Crypto-Ransomware : Your Crippling Information Technology Catastrophe
Ransomware  Remediation ProfessionalsRansomware has become an escalating cyberplague that presents an existential danger for organizations poorly prepared for an assault. Different versions of ransomware such as CryptoLocker, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been around for many years and continue to inflict harm. Newer versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Nephilim, plus frequent as yet unnamed newcomers, not only encrypt on-line information but also infect most available system backup. Files synchronized to the cloud can also be corrupted. In a vulnerable system, it can render any restoration useless and basically sets the entire system back to square one.

Restoring programs and information following a ransomware intrusion becomes a race against time as the targeted organization tries its best to stop the spread and remove the ransomware and to resume enterprise-critical operations. Because ransomware needs time to replicate, assaults are usually sprung during nights and weekends, when successful penetrations are likely to take more time to identify. This compounds the difficulty of quickly mobilizing and orchestrating an experienced mitigation team.

Progent provides a variety of solutions for protecting enterprises from crypto-ransomware events. Among these are user education to help identify and avoid phishing scams, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's behavior-based cyberthreat defense to detect and quarantine day-zero malware attacks. Progent also provides the assistance of experienced ransomware recovery professionals with the track record and commitment to reconstruct a compromised network as rapidly as possible.

Progent's Ransomware Restoration Support Services
Following a ransomware penetration, sending the ransom in Bitcoin cryptocurrency does not ensure that cyber criminals will provide the needed keys to unencrypt any of your files. Kaspersky Labs ascertained that seventeen percent of ransomware victims never recovered their files after having paid the ransom, resulting in more losses. The gamble is also very costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is well above the average ransomware demands, which ZDNET determined to be in the range of $13,000 for smaller businesses. The fallback is to re-install the essential elements of your Information Technology environment. Without access to complete information backups, this requires a wide complement of skills, well-coordinated project management, and the ability to work non-stop until the recovery project is over.

For twenty years, Progent has made available expert Information Technology services for companies throughout the U.S. and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes professionals who have attained advanced industry certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have garnered internationally-renowned certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has expertise in accounting and ERP applications. This breadth of expertise provides Progent the skills to efficiently determine necessary systems and re-organize the surviving components of your network environment after a ransomware attack and assemble them into an operational system.

Progent's security group utilizes top notch project management applications to coordinate the complicated restoration process. Progent knows the urgency of working swiftly and together with a client's management and Information Technology resources to assign priority to tasks and to put key services back online as soon as possible.

Case Study: A Successful Ransomware Virus Response
A customer contacted Progent after their network system was penetrated by the Ryuk ransomware virus. Ryuk is generally considered to have been developed by Northern Korean state sponsored criminal gangs, possibly adopting approaches leaked from the U.S. National Security Agency. Ryuk targets specific organizations with limited ability to sustain disruption and is among the most lucrative instances of ransomware malware. Headline organizations include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a regional manufacturing company based in Chicago and has around 500 workers. The Ryuk attack had frozen all essential operations and manufacturing processes. The majority of the client's backups had been directly accessible at the start of the intrusion and were eventually encrypted. The client was actively seeking loans for paying the ransom demand (more than $200,000) and praying for the best, but ultimately called Progent.


"I cannot say enough about the support Progent gave us throughout the most fearful period of (our) businesses existence. We may have had to pay the cyber criminals if it wasn't for the confidence the Progent team gave us. That you were able to get our messaging and important applications back into operation sooner than one week was amazing. Each expert I worked with or messaged at Progent was amazingly focused on getting us restored and was working 24/7 on our behalf."

Progent worked hand in hand the customer to quickly get our arms around and assign priority to the key services that had to be addressed in order to continue departmental functions:

  • Microsoft Active Directory
  • Microsoft Exchange
  • Accounting/MRP
To get going, Progent adhered to Anti-virus event response industry best practices by halting the spread and clearing up compromised systems. Progent then began the steps of bringing back online Windows Active Directory, the heart of enterprise systems built upon Microsoft Windows technology. Microsoft Exchange messaging will not operate without Windows AD, and the businesses' accounting and MRP software utilized SQL Server, which needs Windows AD for authentication to the databases.

In less than 48 hours, Progent was able to rebuild Windows Active Directory to its pre-attack state. Progent then performed setup and storage recovery of critical systems. All Microsoft Exchange Server ties and configuration information were usable, which accelerated the restore of Exchange. Progent was able to locate local OST data files (Outlook Offline Data Files) on team PCs and laptops in order to recover mail information. A recent off-line backup of the customer's accounting software made it possible to return these required programs back on-line. Although a large amount of work remained to recover totally from the Ryuk event, the most important services were restored quickly:


"For the most part, the production manufacturing operation did not miss a beat and we delivered all customer sales."

