Ransomware: Your Worst IT Nightmare
Ransomware Recovery ConsultantsRansomware has become a modern cyberplague that poses an extinction-level threat for businesses unprepared for an attack. Versions of ransomware like the Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been around for years and continue to do damage. Modern strains of ransomware like Ryuk, Sodinokibi, Netwalker and Maze, plus daily unnamed newcomers, not only encrypt online data but also infiltrate any accessible system restores and backups. Data synched to the cloud can also be corrupted. In a vulnerable environment, this can make automated recovery impossible and effectively knocks the datacenter back to square one.

Restoring services and data after a ransomware attack becomes a race against the clock as the victim struggles to contain and remove the virus and to restore business-critical operations. Because ransomware takes time to spread, assaults are often launched during weekends, when attacks may take longer to detect. This compounds the difficulty of promptly mobilizing and coordinating a qualified response team.

Progent offers a variety of services for protecting organizations from ransomware attacks. These include user training to recognize and avoid phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of modern security gateways with AI technology to identify and suppress zero-day threats. Progent also offers the services of experienced ransomware recovery consultants with the skills and commitment to rebuild a compromised network as quickly as possible.

Progent's Ransomware Recovery Services
After a ransomware attack, paying the ransom in Bitcoin cryptocurrency does not guarantee that cyber criminals will provide the keys to decrypt all your data. Kaspersky estimated that 17% of ransomware victims never recovered their files after having paid the ransom. The gamble is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is well above the average ransomware demand for small businesses, which ZDNET estimated to be around $13,000. The alternative is to piece back together the vital components of your IT environment. Without the availability of full backups, this requires a broad range of expertise, well-coordinated project management, and the willingness to work 24x7 until the job is done.

Progent has provided professional IT services throughout the United States for two decades and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized certifications including CISA, CISM, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them into a functioning system.

Progent's recovery team uses state-of-the-art project management tools to coordinate the complex recovery process and understands the importance of working quickly and in unison with a client's management and IT staff to prioritize tasks and to get essential services back on line as fast as possible.

Case Study: A Successful Ransomware Recovery
A client engaged Progent after their organization was attacked by Ryuk ransomware. Ryuk is believed to have been launched by North Korean state hackers, possibly using technology leaked from the U.S. National Security Agency. Ryuk targets specific companies with little tolerance for disruption and is one of the most profitable versions of ransomware. Headline victims include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a manufacturer based in Chicago and has about 500 employees. The Ryuk attack had shut down all business operations and manufacturing processes. The majority of the client's backups had been online at the time of the attack and were encrypted. The client considered paying the ransom (in excess of $200,000) and hoping for the best, but in the end called Progent.


"I cannot say enough about the support Progent gave us during the most critical time of (our) business life. We may have had to pay the Hacker if not for the confidence the Progent Team gave us. That you could get our e-mail and Servers back in less than 1 week was something incredible. Every single person I spoke to or e-mailed at Progent was hell bent on getting us operational and was working 24/7 on our behalf."

Progent worked with the client to identify and prioritize the key areas that needed to be addressed in order to restart business operations:

  • Active Directory
  • Email
  • Accounting/ERP
To start, Progent followed AV/Malware Processes best practices by isolating and cleaning up infected systems. Progent then began the task of recovering Active Directory, the heart of enterprise networks built on Microsoft technology. Exchange email will not operate without Active Directory, and the client's accounting and ERP software used Microsoft SQL, which depends on Active Directory for access to the database.

Within two days, Progent was able to restore Active Directory to its pre-attack state. Progent then helped perform reinstallations and hard drive recovery on critical systems. All Exchange ties and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to locate intact OST files (Outlook Offline Folder Files) on various workstations to recover email data. A recent offline backup of the client's accounting/ERP software made it possible to return these vital applications back online. Although significant work remained to recover fully from the Ryuk attack, core services were restored quickly:


"For the most part, the manufacturing operation never missed a beat and we did not miss any customer shipments."

