Ransomware: Your Worst IT Nightmare
Ransomware Recovery ConsultantsRansomware has become a modern cyberplague that poses an extinction-level threat for businesses unprepared for an attack. Versions of ransomware like the Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been around for years and continue to do damage. Modern strains of ransomware like Ryuk, Sodinokibi, Netwalker and Maze, plus daily unnamed newcomers, not only encrypt online data but also infiltrate any accessible system restores and backups. Data synched to the cloud can also be corrupted. In a vulnerable environment, this can make automated recovery impossible and effectively knocks the datacenter back to square one.

Restoring services and data after a ransomware attack becomes a race against the clock as the victim struggles to contain and remove the virus and to restore business-critical operations. Because ransomware takes time to spread, assaults are often launched during weekends, when attacks may take longer to detect. This compounds the difficulty of promptly mobilizing and coordinating a qualified response team.

Progent offers a variety of services for protecting organizations from ransomware attacks. These include user training to recognize and avoid phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of modern security gateways with AI technology to identify and suppress zero-day threats. Progent also offers the services of experienced ransomware recovery consultants with the skills and commitment to rebuild a compromised network as quickly as possible.

Progent's Ransomware Recovery Services
After a ransomware attack, paying the ransom in Bitcoin cryptocurrency does not guarantee that cyber criminals will provide the keys to decrypt all your data. Kaspersky estimated that 17% of ransomware victims never recovered their files after having paid the ransom. The gamble is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is well above the average ransomware demand for small businesses, which ZDNET estimated to be around $13,000. The alternative is to piece back together the vital components of your IT environment. Without the availability of full backups, this requires a broad range of expertise, well-coordinated project management, and the willingness to work 24x7 until the job is done.

Progent has provided professional IT services throughout the United States for two decades and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SBEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized certifications including CISA, CISM, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them into a functioning system.

Progent's recovery team uses state-of-the-art project management tools to coordinate the complex recovery process and understands the importance of working quickly and in unison with a client's management and IT staff to prioritize tasks and to get essential services back on line as fast as possible.

Case Study: A Successful Ransomware Recovery
A client engaged Progent after their organization was attacked by Ryuk ransomware. Ryuk is believed to have been launched by North Korean state hackers, possibly using technology leaked from the U.S. National Security Agency. Ryuk targets specific companies with little tolerance for disruption and is one of the most profitable versions of ransomware. Headline victims include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a manufacturer based in Chicago and has about 500 employees. The Ryuk attack had shut down all business operations and manufacturing processes. The majority of the client's backups had been online at the time of the attack and were encrypted. The client considered paying the ransom (in excess of $200,000) and hoping for the best, but in the end called Progent.


"I cannot say enough about the support Progent gave us during the most critical time of (our) business life. We may have had to pay the Hacker if not for the confidence the Progent Team gave us. That you could get our e-mail and Servers back in less than 1 week was something incredible. Every single person I spoke to or e-mailed at Progent was hell bent on getting us operational and was working 24/7 on our behalf."

Progent worked with the client to identify and prioritize the key areas that needed to be addressed in order to restart business operations:

  • Active Directory
  • Email
  • Accounting/ERP
To start, Progent followed AV/Malware Processes best practices by isolating and cleaning up infected systems. Progent then began the task of recovering Active Directory, the heart of enterprise networks built on Microsoft technology. Exchange email will not operate without Active Directory, and the client's accounting and ERP software used Microsoft SQL, which depends on Active Directory for access to the database.

Within two days, Progent was able to restore Active Directory to its pre-attack state. Progent then helped perform reinstallations and hard drive recovery on critical systems. All Exchange ties and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to locate intact OST files (Outlook Offline Folder Files) on various workstations to recover email data. A recent offline backup of the client's accounting/ERP software made it possible to return these vital applications back online. Although significant work remained to recover fully from the Ryuk attack, core services were restored quickly:


"For the most part, the manufacturing operation never missed a beat and we did not miss any customer shipments."

Over the next few weeks important milestones in the recovery process were achieved through close cooperation between Progent and the client:

  • Internal web sites were brought back up with no loss of data.
  • The MailStore Server with over 4 million archived emails was spun up and working.
  • Orders/Invoices/AP/AR/BOM and inventory were 100% restored.
  • A new Palo Alto 850 Firewall was installed.
  • 90% of user workstations were operational.