Over the next month key milestones in the restoration project were accomplished in close cooperation between Progent engineers and the client:

  • Internal web applications were restored with no loss of information.
  • The MailStore Server containing more than four million historical messages was brought online and available for users.
  • CRM/Product Ordering/Invoices/Accounts Payable (AP)/Accounts Receivables/Inventory modules were completely operational.
  • A new Palo Alto 850 firewall was installed and configured.
  • Most of the user desktops were operational.

"So much of what was accomplished in the early hours is mostly a fog for me, but we will not soon forget the commitment each of you put in to give us our business back. I've been working with Progent for the past ten years, maybe more, and each time I needed help Progent has impressed me and delivered. This event was a testament to your capabilities."

Conclusion
A possible business catastrophe was averted through the efforts of results-oriented professionals, a broad spectrum of IT skills, and tight collaboration. Although in post mortem the crypto-ransomware penetration described here would have been identified and blocked with modern cyber security solutions and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, team training, and properly executed security procedures for backup and proper patching controls, the reality is that government-sponsored criminal cyber gangs from Russia, China and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware virus, remember that Progent's roster of professionals has extensive experience in ransomware virus defense, remediation, and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Tony and Chris (and any others that were contributing), I'm grateful for making it so I could get rested after we got past the first week. Everyone did an fabulous job, and if any of your guys is around the Chicago area, dinner is my treat!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this case study, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Crypto-Ransomware Removal Expertise
For 24/7 crypto-ransomware recovery services, call Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24-7 Remote Workers Vitória Guidance - VoIP Technology Assistance Vitória Telecommuters VoIP Technology Consulting Experts Vitoria
  • 24-Hour Milwaukee Ransomware MongoLock Preparedness Report Milwaukee, WI Milwaukee Crypto-Ransomware Dharma Readiness Evaluation General Mitchell Airport Milwaukee MKE
  • 24x7 Computer Consulting Services Windows Server 2016 Livermore, Alameda County Urgent Network Recovery Windows Server 2012 R2 Dublin, CA
  • 24x7 SQL Implementation Support Milwaukee Wisconsin IT Outsourcing Companies SQL Wisconsin

  • System Center 2016 Orchestrator Technical Support Services
    24-7 Expert Microsoft Certified System Center 2016 Orchestrator Support Services

    Progent has more than 20 years of experience configuring, and supporting the core platforms that make up System Center and can assist your organization to plan, configure, maintain, and repair your Microsoft System Center 2012 R2 solution to optimize the uptime and responsiveness of your critical IT resources across multiple Windows and Linux/Unix operating systems and on-premises and Cloud-connected fabric. Progent can help you to upgrade to the current edition of System Center from an older release or from a third-party IT management solution to deliver the benefits of best-in-class deployment, management automation, security and compliance, plus datacenter and critical application performance monitoring.

  • At Home Workers Walnut Creek Assistance - Conferencing Solutions Consulting and Support Services Walnut Creek, CA Walnut Creek Work from Home Employees Conferencing Systems Consultants
  • Augusta 24-Hour Telecommuters Augusta-Richmond County Guidance - IP Voice Technology Consulting Services Open Now At Home Workers Augusta-Richmond County Consulting and Support Services - IP Voice Systems Consulting Augusta Georgia, U.S.A.
  • Award Winning Fedora Linux, Solaris, UNIX On-site Support Salinas, CA Mandrake Linux, Solaris, UNIX Remote Support Services
  • Cisco EWC for Catalyst 9100 AP Consulting 24/7 Catalyst Wi-Fi 6 AP Layout Computer Consulting
  • Cisco Technical Support Outsource Pennsylvania Cisco Computer Network Specialists Philadelphia, Pittsburgh, Allentown, PA
  • Consulting for Baltimore Network Service Organizations Port of Baltimore Baltimore Consulting Services for IT Service Providers Baltimore Downtown

  • network asset documentation management Consulting Services
    ProSight domain management Services

    ProSight IT Asset Management is a cloud-based IT documentation management service that makes it easy to create, maintain, find and safeguard data related to your IT infrastructure, procedures, business apps, and services. You can quickly locate passwords or IP addresses and be alerted automatically about upcoming expirations of SSLs or warranties. By cleaning up and organizing your IT infrastructure documentation, you can eliminate as much as half of the time thrown away looking for critical information about your IT network. ProSight IT Asset Management includes a centralized repository for holding and sharing all documents related to managing your business network such as standard operating procedures and self-service instructions. ProSight IT Asset Management also offers advanced automation for gathering and associating IT information. Whether you're planning improvements, performing regular maintenance, or reacting to a crisis, ProSight IT Asset Management gets you the information you need when you need it.

