Ransomware : Your Worst IT Catastrophe
Crypto-Ransomware  Recovery ExpertsCrypto-Ransomware has become a too-frequent cyber pandemic that presents an existential threat for businesses poorly prepared for an attack. Different versions of ransomware such as Dharma, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been replicating for many years and still inflict destruction. More recent versions of ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Conti and Nephilim, as well as additional unnamed newcomers, not only do encryption of on-line information but also infiltrate most accessible system protection mechanisms. Information replicated to off-site disaster recovery sites can also be rendered useless. In a poorly designed data protection solution, it can render automatic restore operations hopeless and basically sets the datacenter back to square one.

Restoring services and data following a ransomware outage becomes a sprint against the clock as the targeted business tries its best to contain and cleanup the ransomware and to resume mission-critical operations. Due to the fact that ransomware needs time to move laterally, attacks are often launched during nights and weekends, when attacks are likely to take longer to discover. This multiplies the difficulty of rapidly mobilizing and organizing an experienced mitigation team.

Progent has a range of services for securing enterprises from ransomware penetrations. Among these are team training to become familiar with and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, in addition to installation of modern security solutions with artificial intelligence technology to automatically detect and quarantine new cyber threats. Progent in addition can provide the services of expert ransomware recovery professionals with the track record and perseverance to reconstruct a compromised environment as urgently as possible.

Progent's Ransomware Recovery Support Services
Subsequent to a crypto-ransomware attack, sending the ransom in Bitcoin cryptocurrency does not ensure that cyber criminals will return the keys to unencrypt any or all of your information. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their information even after having sent off the ransom, resulting in increased losses. The risk is also costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the usual crypto-ransomware demands, which ZDNET determined to be in the range of $13,000 for smaller businesses. The other path is to re-install the essential elements of your Information Technology environment. Absent access to essential information backups, this requires a broad range of skills, well-coordinated project management, and the willingness to work continuously until the job is finished.

For decades, Progent has offered certified expert IT services for businesses throughout the U.S. and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have earned high-level certifications in important technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security specialists have garnered internationally-renowned certifications including CISA, CISSP-ISSAP, ISACA CRISC, and GIAC. (See Progent's certifications). Progent in addition has expertise in accounting and ERP applications. This breadth of expertise provides Progent the ability to rapidly identify important systems and integrate the remaining pieces of your IT environment following a ransomware attack and assemble them into an operational network.

Progent's security team deploys state-of-the-art project management applications to coordinate the complex restoration process. Progent knows the importance of acting quickly and in concert with a client's management and Information Technology resources to prioritize tasks and to get the most important applications back online as soon as possible.

Business Case Study: A Successful Ransomware Intrusion Recovery
A business hired Progent after their network system was crashed by the Ryuk ransomware. Ryuk is thought to have been deployed by North Korean state criminal gangs, possibly adopting strategies leaked from the U.S. NSA organization. Ryuk targets specific companies with little or no ability to sustain disruption and is among the most profitable versions of ransomware malware. Well Known targets include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a single-location manufacturing company located in the Chicago metro area and has about 500 employees. The Ryuk penetration had disabled all business operations and manufacturing capabilities. Most of the client's data backups had been on-line at the time of the intrusion and were destroyed. The client was pursuing financing for paying the ransom (in excess of $200,000) and praying for the best, but in the end made the decision to use Progent.


"I cannot speak enough in regards to the expertise Progent gave us during the most fearful period of (our) companyís life. We had little choice but to pay the cyber criminals behind the attack if it wasnít for the confidence the Progent experts afforded us. The fact that you were able to get our messaging and key servers back into operation in less than one week was something I thought impossible. Each person I worked with or communicated with at Progent was urgently focused on getting us restored and was working at all hours on our behalf."

Progent worked hand in hand the customer to rapidly understand and assign priority to the essential services that needed to be recovered to make it possible to continue departmental operations:

  • Active Directory
  • Microsoft Exchange
  • Financials/MRP
To get going, Progent adhered to AV/Malware Processes incident response best practices by stopping lateral movement and performing virus removal steps. Progent then began the process of recovering Microsoft Active Directory, the key technology of enterprise networks built on Microsoft technology. Microsoft Exchange Server email will not operate without Active Directory, and the businessesí MRP software utilized Microsoft SQL, which depends on Active Directory services for security authorization to the databases.

