Ransomware: Your Worst IT Nightmare
Ransomware Recovery ConsultantsRansomware has become a modern cyberplague that poses an extinction-level threat for businesses unprepared for an attack. Versions of ransomware like the Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been around for years and continue to do damage. Modern strains of ransomware like Ryuk, Sodinokibi, Netwalker and Maze, plus daily unnamed newcomers, not only encrypt online data but also infiltrate any accessible system restores and backups. Data synched to the cloud can also be corrupted. In a vulnerable environment, this can make automated recovery impossible and effectively knocks the datacenter back to square one.

Restoring services and data after a ransomware attack becomes a race against the clock as the victim struggles to contain and remove the virus and to restore business-critical operations. Because ransomware takes time to spread, assaults are often launched during weekends, when attacks may take longer to detect. This compounds the difficulty of promptly mobilizing and coordinating a qualified response team.

Progent offers a variety of services for protecting organizations from ransomware attacks. These include user training to recognize and avoid phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of modern security gateways with AI technology to identify and suppress zero-day threats. Progent also offers the services of experienced ransomware recovery consultants with the skills and commitment to rebuild a compromised network as quickly as possible.

Progent's Ransomware Recovery Services
After a ransomware attack, paying the ransom in Bitcoin cryptocurrency does not guarantee that cyber criminals will provide the keys to decrypt all your data. Kaspersky estimated that 17% of ransomware victims never recovered their files after having paid the ransom. The gamble is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is well above the average ransomware demand for small businesses, which ZDNET estimated to be around $13,000. The alternative is to piece back together the vital components of your IT environment. Without the availability of full backups, this requires a broad range of expertise, well-coordinated project management, and the willingness to work 24x7 until the job is done.

Progent has provided professional IT services throughout the United States for two decades and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized certifications including CISA, CISM, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them into a functioning system.

Progent's recovery team uses state-of-the-art project management tools to coordinate the complex recovery process and understands the importance of working quickly and in unison with a client's management and IT staff to prioritize tasks and to get essential services back on line as fast as possible.

Case Study: A Successful Ransomware Recovery
A client engaged Progent after their organization was attacked by Ryuk ransomware. Ryuk is believed to have been launched by North Korean state hackers, possibly using technology leaked from the U.S. National Security Agency. Ryuk targets specific companies with little tolerance for disruption and is one of the most profitable versions of ransomware. Headline victims include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a manufacturer based in Chicago and has about 500 employees. The Ryuk attack had shut down all business operations and manufacturing processes. The majority of the client's backups had been online at the time of the attack and were encrypted. The client considered paying the ransom (in excess of $200,000) and hoping for the best, but in the end called Progent.


"I cannot say enough about the support Progent gave us during the most critical time of (our) business life. We may have had to pay the Hacker if not for the confidence the Progent Team gave us. That you could get our e-mail and Servers back in less than 1 week was something incredible. Every single person I spoke to or e-mailed at Progent was hell bent on getting us operational and was working 24/7 on our behalf."

Progent worked with the client to identify and prioritize the key areas that needed to be addressed in order to restart business operations:

  • Active Directory
  • Email
  • Accounting/ERP
To start, Progent followed AV/Malware Processes best practices by isolating and cleaning up infected systems. Progent then began the task of recovering Active Directory, the heart of enterprise networks built on Microsoft technology. Exchange email will not operate without Active Directory, and the client's accounting and ERP software used Microsoft SQL, which depends on Active Directory for access to the database.

Within two days, Progent was able to restore Active Directory to its pre-attack state. Progent then helped perform reinstallations and hard drive recovery on critical systems. All Exchange ties and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to locate intact OST files (Outlook Offline Folder Files) on various workstations to recover email data. A recent offline backup of the client's accounting/ERP software made it possible to return these vital applications back online. Although significant work remained to recover fully from the Ryuk attack, core services were restored quickly:


"For the most part, the manufacturing operation never missed a beat and we did not miss any customer shipments."

Over the next few weeks important milestones in the recovery process were achieved through close cooperation between Progent and the client:

  • Internal web sites were brought back up with no loss of data.
  • The MailStore Server with over 4 million archived emails was spun up and working.
  • Orders/Invoices/AP/AR/BOM and inventory were 100% restored.
  • A new Palo Alto 850 Firewall was installed.
  • 90% of user workstations were operational.

