrastructure Solutions and Information Worker Solutions. Microsoft Certified Partners are the elite organizations who earn the highest client endorsement and enjoy the tightest working relationship with Microsoft. The knowledge, skills, and commitment needed to earn the status of Microsoft Certified Partner benefits Progent's clients by enabling Progent to offer your company better solutions for your information network.

  • Firewall Cybersecurity Consultancy Mesa, United States Cybersecurity Contractors CISSP Mesa Arizona
  • Fremont Crypto-Ransomware Ryuk Susceptibility Report Fremont Fremont California 24/7/365 Fremont Crypto-Ransomware Hermes Preparedness Checkup
  • Honolulu At Home Workers Integration Solutions Expertise Oahu, Hawaii Honolulu Work from Home Employees Connectivity Solutions Consulting Honolulu, Waikiki
  • Honolulu IT Consulting Honolulu, Hawaii Networking Consultant
  • IT Consultant ProSight Remote Infrastructure Management Automatic Network Diagrams Consultant

  • Oracle 10g Help and Support
    Oracle DBA Engineer

    Progent offers fast and affordable online access to an authorized Oracle DBA consultant or an Oracle software programmer. Progent offers comprehensive DBA services for all versions of Oracle including 10g and 11g and can also assist you to design, create, enhance, or fix Oracle applications written with SQL and PL/SQL. Progent also provides support for Streams replication technologies and Oracle Recovery Manager.

  • Immediate At Home Workers Expertise near Durham - IP Voice Solutions Consulting Services Top Durham Telecommuters VoIP Systems Consulting Durham
  • Immediate Microsoft Certified Expert Lync Server 2013 Reverse Proxy Server Consult Lync Server 2013 Mirrored Back End Servers Consultant
  • Immediate San Leandro Implementation Union City Contractor
  • Installer Cisco Mexico City, Azcapotzalco Mexico City, Coyoacán Cisco Outsourcing Technical Support
  • Largest Carlsbad Avaddon Ransomware Data-Recovery Carlsbad, CA Carlsbad NotPetya Ransomware Business-Recovery
  • Lubbock Microsoft Dynamics GP (Great Plains) Upgrade Consultants Lubbock, TX Lubbock Microsoft Dynamics GP-Great Plains Training Help Lubbock Texas, United States

  • Microsoft Dynamics GP Update Consulting Akron Ohio
    Top Quality Dynamics GP System Upgrade Consult Akron, Summit County, United States

    Progent's consultants have supported Dynamics GP and Great Plains ERP software for almost two decades and Progent has provided integration, customization, education, and troubleshooting services since the platform's debut. Progent offers advanced support for upgrading out of date Dynamics GP deployments. Progent can help you to design, test, and carry out an efficient migration from a a legacy version of GP to the current release of Dynamics GP.

  • Manaus Locky Ransomware Hot Line Ransomware Hot Line Amazonas
  • Melbourne At Home Workforce Set up Expertise Melbourne, Victoria Melbourne Remote Workers Integration Solutions Guidance Melbourne
  • Microsoft Consulting Contractor Brisbane Microsoft MCP Consulting Telecommuting Job Sydney
  • Microsoft Exchange 2016 Technology Support Exchange Server 2013 Network Administration Guadalajara Jalisco
  • Microsoft Windows 2003 Remote Support Top Microsoft Windows 2003 Online Technical Support
  • Naples-Bonita Springs Naples Crypto-Ransomware Avaddon Vulnerability Report 24x7x365 Naples Crypto-Ransomware Ryuk Susceptibility Testing
  • Network Administration Microsoft Exchange Server 2007 Adelaide, South Australia Top Exchange Server 2019 Small Business Outsourcing Adelaide
  • Networking Consultant Services Knoxville, TN Onsite Support IT Outsourcing Knoxville Tennessee

  • Security Auditing Stealth Penetration Testing
    Security Penetration Testing Cybersecurity Company

    Stealth penetration testing is an important component of any comprehensive IT system security strategy. Progent’s security professionals can perform extensive penetration checks without the knowledge of your organization's internal IT resources. Stealth penetration checking shows whether current security defense tools such as intrusion detection warnings and event log monitoring are properly configured and consistently monitored.