In less than 2 days, Progent was able to rebuild Active Directory services to its pre-intrusion state. Progent then performed rebuilding and hard drive recovery of needed servers. All Microsoft Exchange Server ties and configuration information were intact, which accelerated the restore of Exchange. Progent was able to find local OST data files (Outlook Email Off-Line Data Files) on various PCs and laptops in order to recover mail data. A not too old off-line backup of the businesses financials/MRP systems made it possible to return these vital services back online for users. Although significant work still had to be done to recover completely from the Ryuk attack, core systems were recovered rapidly:


"For the most part, the production line operation ran fairly normal throughout and we delivered all customer orders."

During the next month critical milestones in the recovery process were made through close cooperation between Progent engineers and the client:

  • Self-hosted web applications were returned to operation without losing any data.
  • The MailStore Server containing more than four million historical emails was restored to operations and accessible to users.
  • CRM/Product Ordering/Invoicing/Accounts Payable (AP)/Accounts Receivables/Inventory Control modules were completely operational.
  • A new Palo Alto 850 security appliance was installed and configured.
  • 90% of the user PCs were being used by staff.

"A lot of what transpired that first week is mostly a fog for me, but my team will not forget the care all of you put in to help get our business back. Iíve trusted Progent for the past ten years, possibly more, and every time I needed help Progent has shined and delivered. This situation was a testament to your capabilities."

Conclusion
A probable business catastrophe was averted due to top-tier professionals, a broad spectrum of IT skills, and tight teamwork. Although in retrospect the ransomware virus attack described here could have been shut down with up-to-date security solutions and best practices, user and IT administrator education, and properly executed incident response procedures for data backup and proper patching controls, the fact remains that government-sponsored hackers from China, Russia, North Korea and elsewhere are tireless and will continue. If you do fall victim to a ransomware attack, remember that Progent's roster of professionals has substantial experience in ransomware virus defense, removal, and file disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others that were contributing), thank you for allowing me to get rested after we got through the most critical parts. All of you did an impressive job, and if anyone that helped is in the Chicago area, dinner is my treat!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Repair Expertise
For 24-Hour ransomware recovery consulting, reach out to Progent at 800-993-9400 or go to Contact Progent.



An index of content::

  • 24 Hour Exchange Computer Consulting Companies Anchorage, AK, United States Anchorage Alaska Exchange Small Business Network Consulting Companies
  • 24 Hour SharePoint Server 2007 Consultant Services Emergency Consultants Microsoft SharePoint Server 2013 Buffalo
  • 24/7 IT Staffing for Network Service Teams Lawrence, Massachusetts-Nashua, New Hampshire Lawrence Supplemetary IT Staffing Support Services Lawrence-Hillsborough County, Massachusetts
  • 24x7x365 ISA 2004 Firewall Network Consulting Services ISA Server
  • At Home Workforce Seattle Consulting - IP Voice Solutions Consulting Experts Seattle Bainbridge Island Issaquah, United States Immediate Teleworkers Consulting Services near me in Seattle - IP Voice Solutions Guidance Seattle Puget Sound
  • BlackBerry BES Server Computer Setup Dayton Centerville Trotwood Small Office Network Consultant BlackBerry Redirector Woodland County Ohio
  • Boston Work at Home Employees Collaboration Solutions Consultants Boston Massachusetts Top At Home Workers Boston Consulting Services - Collaboration Solutions Consulting Experts
  • Catalyst 2900 Switch Remote Support Catalyst Switch IOS Outsourcing
  • Centennial At Home Workforce IP Voice Technology Assistance Centennial Colorado Centennial Centennial At Home Workforce VoIP Solutions Consulting Services
  • Charlotte Work at Home Employees Security Systems Assistance Mecklenburg County North Carolina At Home Workers Charlotte Consulting Services - Network Security Systems Expertise Charlotte
  • Clustered Windows Server 2012 R2 Network Consultants Clustered Windows Server 2012 Support and Help
  • Computer Consultancy Tucson, AZ Tucson Computer Outsourcing Consultant
  • Exchange Server 2013 Software Consulting Services Elmhurst, IL Gary, Indiana Exchange Server 2013 Technicians
  • Gentoo Linux, Sun Solaris, UNIX On-site Technical Support Tacoma, Pierce County Computer Consultant CentOS Linux, Solaris, UNIX Tacoma, Pierce County

  • Specialist Wireless LAN
    Support Wi-Fi

    Progent can show you how to design, configure, manage, monitor, and troubleshoot a viable Wireless LAN infrastructure, select sensible products, and configure access points, bridges, radio antennas, wireless controllers, and other wireless products. Progent can also help you build a complete wireless system security plan that is well aligned with the security plan for your entire corporate network.