"A lot of what happened that first week is mostly a blur for me, but we will not forget the countless hours each and everyone of you put in to give us our business back. I have been working with Progent for at least 10 years maybe more and every time, Progent has come through and delivered. This time was no exception but maybe more Herculean."

Conclusion
A potential business disaster was averted by hard work, a broad range of technical expertise, and close teamwork. Although in hindsight the ransomware attack described here could have been prevented with modern security technology, user training, and appropriate procedures for backup and applying software patches, the fact remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to ransomware, remember that Progent's team has proven experience in ransomware virus removal and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were involved), thank you for allowing me to get some sleep after we got past the first week. All of you did an incredible job and if anyone is visiting the Chicago area, dinner is on me!"

To read or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Offered by Progent
Progent offers a range of remote monitoring and security assessment services to help you minimize the threat from ransomware. These services include next-generation machine learning technology to detect new variants of ransomware that can escape detection by traditional signature-based anti-virus solutions.

  • ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Recovery
    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates SentinelOne's cutting-edge machine learning tools to defend endpoints as well as servers and VMs against modern malware attacks such as ransomware and email phishing, which easily evade legacy signature-matching anti-virus tools. ProSight ASM protects local and cloud-based resources and offers a unified platform to address the entire threat progression including protection, identification, mitigation, remediation, and forensics. Top capabilities include single-click rollback with Windows Volume Shadow Copy Service and automatic system-wide immunization against new attacks. Progent is a SentinelOne Partner, reseller, and integrator. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense based on SentinelOne's behavioral analysis technology.

  • ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Protection
    Progent's ProSight Enhanced Security Protection managed services offer economical multi-layer security for physical servers and virtual machines, workstations, mobile devices, and Exchange Server. ProSight ESP uses contextual security and advanced machine learning for round-the-clock monitoring and reacting to security threats from all attack vectors. ProSight ESP delivers two-way firewall protection, penetration alerts, endpoint management, and web filtering via cutting-edge tools incorporated within a single agent accessible from a single control. Progent's data protection and virtualization experts can assist your business to design and configure a ProSight ESP environment that meets your company's unique requirements and that allows you achieve and demonstrate compliance with legal and industry data security regulations. Progent will assist you define and configure policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that require immediate action. Progent's consultants can also assist your company to install and test a backup and disaster recovery system like ProSight Data Protection Services (DPS) so you can recover rapidly from a destructive security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Microsoft Exchange filtering.

  • ProSight Data Protection Services: Managed Backup and Recovery
    ProSight Data Protection Services offer small and mid-sized organizations an affordable end-to-end solution for reliable backup/disaster recovery. Available at a low monthly rate, ProSight DPS automates and monitors your backup activities and allows rapid recovery of vital files, applications and VMs that have become lost or corrupted as a result of hardware breakdowns, software glitches, disasters, human mistakes, or malware attacks like ransomware. ProSight DPS can help you back up, retrieve and restore files, folders, applications, system images, plus Microsoft Hyper-V and VMware virtual machine images. Critical data can be protected on the cloud, to a local storage device, or mirrored to both. Progent's cloud backup specialists can provide world-class support to configure ProSight Data Protection Services to comply with government and industry regulatory standards like HIPAA, FINRA, PCI and Safe Harbor and, whenever necessary, can assist you to recover your critical data. Read more about ProSight DPS Managed Backup.

  • The ProSight Ransomware Preparedness Report Service
    The ProSight Ransomware Preparedness Report is a low-cost service centered on a phone discussion with a Progent information assurance expert. The interview is intended to assess your organization's preparedness either to stop or recover rapidly from a ransomware attack. Progent will work with you directly to collect information concerning your existing AV defense and backup/recovery platform, and Progent will then produce a written Basic Security and Best Practices Report document describing how you can follow best practices to create a cost-effective security and backup system that meets your business needs. For more information, see Progent's ProSight Ransomware Preparedness Report Service.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response Services
To read or download a PDF datasheet describing Progent's ransomware endpoint protection and response (EDR) services, click:
Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)

Contact Progent for Ransomware Recovery Consulting and Remote Security Monitoring
For ransomware recovery or prevention expertise, call Progent at 800-993-9400 or go to Contact Progent.

Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is intended to help organizations to complete the time-critical first phase in mitigating a ransomware assault by stopping the bleeding. Progent's remote ransomware expert can help you to locate and quarantine breached servers and endpoints and guard clean resources from being penetrated. If your network has been penetrated by any version of ransomware, act fast. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800. For more information, see Progent's Ransomware 24x7 Hot Line.