  • Denver Denver At Home Workers Integration Guidance At Home Workers Denver Expertise - Setup Guidance Denver Mile High City
  • Downers Grove Ransomware Cleanup Help Downers Grove-Naperville, Illinois 24-Hour Downers Grove Ransomware Removal Experts
  • Dynamics GP Reading VAR - Business Intelligence Consultants Reading Berkshire, South East England Dynamics GP Vender nearby Reading - Recovery Support Services

  • Juniper NetScreen 5200 Firewall Information Technology Consulting
    Juniper Firewalls Firewall Audit

    Progent's Juniper Networks-authorized NetScreen engineer can help you to configure and optimize NetScreen 5000 series routers, migrate from older NetScreen products to the latest Juniper technologies, and troubleshoot network infrastructure issues in all-Juniper or mixed-vendor environments.

  • Emergency Work at Home Consultant Services Teleworker Integration Consultants
  • Exchange 2000 Upgrading Exchange 2000 Migration Consulting
  • Top Consulting Services Maze ransomware recovery
  • Exchange Support Team Phoenix, Maricopa County, Arizona Computer Support For Small Offices Exchange Phoenix, AZ
  • IT Co-sourcing White Papers Whitepaper IT Outsourcing Example
  • Illinois SharePoint Outsourcing Company Migration Firm SharePoint Illinois - Chicago, IL, Aurora, IL, Rockford, IL, Springfield, IL

  • Check Point 900 Firewalls Auditing
    Check Point 23000 Firewalls Cybersecurity Consultancies

    Progent's Check Point firewall experts can help you plan, deploy, and manage firewall environments built around Check Point Software Next Generation firewall appliances and Check Point's cloud-based SandBlast security services. Progent's consultants can also assist you maintain legacy Check Point firewalls or migrate efficiently to Check Point's next-generation security gateways.

  • Juniper SSL VPN Router Cybersecurity Consultancy Juniper SA700 SSL VPN Compliance Audit
  • Memphis Bartlett Germantown Collierville Windows Server 2012 Security Consulting Windows Server 2016 Small Business Computer Consultant Memphis, USA
  • Microsoft SQL Server Outsourcing Technical Support San Nicolás de los Garza Microsoft SQL Server 2016 Onsite Computer Services Monterrey
  • Offsite Workforce Consulting Experts near Allen - Cloud Technology Consulting Experts Allentown Allen Teleworkers Cloud Integration Solutions Assistance
  • Ransomware Repair Support Services Orange County Florida Best Orlando 24-7 Crypto Cleanup Consulting Orange County Florida
  • Security Audit Services Firewall Des Moines Firewall Security Group Des Moines, Polk County
  • Security Firms Security Walnut Creek, CA, US Firewall Network Consulting Walnut Creek California, America

  • Top Lync Server 2013 Reverse Proxy Server Professionals
    Lync Server 2013 dial plans Consult

    Progent's consultants can help you to assess the value of Microsoft Lync Server 2010 for your business and can help you to plan and carry out a rollout of Lync Server that unifies the management of Instant Messaging and Presence and increases the output of your in-house employees, telecommuters, and mobile workforce. Progent can in addition assist your company to perform an efficient migration to Microsoft Lync Server 2010 from Office Communications Server or from Microsoft Live Communications Server, integrate Microsoft Lync Server with Exchange Server, SharePoint, and Microsoft SQL Server, show you how you can run Microsoft Lync Server to enhance the collaborative capabilities of Microsoft Office applications, and provide online seminars and ongoing support for Lync and other Microsoft products.

  • Shared Computer Support Help Desk Engineer Service Desk Sharing Remote Support Services
  • Short-Term IT Support Staffing Support Services Expertise Supplemental IT Staffing Help Consulting Experts Fresno California
  • Specialists for Akron Computer Support Providers Akron Ohio Akron, OH Consulting Experts for Akron Network Support Providers
  • Supplemental Network Support Staffing Help Consulting Services Barra da Tijuca Barra, RJ Barra da Tijuca Short Term IT Staffing Help
  • Teleworkers Guidance - Campinas - IP Voice Solutions Expertise Campinas, Elias Fausto, U.S.A. Work at Home Employees Campinas Consultants - VoIP Technology Expertise Campinas, Sao Paulo
  • The Woodlands The Woodlands Ransomware Forensics The Woodlands WannaCry Crypto-Ransomware Forensics Montgomery County
  • Winston-Salem Nephilim Crypto-Ransomware Removal Winston-Salem Sodinokibi Crypto-Ransomware Operational Recovery Forsyth County North Carolina
  • Wireless Site Survey IT Consultant Wi-Fi RF Coverage Maps Computer Consulting

  • © 2002-2022 Progent Corporation. All rights reserved.