  • Hosting for Virtual Servers Professionals Private Cloud Integration Services
  • IT Staffing for IT Service Organizations Lexington Blue Grass Airport LEX, U.S.A. Short Term IT Staffing for Network Service Teams
  • Integration Microsoft Virtual PC for Mac Network Consultants Windows Desktop Simulation on macOS
  • Largest SQL 2012 IT Specialist Danville, CA Microsoft SQL 2008 Configure Walnut Creek Contra Costa County
  • Mac Office PowerPoint Classes Training Mac Application
  • Microsoft Certified Specialist Microsoft ISA 2004 Server ISA 2000 Server Technical Consultant
  • Microsoft Computer Network Recovery Best Consulting Services Microsoft Windows North Las Vegas, Clark County, USA
  • Microsoft Exchange 2010 Network Help Microsoft Exchange 2010 IT Consulting Broomfield-Westminster
  • Microsoft SQL 2008 Small Business Network Consulting Company Perth, Western Australia Microsoft SQL Server 2017 Computer Systems Consulting
  • Microsoft Windows Server 2016 Computer Consultancy Services Computer Network Specialists Windows Server 2016

  • scom 2016 proxy server IT Consultant
    microsoft scom 2016 Remote Support Services

    System Center 2016 Operations Manager (SCOM 2016) is designed to ensure consistent performance and maximum uptime for key workloads by providing unified, cross-platform tracking of physical and virtual infrastructure deployed across on-premises systems and private and public clouds. Progent's consulting group can provide advanced online and onsite expertise to help businesses of all sizes to design, implement, tune, enhance and troubleshoot Operations Manager 2016 deployments. Progent can help your company to migrate to Operations Manager 2016 from earlier versions of Operations Manager or from different monitoring platforms, or combine a variety of monitoring tools into a unified IT management solution. Progent can also help you extend your SCOM 2016 scope to include resources hosted on public clouds such as Microsoft Azure and Amazon AWS.

  • Microsoft and Cisco Authorized Expert Migration Support Tucson, Arizona Microsoft Certified Tucson Repair Installation
  • Modesto At Home Workers Cloud Integration Systems Consulting Modesto Work at Home Employees Modesto Consulting and Support Services - Cloud Technology Assistance Waterford, Newman, Hughson CA

  • Exchange Server 2010 Migration Specialists
    Exchange Server Migration Consultant Services

    Progent's Microsoft and Cisco-certified network engineers can assist you to assess the benefits of Exchange 2010 for your business and can assist your IT staff to design and carry out an efficient upgrade to Microsoft Exchange Server 2010 from Exchange Server 2003 or Microsoft Exchange 2007 that will offer fast ROI by improving your workers' efficiency, lowering the expense of equipment and support, streamlining management, and integrating your key communications technologies.

  • Offsite Workforce Consulting Services near me in Houston - Management Solutions Consulting Telecommuters Houston Expertise - Management Tools Assistance Houston, Harris County

  • Operations Manager Professionals
    System Center MOM Consultant

    Mid-sized companies can get all the advantages of System Center Operations Manager 2007 and have fast availability of Progentís Microsoft and Cisco Certified network consulting experts. With Progent's affordably priced network service packages, mid-size businesses can choose a simple co-sourcing service program based on Microsoft Operations Manager 2007 with network monitoring, automated alerts, comprehensive system analysis, Help Desk support, and remote troubleshooting. For businesses with mission-critical environments who need non-stop networking, Progent can provide a comprehensive 24x7 outsourcing package. Progent supports Operations Manager 2007 to offer mid-size business networks enterprise-class reliability, security and performance.