An index of content::

  • 24 Hour Sandy Springs Nephilim Ransomware Rollback Sandy Springs-Fulton County, GA Sandy Springs-Dunwoody Sandy Springs DopplePaymer Crypto-Ransomware Operational-Recovery
  • 24-7 Walnut Creek Server Consulting 24x7 Danville Small Business IT Support Firm
  • Ryuk ransomware cleanup Consult
  • 24/7 MS Dynamics GP Carlsbad Vendor - SQL Server Expert Biggest Dynamics GP (Great Plains) Carlsbad Reseller - SQL Server Support Services Carlsbad-San Marcos, California
  • 24x7 At Home Workforce Huntington Beach Consulting - Management Solutions Assistance Huntington Beach, Orange County Teleworkers Consulting and Support Services - Huntington Beach - Management Systems Consulting Experts Huntington Beach California, US
  • Alpharetta Teleworkers Integration Consulting Services Alpharetta-Cumming, America At Home Workforce Expertise - Alpharetta - Setup Consulting and Support Services
  • Amazon Marketplace Web Service integration Coder Microsoft Certified Partner Amazon MWS integration training Development Company

  • Microsoft Windows Server 2012 R2 Clusters Configuration
    Online Support Microsoft Windows Server Failover Cluster

    Progent's certified failover clustering consultants can assist companies of all sizes to assess the advantages of deploying Microsoft Windows Server 2012 failover clustering to create an advanced fault-tolerant/disaster recovery strategy, help you to design and install a Windows Server 2012 environment, provide online and on-premises consulting services and technical support for failover clusters that include physical servers or virtual machines, and help you to streamline the management of failover clusters.

  • Appleton Ransomware Cleanup and Recovery Ransomware System Rebuild Appleton-Sheboygan, United States
  • At Home Workers Consulting and Support Services - Grand Rapids - Data Protection Technology Assistance Glendale Telecommuters Grand Rapids Guidance - Backup/Restore Technology Consulting Glendale, CA

  • Professionals Microsoft Exchange Server 2016 Migration Planning
    Exchange 2016 Upgrade Planning Remote Troubleshooting

    Progent can help your business in any and all facets of your upgrade to Exchange 2016 such as designing HA architecture for an on-premises, Microsoft cloud connected or hybrid environment; server and CAL licensing compliance for Exchange and Windows Server 2012 R2+; migrating mailboxes; Windows Hyper-V design; specifying storage capacity required for your VMs, databases and logs; configuring hardware load balancing for high-availability client access services; designing, configuring and validating Exchange and Windows Servers and DAG groups; integration with SharePoint; updating your firewall; resolving SSL issues; performing client remediation with Office desktop or Microsoft 365; and configuring Outlook on the web (formerly Outlook Web App).

  • At Home Workers St. Louis Expertise - Video Conferencing Systems Assistance Top Quality St. Louis Offsite Workforce Voice/Video Conferencing Solutions Consulting Services St Louis
  • Birmingham Snatch Ransomware Forensics Analysis Birmingham Birmingham Spora Crypto-Ransomware Forensics Investigation

  • Support and Integration Office SharePoint Server 2016
    SPS 2016 Technical Support

    Progent's Microsoft-authorized experts can help you rationalize the business case for implementing Microsoft SharePoint Server 2007, consult with you on the appropriate version of Microsoft SharePoint for your circumstances, provide setup and deployment services, assist you to set up Microsoft SQL Server as a back-end database, optimize your network infrastructure, integrate your standard and customized application programs to operate with Microsoft SharePoint Server 2007, develop a company-wide security strategy that includes portal technology, and provide maintenance and Help Desk services.

  • BlackBerry Information Technology Installation Service Memphis Bartlett Germantown Collierville Shelby County Tennessee BlackBerry Professional Software Consulting Firms
  • BlackBerry Software Designer Toronto BlackBerry Software IT Service Toronto, Mississauga, Markham, Hamilton
  • Spora ransomware recovery Consultants
  • Call Desk for Remote Workers Technical Support Services Remote Working Remote Technical Support
  • Centennial Maze Crypto-Ransomware Repair Centennial Centennial-Highlands Ranch, Colorado 24x7x365 Centennial Netwalker Ransomware Operational Recovery
  • Cisco Computer Consultation Chatsworth-Woodland Hills, California Top Quality Small Office IT Consulting Cisco

  • Citrix OpenCloud Access Remote Consulting
    Citrix VM desktops Network Engineer

    For Windows desktop and application virtualization, Progent offers the expertise of a Citrix-certified XenDesktop consultant who can help your company to design a XenDesktop environment that improves the business value of your IT network; integrate XenDesktop technology with your servers, user computers, and printers; migrate your older desktop virtualization software to current versions of XenDesktop; and provide comprehensive remote troubleshooting. Progent can also instruct your network managers to adhere to best practices to manage XenDesktop efficiently.