Over the next few weeks important milestones in the recovery process were achieved through close cooperation between Progent and the client:

  • Internal web sites were brought back up with no loss of data.
  • The MailStore Server with over 4 million archived emails was spun up and working.
  • Orders/Invoices/AP/AR/BOM and inventory were 100% restored.
  • A new Palo Alto 850 Firewall was installed.
  • 90% of user workstations were operational.

"A lot of what happened that first week is mostly a blur for me, but we will not forget the countless hours each and everyone of you put in to give us our business back. I have been working with Progent for at least 10 years maybe more and every time, Progent has come through and delivered. This time was no exception but maybe more Herculean."

Conclusion
A potential business disaster was averted by hard work, a broad range of technical expertise, and close teamwork. Although in hindsight the ransomware attack described here could have been prevented with modern security technology, user training, and appropriate procedures for backup and applying software patches, the fact remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to ransomware, remember that Progent's team has proven experience in ransomware virus removal and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were involved), thank you for allowing me to get some sleep after we got past the first week. All of you did an incredible job and if anyone is visiting the Chicago area, dinner is on me!"

To read or download a PDF version of this case study, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Offered by Progent
Progent offers a range of remote monitoring and security assessment services to help you minimize the threat from ransomware. These services include next-generation machine learning technology to detect new variants of ransomware that can escape detection by traditional signature-based anti-virus solutions.

  • ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Recovery
    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates SentinelOne's cutting-edge machine learning tools to defend endpoints as well as servers and VMs against modern malware attacks such as ransomware and email phishing, which easily evade legacy signature-matching anti-virus tools. ProSight ASM protects local and cloud-based resources and offers a unified platform to address the entire threat progression including protection, identification, mitigation, remediation, and forensics. Top capabilities include single-click rollback with Windows Volume Shadow Copy Service and automatic system-wide immunization against new attacks. Progent is a SentinelOne Partner, reseller, and integrator. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense based on SentinelOne's behavioral analysis technology.

  • ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Protection
    Progent's ProSight Enhanced Security Protection managed services offer economical multi-layer security for physical servers and virtual machines, workstations, mobile devices, and Exchange Server. ProSight ESP uses contextual security and advanced machine learning for round-the-clock monitoring and reacting to security threats from all attack vectors. ProSight ESP delivers two-way firewall protection, penetration alerts, endpoint management, and web filtering via cutting-edge tools incorporated within a single agent accessible from a single control. Progent's data protection and virtualization experts can assist your business to design and configure a ProSight ESP environment that meets your company's unique requirements and that allows you achieve and demonstrate compliance with legal and industry data security regulations. Progent will assist you define and configure policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that require immediate action. Progent's consultants can also assist your company to install and test a backup and disaster recovery system like ProSight Data Protection Services (DPS) so you can recover rapidly from a destructive security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Microsoft Exchange filtering.

  • ProSight Data Protection Services: Managed Backup and Recovery
    ProSight Data Protection Services offer small and mid-sized organizations an affordable end-to-end solution for reliable backup/disaster recovery. Available at a low monthly rate, ProSight DPS automates and monitors your backup activities and allows rapid recovery of vital files, applications and VMs that have become lost or corrupted as a result of hardware breakdowns, software glitches, disasters, human mistakes, or malware attacks like ransomware. ProSight DPS can help you back up, retrieve and restore files, folders, applications, system images, plus Microsoft Hyper-V and VMware virtual machine images. Critical data can be protected on the cloud, to a local storage device, or mirrored to both. Progent's cloud backup specialists can provide world-class support to configure ProSight Data Protection Services to comply with government and industry regulatory standards like HIPAA, FINRA, PCI and Safe Harbor and, whenever necessary, can assist you to recover your critical data. Read more about ProSight DPS Managed Backup.