  • Philadelphia Offsite Workforce Consulting in Philadelphia - Integration Consultants Work at Home Employees Philadelphia Consulting Experts - Solutions Consultants Philadelphia Harrisburg

  • ProSight Email Guard Spam Filtering Services Consult
    Email Outbound Content Filtering Specialist

    Progent's ProSight Email Guard uses the services and infrastructure of leading information security vendors to deliver web-based management and world-class security for your inbound and outbound email. The powerful architecture of Progent's Email Guard integrates cloud-based filtering with an on-premises gateway device to provide complete defense against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks (DHAs), and other email-borne malware. Email Guard's Cloud Protection Layer serves as a preliminary barricade and keeps most unwanted email from making it to your security perimeter. This decreases your exposure to external threats and saves system bandwidth and storage space. Email Guard's onsite security gateway device adds a deeper level of analysis for inbound email. For outbound email, the local security gateway provides AV and anti-spam filtering, DLP, and email encryption. The onsite security gateway can also assist Exchange Server to monitor and protect internal email traffic that stays inside your corporate firewall.

  • Remote Workers Assistance near me in Lawrence - Solutions Consultants Lawrence Lawrence Remote Workers Connectivity Assistance Lawrence, Massachusetts
  • San Fernando Valley Work at Home Employees Consulting in Grand Rapids - Cloud Integration Systems Consulting Services Telecommuters Expertise near me in Grand Rapids - Cloud Systems Consulting Services Los Angeles County

  • Helpdesk for at Home Workforce Help and Support
    Helpdesk for Telecommuters Professionals

    Progent has 20 years of background helping small and medium-size companies to design, implement, optimize, administer, and debug information networks that support remote workers.

  • Emergency Dharma ransomware recovery Engineer
  • Savannah Crypto-Ransomware Forensics Analysis Savannah Georgia Savannah Ransomware Incident Reporting Savannah
  • Shared Service Desk Technical Support Services Top Online Technical Support Virtual Helpdesk
  • Spokane Washington Offsite Workforce Consulting and Support Services nearby Spokane - Data Protection Solutions Consulting and Support Services Spokane, WA, U.S.A. Remote Workforce Spokane Consulting - Data Protection Systems Consulting Services
  • Stamford Connecticut Urgent Stamford Crypto Removal Consultants Top Stamford MongoLock Crypto Assessment and Removal Stamford Connecticut
  • Supplemental Staffing Services Consulting San Antonio Supplemental IT Staffing Support Consulting Experts
  • Technology Consultancy Firm Louisville, Kentucky Louisville-Jefferson County Small Business IT Outsourcing Firm
  • Telecommuters Lincoln Assistance - Conferencing Systems Consulting and Support Services Lincoln, Lancaster County Largest Work at Home Employees Lincoln Consulting Experts - Video Conferencing Solutions Consulting Lancaster County Nebraska
  • Toronto, Mississauga, Markham, Hamilton Toronto Ransomware Forensics Investigation Toronto-Mississauga Toronto DopplePaymer Ransomware Forensics Investigation
  • Uberlândia Ransomware Conti protection and ransomware recovery Largest Uberlândia Ransomware Ryuk Preparedness Review Minas Gerais
  • Valencia Ryuk Ransomware Settlement Experts Valencia Valencia Avaddon Ransomware Settlement Negotiation Support Valencia-Santa Clarita
  • Virginia Beach Virginia Consulting Services Microsoft SharePoint Server 2007 Best SharePoint 2010 IT Consultants
  • Windows Systems Engineer Sacramento - Folsom Sacramento - Citrus Heights, US Windows Server 2016 Technical Support Outsource
  • Wireless LAN Consultant Wireless Network Services
  • Work at Home Employees Spokane Assistance - Setup Consulting Spokane Washington Remote Workforce Consulting and Support Services near me in Spokane - Setup Consulting Services Spokane County Washington

  • Temporary IT Staff Augmentation Computer Consultant
    After Hours Immediate IT Staffing Services Computer Consulting

    Progent's short-term IT staffing services enable you to meet the need for IT support personnel without dealing with the costs and hassle associated with vetting and recruiting experienced technical help and without adding to your full-time head count.


    © 2002-2021 Progent Corporation. All rights reserved.