  • Cisco Information Technology Integrators Sherman Oaks-Encino, America Cisco Tech Consultant Sherman Oaks-Van Nuys, CA
  • Columbus Dharma Ransomware Forensics Columbus, Muscogee County Columbus Spora Ransomware Forensics Investigation
  • Computer Outsourcing Consultant BlackBerry Professional Software RIM BlackBerry IT Solution Providers Waltham-Hyde Park, MA, United States

  • Online Support Teleworker Video Conferencing
    24 Hour Offsite Employees Video Conferencing Support

    Progent can help small and medium-size organizations to implement and troubleshoot conferencing applications to enable their at-home workers to communicate productively with teammates and clients.

  • Consolidation Cisco Sioux Falls Cisco Solution Providers Sioux Falls, Minnehaha County

  • Consultant Linux Online
    Sun Solaris Remote Professionals

    Progent offers national urgent phone support and consulting services for businesses that operate UNIX, Linux, or Sun Solaris environments or whose IT systems include a combination of UNIX/Linux and Microsoft products. Remote network consulting provides maximum return for your information technology dollar by extending user productivity and limiting the time charged for network repair services. Advanced remote support tools and experienced technicians and consultants combine to enable Progent to solve most IT problems without squandering time and money by going to your location. In most of situations your network issues can be dealt with over the phone or via a mix of phone support and online access. Progent can offer the services of Cisco CCIE infrastructure experts and CISSP certified security professionals to assist you with the most difficult network problems.

  • Edmonton Edmonton Dynamics GP Migration Consultants Edmonton Microsoft Dynamics GP Migration Consultant
  • Expert Exchange Wilmington, DE, Dover, DE, Newark, DE 24 Hour Exchange Solution Providers
  • Jackson, MS, Gulfport, MS, Biloxi, MS, Hattiesburg, MS Troubleshoot Mississippi Professionals

  • 24/7 Microsoft Enterprise hybrid cloud Engineers
    Coding Google Cloud hybrid integration

    Progent can help your IT team to plan and manage hybrid ecosystems that support Windows and Linux systems and apps in both cloud-only systems or in hybrid architectures that combine local resources as well as one or more public clouds. To assist you to incorporate public clouds with networks, Progent offers a variety of public cloud integration services such as Microsoft Azure hybrid cloud design and deployment services, Amazon AWS cloud integration, and Amazon Web Marketing Service (WMS) programming and debugging. Progent has two decades of background providing high-level consulting services online, and Progent can make sure you complete your cloud migration initiatives quickly and within your budget.

  • Job Opening Microsoft Remote Support South Australia Microsoft Consulting Telecommute Job Adelaide
  • Lynnwood-Everett, WA Teleworkers Expertise near me in Lynnwood - Setup Assistance Lynnwood Work at Home Employees Infrastructure Consulting and Support Services Lynnwood-Snohomish County, WA
  • Phobos ransomware recovery Engineers
  • Microsoft Exchange Integration Services Exchange 2016 DAG Technology Professional
  • Microsoft Exchange Server 2013 Network Support Consultant Knoxville Farragut Oak Ridge Knoxville Tennessee Exchange Server 2013 Computer Support Companies
  • Networking Companies Charleston, South Carolina Charleston Engineers
  • Orlando Dharma Crypto-Ransomware Recovery Orlando, United States Orlando Nephilim Ransomware Mitigation Orlando Florida, US
  • Pasadena Crypto-Ransomware Recovery Services 24-7 Pasadena Ransomware Cleanup Harris County Texas
  • Pittsburgh At Home Workforce IP Voice Technology Consulting Allegheny County Pennsylvania Telecommuters Pittsburgh Assistance - IP Voice Systems Assistance Pittsburgh, Allegheny County
  • Porto Alegre At Home Workers Endpoint Security Solutions Assistance 24/7/365 At Home Workforce Consulting and Support Services near Porto Alegre - Endpoint Security Systems Expertise Porto Alegre, RS
  • Remote Workers Consultants near Garland - Cybersecurity Systems Guidance Garland, TX Garland Centerville Remote Workers Expertise near Garland - Cybersecurity Systems Consultants
  • Remote Workforce Anchorage Consulting and Support Services - Voice/Video Conferencing Technology Consulting and Support Services Anchorage Work at Home Employees Consulting - Anchorage - Video Conferencing Solutions Expertise Ted Stevens Airport Anchorage ANC
  • SCOM 2012 Infrastructure Monitoring IT Consultant Microsoft System Center OpsMgr 2012 R2 Online Technical Support
  • San Mateo Ryuk Crypto-Ransomware Settlement Services Half Moon Bay CA San Mateo Ryuk Ransomware Negotiation Support San Mateo County
  • SentinelOne Malware Forensics Experts Support and Setup 24/7 SentinelOne Ransomware Protection Consulting Services
  • SharePoint Server 2013 Computer Engineer San Diego, United States San Diego-University City, CA Microsoft SharePoint 2013 Online Consulting