  • The ProSight Ransomware Preparedness Report Service
    The ProSight Ransomware Preparedness Report is a low-cost service centered on a phone discussion with a Progent information assurance expert. The interview is intended to assess your organization's preparedness either to stop or recover rapidly from a ransomware attack. Progent will work with you directly to collect information concerning your existing AV defense and backup/recovery platform, and Progent will then produce a written Basic Security and Best Practices Report document describing how you can follow best practices to create a cost-effective security and backup system that meets your business needs. For more information, see Progent's ProSight Ransomware Preparedness Report Service.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response Services
To read or download a PDF datasheet describing Progent's ransomware endpoint protection and response (EDR) services, click:
Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)

Contact Progent for Ransomware Recovery Consulting and Remote Security Monitoring
For ransomware recovery or prevention expertise, call Progent at 800-993-9400 or go to Contact Progent.

Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is intended to assist organizations to take the time-critical first step in mitigating a ransomware assault by putting out the fire. Progent's remote ransomware expert can help you to locate and quarantine infected devices and protect undamaged resources from being compromised. If your system has been penetrated by any strain of ransomware, act fast. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800. For more information, visit Progent's Ransomware 24x7 Hot Line.



An index of content::

  • 24-7 CISSP Certified Security Washington Small Office Computer Consultants IT Solution Providers Washington
  • Netwalker ransomware recovery Engineers
  • 24-7 Honolulu Crypto-Ransomware Preparedness Testing Honolulu Hawaii Honolulu, Waikiki Honolulu Ransomware Malware Evaluation
  • 24-Hour IT Specialist Exchange 2016 Baton Rouge Microsoft Exchange Server 2013 Services Baton Rouge, Capital Park, USA

  • Immediate Computer Consultancy Services Microsoft Exchange 2016
    Microsoft Exchange 2016 Systems Support

    Progent's Microsoft-certified consultants average over a decade of background providing unified communications solutions for customers ranging from small businesses to large enterprises. Progent offers affordable support for all versions of Microsoft Exchange Server to enhance email and virus protection, design high availability email environments, and facilitate remote and wireless email connectivity. Progent's Exchange support services can assist you in designing and carrying out a move from a legacy SMPT server or older Microsoft Email package such as Microsoft Exchange 2003 to Exchange 2019 Server. Progent provides support for Windows 10 and Windows 11 clients running Office Outlook and can show you how to configure Outlook Web App (OWA) for popular web browsers. For e-mail virus protection, spam filtering and outbound data leak prevention, Progent offers Email Guard managed services.

  • 5500 Wireless Controller Engineer wireless controller Engineer
  • Bellevue Telecommuters Backup Solutions Consulting Bellevue Kirkland, United States Work from Home Employees Bellevue Consulting Experts - Data Protection Systems Expertise Bellevue Washington
  • BlackBerry Redirector Server Integrators Sacramento CA RIM BlackBerry System Consulting Sacramento
  • Business Computer Server Companies Part-time CIO Accounting System Coder
  • Cisco Phone Support Services Denver Golden Triangle Cisco Network Security Consultant Denver Mile High City, United States
  • Cisco Professional Sorocaba, SP Solutions Provider Cisco Sorocaba, State of São Paulo
  • Consultant BlackBerry Henrico County Virginia Richmond Network Installation BlackBerry Software
  • Consulting Services for Shreveport Computer Support Organizations Caddo Parish Louisiana Consulting for Network Support Organizations in Shreveport - Transparent Temporary IT Support Help Shreveport, LA
  • Consulting Support for Austin Network Support Companies Austin Texas Consulting Experts for Austin Network Support Organizations Austin, Travis County
  • Dynamics GP-Software Valencia Partner - Database Development Valencia-Santa Clarita, California Microsoft Dynamics GP-Great Plains Partner nearby Valencia - Setup Support Services Valencia-Santa Clarita, California
  • Fort Myers Designer Windows Server 2012 Windows Server 2012 R2 Security Consulting Firm Fort Myers, Florida
  • Lakeland Remote Workforce VoIP Solutions Consulting and Support Services Lakeland-Plant City Work at Home Employees Expertise - Lakeland - IP Voice Systems Consulting Experts Lakeland-Plant City, FL