"A lot of what happened that first week is mostly a blur for me, but we will not forget the countless hours each and everyone of you put in to give us our business back. I have been working with Progent for at least 10 years maybe more and every time, Progent has come through and delivered. This time was no exception but maybe more Herculean."

Conclusion
A potential business disaster was averted by hard work, a broad range of technical expertise, and close teamwork. Although in hindsight the ransomware attack described here could have been prevented with modern security technology, user training, and appropriate procedures for backup and applying software patches, the fact remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to ransomware, remember that Progent's team has proven experience in ransomware virus removal and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were involved), thank you for allowing me to get some sleep after we got past the first week. All of you did an incredible job and if anyone is visiting the Chicago area, dinner is on me!"

To read or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Offered by Progent
Progent offers a range of remote monitoring and security assessment services to help you minimize the threat from ransomware. These services include next-generation machine learning technology to detect new variants of ransomware that can escape detection by traditional signature-based anti-virus solutions.

  • ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Recovery
    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates cutting edge behavior machine learning tools to defend endpoints as well as servers and VMs against modern malware attacks such as ransomware and email phishing, which easily evade legacy signature-matching anti-virus tools. ProSight ASM protects local and cloud-based resources and offers a unified platform to address the entire threat progression including protection, identification, mitigation, remediation, and forensics. Top capabilities include single-click rollback with Windows Volume Shadow Copy Service and automatic system-wide immunization against new attacks. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense.

  • ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Protection
    Progent's ProSight Enhanced Security Protection managed services offer economical multi-layer security for physical servers and virtual machines, workstations, mobile devices, and Exchange Server. ProSight ESP uses contextual security and advanced machine learning for round-the-clock monitoring and reacting to security threats from all attack vectors. ProSight ESP delivers two-way firewall protection, penetration alerts, endpoint management, and web filtering via cutting-edge tools incorporated within a single agent accessible from a single control. Progent's data protection and virtualization experts can assist your business to design and configure a ProSight ESP environment that meets your company's unique requirements and that allows you achieve and demonstrate compliance with legal and industry data security regulations. Progent will assist you define and configure policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that require immediate action. Progent's consultants can also assist your company to install and test a backup and disaster recovery system like ProSight Data Protection Services (DPS) so you can recover rapidly from a destructive security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Microsoft Exchange filtering.

  • ProSight Data Protection Services: Managed Backup and Recovery
    ProSight Data Protection Services offer small and mid-sized organizations an affordable end-to-end solution for reliable backup/disaster recovery. Available at a low monthly rate, ProSight DPS automates and monitors your backup activities and allows rapid recovery of vital files, applications and VMs that have become lost or corrupted as a result of hardware breakdowns, software glitches, disasters, human mistakes, or malware attacks like ransomware. ProSight DPS can help you back up, retrieve and restore files, folders, applications, system images, plus Microsoft Hyper-V and VMware virtual machine images. Critical data can be protected on the cloud, to a local storage device, or mirrored to both. Progent's cloud backup specialists can provide world-class support to configure ProSight Data Protection Services to comply with government and industry regulatory standards like HIPAA, FINRA, PCI and Safe Harbor and, whenever necessary, can assist you to recover your critical data. Read more about ProSight DPS Managed Backup.

  • The ProSight Ransomware Preparedness Report Service
    The ProSight Ransomware Preparedness Report is a low-cost service centered on a phone discussion with a Progent information assurance expert. The interview is intended to assess your organization's preparedness either to stop or recover rapidly from a ransomware attack. Progent will work with you directly to collect information concerning your existing AV defense and backup/recovery platform, and Progent will then produce a written Basic Security and Best Practices Report document describing how you can follow best practices to create a cost-effective security and backup system that meets your business needs. For more information, see Progent's ProSight Ransomware Preparedness Report Service.
Contact Progent for Ransomware Recovery Consulting and Remote Security Monitoring
For ransomware recovery or prevention expertise, call Progent at 800-993-9400 or go to Contact Progent.