  • SharePoint 2019 PowerShell Online Consulting
    Remote Troubleshooting SharePoint 2019 Modern Search

    Progent's Microsoft-certified SharePoint Server 2019 and SharePoint Online experts offer affordable remote and onsite consulting expertise, software development, and technical support services for organizations of any size who intend to migrate to SharePoint 2019 or SharePoint Online from legacy versions of SharePoint. Progent can assist you design and carry out an efficient migration to SharePoint 2019 on prem, SharePoint Online, or a hybrid network model that incorporates onsite and cloud infrastructure into a seamless information management system.

  • Southfield-Detroit Small Office IT Consultant 24/7 Cisco Experts Detroit Small Business Network Consulting Services
  • Spora Ransomware Hot Line The Woodlands, United States Snatch Ransomware Hot Line Montgomery County
  • São Paulo MongoLock Ransomware System-Rebuild Sao Paulo, State of Sao Paulo São Paulo Locky Crypto-Ransomware Removal São Paulo

  • Design Consultant NetBSD
    Linux Consultant Services

    Progent's UNIX platform consulting services provide small companies and developers help with managing and maintaining UNIX, Linux or Solaris environments that coexist with Microsoft-powered technology. Progent offers your organization access to UNIX consultants, support professionals certified by Microsoft and Cisco, and security specialists with CISSP certification. This wide array of experience offers you a convenient one-stop source to show you how to create and maintain a secure and reliable cross-platform network and communications infrastructure that allows UNIX and Microsoft coexistence by integrating Windows with major variants of UNIX including Apple macOS and OS X, Sun Solaris, IBM AIX, HP-UX (Hewlett Packard UNIX), BSD, SCO UNIX and Silicon Graphics IRIX (SGI/IRIX or major Linux platforms including RedHat Linux, SuSE Linux, Debian GNU/Linux and Slackware.

  • Temporary Network Support Staffing Support Services Consultants Irvine California Irvine IT Staffing Help Irvine, Orange County
  • The Woodlands Network Outsource Migration Companies The Woodlands-TheWoodlands
  • Top Ranked Exchange Server 2000 Upgrade Integration Exchange 2000 Server Upgrade Technical Support
  • Toronto, ON 24x7x365 Microsoft SharePoint 2010 Troubleshooting SharePoint Server 2013 Technical Support Toronto

  • Configuration Microsoft System Center Operations Manager
    Monitoring and Reporting Information Technology Consulting

    Progent provides a variety of network service bundles for small organizations. These information technology outsourcing and server monitoring services are built around the anticipatory problem handling abilities of Microsoft System Center Operations Manager 2007, a next-generation server and system support software platform that tracks the reliability, throughput, and security of your information system and isolates incipient problems before they can disrupt your network. With Progent's economically priced network support packages, small companies can select a simple co-sourcing service program based on Microsoft System Center Operations Manager with network monitoring, reporting, Help Desk and remote service or a complete round-the-clock outsourcing solution.

  • UNIX Services Top Rated UNIX Consultant
  • 24 Hour ransomware cleanup and file restore Engineer
  • Windows 2003 Consultant Windows Server 2003 Consultant Services
  • Windows Server 2019 Troubleshoot Greensboro, Guilford County Greensboro Winston-Salem, United States Microsoft Windows Server 2019 Network Consulting
  • DopplePaymer ransomware recovery Consult

  • © 2002-2024 Progent Corporation. All rights reserved.