  • Offsite Workforce Expertise in San Rafael - Backup/Recovery Solutions Consultants Ross, Tiburon CA Remote Workers Consulting and Support Services near me in San Rafael - Backup/Restore Technology Consulting Experts
  • Offsite Workforce Expertise nearby Lower Manhattan - IP Voice Technology Guidance Downtown Manhattan, America Work from Home Employees Lower Manhattan Guidance - IP Voice Systems Consultants NYC-Downtown, NY
  • Offsite Workforce Guidance near me in Brooklyn - Backup Solutions Guidance Brooklyn Brooklyn Remote Workforce Data Protection Technology Consulting and Support Services Brooklyn
  • Oklahoma City Oklahoma SharePoint 2013 Online Technical Support SharePoint Server 2010 Computer Consultant Oklahoma City Shawnee, USA
  • On-site Technical Support Clustered Windows Clustered Windows Professionals
  • Operations Manager Support and Integration Microsoft Operations Manager Remote Technical Support
  • Questions about Computer Consultants Remote Support Job Emergency Q and A about Telecommuting Cisco Consulting Job
  • Remote Workforce Sandy Springs Guidance - Management Tools Consulting Services Sandy Springs Sandy Springs, U.S.A. At Home Workforce Assistance in Sandy Springs - Endpoint Management Systems Consulting
  • Shelby County Tennessee Windows Server 2016 Remote Technical Support Windows 2008 Server Service Providers

  • Azure migration Design Firms
    Services Microsoft Azure hybrid cloud solutions

    Progent can assist you with every aspect of Microsoft Azure migration including needs definition, readiness evaluation, solution architecture, pre-production testing, deployment, centralized management, performance optimization, software license controls, disaster recovery preparedness, security planning, and regulatory compliance assessment. Progent can assist you to set up and troubleshoot firewalls and VPN connections so your users can securely access to Azure-based services, and Progent's Microsoft-certified consultants can assist you integrate key Microsoft technologies to run in Azure including Windows Server, Exchange, SQL Server and SharePoint. Progent can also assist your organization to create a hybrid cloud environment that transparently integrates on-premises datacenters with Azure resources.

  • Small Business Outsourcing Cisco Miami Beach Cisco IT Specialists Miami Beach, Florida
  • Support Microsoft SharePoint Server 2010 Adelaide Adelaide Microsoft SharePoint 2010 Network Engineer
  • Technology Consultants Gilroy Gilroy Security Consulting
  • Telecommuter Job Microsoft MCDBA Consulting Rohnert Park, CA Careers Microsoft Support Rohnert Park, CA
  • Teleworkers Consulting near Washington - IP Voice Technology Consultants Remote Workforce Guidance near me in Washington - VoIP Technology Consulting and Support Services Ronald Reagan Washington Airport DCA
  • Teleworkers Portland Expertise - Integration Guidance Portland - Vancouver, United States Remote Workforce Portland Guidance - Setup Consulting Services Portland - Beaverton
  • Temporary IT Staffing for IT Support Teams Supplemetary IT Staffing for Computer Support Teams Las Vegas, NV

  • Azure and SharePoint integration Professional
    After Hours Consultant Azure and Cisco AnyConnect

    Progent's consultants can help you with every aspect of Azure cloud migration including requirements definition, readiness evaluation, solution design, pre-production testing, implementation, automated management, performance tuning, software license management, disaster recovery strategies, security planning, and regulatory compliance validation. Progent can help your IT staff to set up and troubleshoot firewalls and VPN connections so that your clients can securely access to Azure-based resources, and Progent's Microsoft-certified consultants can assist you set up critical Microsoft platforms to run in Azure including Windows Server, Exchange Server, SQL Server and SharePoint. Progent can also help you to set up a hybrid cloud ecosystem that seamlessly integrates physical datacenters with Azure resources.

  • The Woodlands Remote Workers Collaboration Systems Assistance The Woodlands, Texas The Woodlands Telecommuters Collaboration Solutions Assistance Montgomery County, US
  • Top MS Windows Essential Business Server Support MCSE Expert Certified Consultants MS Windows SBS 2008

  • Dynamics GP VBA Consultancy
    Dynamics GP Customization Consultants

    Progent's expert application designers and software developers can help your company to build customizations to Microsoft Dynamics GP/Great Plains that address the unique needs of your business while retaining the benefits of Windows integration and connectivity. Progent can also offer expertise with a variety of software development technologies that can be used to create user-interface and data integrations with Microsoft Dynamics GP. These tools include Microsoft Dexterity, Modifier, Visual Studio for Microsoft Dynamics GP, Continuum, eConnect, Web Services for Microsoft Dynamics GP, and Integration Manager.

  • Yonkers Remote Workers Collaboration Solutions Expertise Yonkers New York, USA Work at Home Employees Yonkers Guidance - Collaboration Systems Expertise

  • © 2002-2021 Progent Corporation. All rights reserved.