  • Support Outsourcing Microsoft Firewall
    Microsoft ISA Server Remote Troubleshooting

    Progent's certified ISA Server consultants have extensive backgrounds configuring Microsoft ISA Server-based security solutions for IT networks with many sites, remote workers, and line-of-business eCommerce applications. Progent's Microsoft Firewall consultants are available to help your company in planning and implementing an installation of ISA 2000 Server or ISA 2004 Server that meets your information security requirements without overly limiting your network productivity. Progent's consultants can help you upgrade from Microsoft Proxy Server from ISA 2000 Server to ISA 2006 Enterprise Edition Server or Microsoft ISA 2006 Standard Edition Server.

  • Largest Florianópolis-Canasvieiras Phone Support Services Florianópolis-Lagoa da Conceição Information Technology Consulting Companies
  • Mac Consultant 24x7 iPhone Troubleshooting
  • Open Now Consultancy Conti ransomware recovery
  • Maine Support Team Information Technology Consultants Maine
  • Manchester NotPetya Crypto-Ransomware Removal Manchester Locky Ransomware Restoration Sheffield, England
  • Consultancy ransomware removal and recovery
  • Microsoft Exchange 2007 Consultant Exchange Server 2007 Remote Troubleshooting
  • Microsoft SQL Server 2017 Systems Engineer San Jose Silicon Valley Microsoft SQL 2008 Computer Outsourcing
  • Microsoft SQL Server Small Business Network Consulting Firms Lubbock Preston Smith Airport LBB Small Business IT Consulting Company Microsoft SQL Server South Plains Lubbock

  • 24-7 ProSight Virtual Hosting Consulting
    Professionals ProSight Virtual Machine Hosting

    Progent's ProSight Virtual hosting services provide small companies a range of advantages such as reduced capital expenditures, reductions in operational expense, improved management focus, world-class security, greater availability, and regulatory compliance.

  • Microsoft Windows 10 Evaluation Outsourcing Microsoft Windows 10 ADK Consultants
  • Microsoft Windows Computer Network Support Petaluma, CA Information Technology Manager Microsoft Computer Sonoma County
  • Mid-sized Office Technical Consultants Mid-size Office Outsourcing Company
  • Consultants ransomware business recovery
  • Monterrey-San Nicolás de los Garza IT Support 24-7 Monterrey Small Business IT Consultants
  • Mountain View, CA Remote Microsoft MCTS Support Freelancing Job Employment Opportunities Microsoft MCTS Engineer San Jose, United States
  • MozyPro Consulting Deduplication Consulting

  • Wi-Fi 6 Wireless Site Survey Integration Services
    Support Outsourcing Wi-Fi Site Survey and Debugging

    Progent's Wi-Fi site survey services assist you to design, implement and troubleshoot a Wi-Fi network optimized for your environment, offering you a WLAN that delivers the coverage, performance, capacity, Quality of Service, security, and roaming capability your company needs. Wi-Fi survey services from Progent include remote predictive modeling for designing a Wi-Fi LAN and onsite survey services for validating, tuning, and debugging a functioning Wi-Fi LAN.

  • Offsite Workforce Pittsburgh Assistance - Conferencing Solutions Guidance Pittsburgh Pennsylvania Pittsburgh Pennsylvania, USA At Home Workers Pittsburgh Consultants - Conferencing Systems Consulting Services

  • SentinelOne Ransomware Defense Professionals
    SentinelOne Endpoint Virus Immunization Professional

    Progent is a dealer and integrator for SentinelOne's Singularity product family, a subscription-based, cloud-centric cyberthreat management solution that includes machine learning technology and advanced services to deliver cutting-edge endpoint detection and response (EDR).