An index of content::

  • 24x7 Call Center Configuration Technology Consulting Services Help Desk Call Center
  • At Home Workforce Lincoln Expertise - Collaboration Solutions Guidance Lincoln, US Remote Workforce Consulting Experts near Lincoln - Collaboration Systems Consulting and Support Services Lincoln
  • BlackBerry Redirector Implementation Kansas City, Jackson County BlackBerry Smartphone Small Business Computer Consulting Firms Kansas City International Airport MCI
  • Brisbane Specialist San Bruno Repair Installation
  • CISSP Firewall Configure Oakdale, Riverbank CA Security Security Consultants
  • CISSP Security Organizations Chesapeake Virginia Security Protecting Chesapeake Virginia
  • Cisco Spam Blocker Protection Consultant Cisco Configuration Assistant
  • Citrix XenMotion Technology Professional Citrix Virtualization Specialist
  • Computer Support Company Yolo County Yolo County Server Recovery

  • Urgent Office 365 AD Connect Specialists
    Office 365 migration PowerShell Online Support

    Progent can assist you to understand the wealth of subscription options available with Office 365 and integrate your information network with Office 365 so you derive top business value. Progent supports cross-vendor environments that include Windows, macOS or OS X, and Linux technology. Progent can also help you to build and maintain hybrid solutions that seamlessly combine on-premises and cloud-based resources.

  • Consulting Expertise for Chattanooga IT Service Organizations Chattanooga, TN Biggest Chattanooga Specialists for IT Support Providers Chattanooga, TN
  • Consulting Experts for IT Service Providers in Addison - Seamless Short-Term Support Staff Help Addison-Richardson, TX Consulting Support for Computer Support Firms nearby Addison - Short-Term Staff Expansion Addison-Lewisville, United States
  • Consulting for Network Support Organizations nearby Manchester - Seamless Temporary Staff Augmentation Manchester Nashua Merrimack Manchester Nashua Merrimack 24 Hour Consulting for Manchester IT Support Companies

  • Microsoft Expert Windows Server 2019 Windows Defender ATP Help and Support
    Remote Windows Server 2019 and SCVMM IT Services

    Progent's Windows Server 2019 disaster recovery/business continuity planning consultants can assist your organization to design a DR/BC solution based on Microsoft's cloud-tested Failover Clustering tools including Cluster Sets, Storage Replica, Storage Spaces Direct, VM Load Balancing, and Cloud Witness.

  • Ryuk ransomware recovery Consult
  • Dynamics GP Great Plains Software Help and Support 24 Hour Microsoft Dynamics GP Outsourcing
  • Expertise for Salt Lake City IT Service Providers Salt Lake City, UT Consulting Services for Salt Lake City Network Support Organizations Salt Lake City, United States
  • Fargo At Home Workers Sarasota Consulting - Collaboration Technology Consulting Services Telecommuters Sarasota Consulting - Collaboration Technology Consultants Fargo, North Dakota
  • Microsoft SharePoint 2010 Technical Consultant Montgomery Alabama Montgomery Mobile Support and Setup SharePoint
  • Professionals WannaCry ransomware recovery
  • Microsoft and Cisco Certified Cotati Network Architect Healdsburg Networking Group
  • New Jersey SharePoint Network Support Service New Jersey Network Consulting Companies SharePoint
  • Offsite Workforce Assistance in Saddle Brook - Support Guidance Saddle Brook-Moonachie, NJ Telecommuters Consulting Experts nearby Saddle Brook - Connectivity Consultants Saddle Brook-Passaic County, NJ
  • Online Technical Support SharePoint Portal Server 2003 Support and Help SharePoint 2003
  • Professional Suse Linux, Solaris, UNIX Minnehaha County South Dakota, America Urgent Outsourcing Fedora Linux, Solaris, UNIX Minnehaha County South Dakota
  • Professionals Lync Server 2013 24/7 Lync Server 2013 and Android Specialist
  • Recovery Services Calgary-Lethbridge Canada Emergency Calgary Small Business Network Consultants
  • Remote Workforce Consultants near me in Minnetonka - IP Voice Systems Consulting Services Minnetonka-Plymouth, MN Minnetonka Offsite Workforce VoIP Systems Consultants Minnetonka-Bloomington, MN
  • Remote Workforce Consulting - Bellevue - Cloud Technology Consulting and Support Services Bellevue, WA Bellevue Washington, US Teleworkers Expertise near me in Bellevue - Cloud Integration Technology Assistance
  • Roseville Work at Home Employees Cloud Integration Systems Consulting Services Roseville-Granite Bay Teleworkers Consulting Experts in Roseville - Cloud Systems Assistance Roseville-Citrus Heights, California