  • Oxford MS Dynamics GP Upgrades Support Services Oxfordshire, South East England Microsoft Dynamics GP-Great Plains Partner near me in Oxford - Migration Help Oxford, U.K.
  • ProSight Email Zero Hour Protection Consultancy Specialist ProSight Email Virus Filtering
  • Raleigh Spora Crypto-Ransomware Negotiation Services Raleigh, NC Raleigh Egregor Ransomware Settlement Negotiation Experts Research Triangle North Carolina
  • Ransomware Data Restore Rancho Cordova-Sacramento Ryuk Ransomware Hot Line Rancho Cordova, California
  • Remote Support Job Computer Support San Francisco Microsoft Consulting Jobs San Francisco Bay Area
  • Remote Technical Support Cisco Broomfield Small Office Network Consultants Cisco Broomfield-Thornton, CO
  • Remote Workers Expertise in Baltimore - Video Conferencing Technology Assistance Baltimore, MD, America Work from Home Employees Consulting and Support Services nearby Baltimore - Voice/Video Conferencing Solutions Consulting and Support Services Port of Baltimore
  • Richmond, Contra Costa County MS Dynamics GP Richmond VAR - Training Experts Richmond Microsoft Dynamics GP Training Help Richmond San Pablo Hercules
  • SQL System Consultant Sioux Falls, Minnehaha County, South Dakota Implementation SQL Sioux Falls, SD, Rapid City, SD, Aberdeen, SD, CITY4, SD
  • San Diego UCSD At Home Workforce IP Voice Systems Guidance San Diego-University Remote Workers San Diego UCSD Consultants - VoIP Solutions Assistance San Diego-La Jolla, CA, U.S.A.
  • Small Business IT Outsourcing Firm Microsoft Exchange Server 2013 Sioux Falls, U.S.A. Immediate Exchange Server 2019 Network Consult Sioux Falls South Dakota
  • Consult WannaCry ransomware recovery
  • Small Office Computer System Consultant Small Business IT Consulting Company
  • Small Office IT Outsourcing SQL Server 2019 Napa California Napa California, America Small Office IT Outsourcing SQL Server 2019
  • Spora Ransomware Hot Line Porto Alegre, Rio Grande do Sul Maze Ransomware Hot Line
  • São José do Rio Preto Telecommuters Ribeirão Preto Consulting Experts - Help Desk Call Center Outsourcing Expertise Remote Workers Consulting Services nearby Ribeirão Preto - Help Desk Outsourcing Consulting and Support Services Ribeirão Preto
  • Teleworkers Consultants nearby Pasadena - Endpoint Security Solutions Consulting Services Pasadena Baytown Missouri City Pasadena At Home Workforce Network Security Systems Consultants Pasadena
  • Teleworkers Expertise near me in Montreal - Cloud Integration Solutions Consultants Montreal, QC Montreal Work from Home Employees Cloud Technology Guidance Quebec
  • Tucson Open Now SharePoint Server 2007 Computer Consulting SharePoint Server 2013 On-site Support Tucson International Airport TUS
  • Upgrade Consultant UNIX Migration UNIX
  • Wichita Critical Crypto Remediation Wichita Locky CryptoLocker Cleanup Wichita, KS
  • Wilmington At Home Workforce Backup/Restore Systems Assistance Wilmington Wilmington Urgent At Home Workers Consulting Services near Wilmington - Backup Solutions Expertise
  • Windows Server 2016 Small Business IT Consultant Birmingham, Jefferson County Jefferson County Alabama, United States Windows Server 2019 IT Consulting Firm

  • 24x7 Microsoft Dynamics NAV Troubleshooting
    24x7x365 Consulting Microsoft Dynamics NAV

    Progent offers remote and on-premises deployment, migration, programming, BI reporting for Dynamics 365 Business Central (formerly Dynamivs NAV).

  • Work at Home Employees Consultants near me in Florianópolis - Cloud Solutions Expertise Florianopolis-São José Remote Workforce Assistance in Florianópolis - Cloud Technology Expertise Florianopolis, Santa Catarina
  • Work at Home Employees Hialeah Consulting Services - Call Desk Augmentation Consultants Hialeah, FL At Home Workers Guidance nearby Hialeah - Help Desk Solutions Consulting Services Miami-Dade County

  • © 2002-2023 Progent Corporation. All rights reserved.