  • Outsourcing Network Help Engineers
    Small Business IT Outsourcing Consultants

    Progent is structured to provide comprehensive remote support for all technical areas common to today’s small company information systems and allows you to outsource a variety of vital, as-needed services including a temporary Chief Information Officer to offer senior-level IT design and negotiating skills, a Call Center for help desk support, proactive server monitoring, spam/virus protection as an outside-the-firewall service, best-practices project management for critical initiatives such as site relocations oroperating system upgrades, Cisco-certified experts for building and maintaining fast and reliable network infrastructure, certified security specialists to verify information protection and regulatory compliance, disaster recovery experts to design and document business continuity strategies, and software programmers to write, customize, or repair business applications.

  • ransomware removal and file restore Consultants
  • San Diego Staffing Support Services Temporary IT Staffing for Network Service Groups San Diego - La Jolla
  • Services Wireless Security Inventory Network Security Scan Consultancy

  • 24/7/365 Cisco AnyConnect Technical Support Services
    Cisco AnyConnect Online Troubleshooting

    The current ASA 5500-X Series Next-Generation Firewalls with Firepower Services provide substantially more value than Cisco's earlier PIX and ASA 5500 firewalls and have superseded the ASA 5500 and PIX security appliances for all new deployments. Progent's Cisco-premier CCIE network experts can help you to maintain your current PIX or ASA 5500 firewalls and upgrade to ASA 5500-X firewalls with Firepower Services. Progent can also assist your organization to design, configure, optimize, manage and troubleshoot firewall environments based around Cisco ASA 5500-X firewalls with Firepower Services.

  • Slackware Linux, Sun Solaris, UNIX Troubleshooting IT Consultants Suse Linux, Solaris, UNIX Broomfield-Boulder, Colorado

  • Microsoft Desktop Small Business IT Consulting
    Information Technology Consulting Firms PC Desktop

    Progent can provide a wide array of low-cost remote and on-premises support services to assist your business to deploy, manage, and debug desktops and mobile devices based on Microsoft Windows, macOS/OS X, Apple iOS, Android, or Linux.

  • Small Office IT Consulting Services SQL Server 2019 Joinville, Santa Catarina SQL Server 2014 Computer Network Firms Joinville, SC
  • Specialists for IT Support Providers near me in Eugene - Temporary Support Staff Augmentation Eugene Oregon Eugene Specialists for IT Support Firms
  • Technical Services Microsoft Exchange Server 2013 State of Rio de Janeiro Microsoft Exchange 2010 Manage
  • Teleworkers Consulting in Houston - IP Voice Solutions Guidance Energy Corridor, Houston, United States Offsite Workforce Houston Consulting Experts - IP Voice Solutions Consulting and Support Services Houston Downtown
  • Top Red Hat Linux, Solaris, UNIX Help and Support Southfield Mandrake Linux, Solaris, UNIX Computer Consultants Southfield-Novi
  • Urgent Irvine Crypto Recovery Irvine Dharma Crypto-Ransomware Repair Irvine, Orange County
  • Work at Home Employees Expertise near Uniondale - Endpoint Management Systems Consulting Services Uniondale-Hempstead, NY Uniondale-Garden City Uniondale Remote Workers Management Tools Consulting and Support Services
  • Work from Home Employees Jersey City Consulting Experts - Integration Consulting Jersey City Newport Centre, United States Jersey City Remote Workers Integration Consulting Services Jersey City New Jersey

  • Engineers Exchange 2013 DAG
    Exchange 2013 In-Place Hold Computer Consulting

    Exchange 2013 includes major improvements to the capabilities of Microsoft Exchange Server 2010 and introduces powerful new features plus a revamped architecture. These improvements favorably impact key IT areas like manageability, high availability (HA), security, operational costs, teamwork, scalability, performance, cross-version interoperability, and the user experience. Progent's Microsoft-certified Exchange 2013 consultants can assist your organization to understand the potential advantages of upgrading to Exchange Server 2013, design an efficient test and rollout plan, and educate your IT team to maintain your Exchange Server 2013 environment. Progent also offers ongoing remote consulting and support and management services for Microsoft Exchange Server 2013.


    © 2002-2021 Progent Corporation. All rights reserved.