Crypto-Ransomware : Your Crippling Information Technology Catastrophe
Crypto-Ransomware  Remediation ConsultantsRansomware has become an escalating cyberplague that represents an enterprise-level threat for businesses of all sizes unprepared for an assault. Multiple generations of ransomware such as Reveton, WannaCry, Bad Rabbit, Syskey and MongoLock cryptoworms have been circulating for a long time and still cause destruction. Newer versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit and Egregor, as well as frequent unnamed newcomers, not only do encryption of on-line files but also infiltrate most available system protection mechanisms. Files synchronized to the cloud can also be encrypted. In a poorly architected system, it can make automated restore operations useless and basically knocks the datacenter back to square one.

Recovering applications and information after a crypto-ransomware event becomes a race against time as the targeted organization struggles to stop lateral movement and remove the ransomware and to resume mission-critical operations. Due to the fact that crypto-ransomware needs time to move laterally, assaults are usually sprung during weekends and nights, when successful penetrations are likely to take longer to identify. This multiplies the difficulty of promptly marshalling and orchestrating an experienced response team.

Progent offers a variety of solutions for protecting enterprises from crypto-ransomware penetrations. Among these are team education to help recognize and not fall victim to phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, plus installation of modern security gateways with SentinelOne's artificial intelligence capabilities to identify and quarantine day-zero threats automatically. Progent in addition can provide the services of experienced crypto-ransomware recovery consultants with the talent and commitment to re-deploy a compromised environment as urgently as possible.

Progent's Crypto-Ransomware Recovery Services
Subsequent to a crypto-ransomware event, paying the ransom in cryptocurrency does not provide any assurance that criminal gangs will return the codes to decipher any of your data. Kaspersky ascertained that 17% of ransomware victims never recovered their data after having sent off the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms frequently range from 15-40 BTC ($120,000 and $400,000). This is well above the average crypto-ransomware demands, which ZDNET determined to be approximately $13,000 for smaller organizations. The other path is to piece back together the critical parts of your IT environment. Absent the availability of essential information backups, this calls for a wide complement of skills, professional team management, and the ability to work non-stop until the job is finished.

For two decades, Progent has made available certified expert Information Technology services for businesses across the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have been awarded high-level certifications in important technologies such as Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have garnered internationally-renowned industry certifications including CISM, CISSP, CRISC, and SANS GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise provides Progent the skills to knowledgably ascertain necessary systems and consolidate the surviving components of your network environment following a ransomware attack and rebuild them into an operational network.

Progent's ransomware team of experts deploys state-of-the-art project management systems to coordinate the sophisticated restoration process. Progent understands the importance of working rapidly and together with a customer's management and Information Technology resources to assign priority to tasks and to get key systems back on line as fast as possible.

Client Case Study: A Successful Ransomware Incident Recovery
A client engaged Progent after their network system was brought down by Ryuk ransomware. Ryuk is thought to have been developed by North Korean state hackers, suspected of using approaches exposed from the U.S. National Security Agency. Ryuk goes after specific businesses with little or no room for disruption and is one of the most lucrative examples of ransomware viruses. Well Known organizations include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a single-location manufacturer located in Chicago with about 500 workers. The Ryuk penetration had paralyzed all essential operations and manufacturing processes. Most of the client's system backups had been online at the time of the intrusion and were eventually encrypted. The client was actively seeking loans for paying the ransom demand (exceeding $200K) and wishfully thinking for the best, but ultimately utilized Progent.


"I cannot tell you enough in regards to the support Progent gave us during the most stressful period of (our) company's existence. We had little choice but to pay the cyber criminals behind the attack if not for the confidence the Progent experts provided us. That you could get our e-mail system and critical servers back on-line quicker than seven days was something I thought impossible. Every single expert I worked with or messaged at Progent was totally committed on getting us back online and was working day and night to bail us out."

Progent worked together with the client to rapidly understand and prioritize the key applications that had to be restored in order to resume departmental operations:

  • Active Directory
  • Microsoft Exchange Server
  • Accounting/MRP
To begin, Progent adhered to AV/Malware Processes incident mitigation industry best practices by stopping lateral movement and cleaning up infected systems. Progent then started the work of restoring Active Directory, the key technology of enterprise environments built on Microsoft Windows technology. Exchange messaging will not work without Windows AD, and the client's MRP applications used SQL Server, which requires Active Directory for access to the information.

In less than 48 hours, Progent was able to re-build Active Directory services to its pre-penetration state. Progent then initiated reinstallations and storage recovery on mission critical applications. All Exchange data and configuration information were usable, which accelerated the rebuild of Exchange. Progent was able to find non-encrypted OST data files (Outlook Offline Data Files) on staff desktop computers and laptops to recover mail messages. A not too old offline backup of the customer's accounting/MRP systems made them able to restore these vital services back on-line. Although a lot of work remained to recover fully from the Ryuk attack, critical systems were restored rapidly:


"For the most part, the assembly line operation was never shut down and we made all customer shipments."

Over the next few weeks key milestones in the restoration project were accomplished through tight collaboration between Progent consultants and the customer:

  • Internal web sites were returned to operation without losing any information.
  • The MailStore Exchange Server with over four million archived emails was brought on-line and available for users.
  • CRM/Product Ordering/Invoices/Accounts Payable (AP)/Accounts Receivables/Inventory Control functions were completely recovered.
  • A new Palo Alto Networks 850 security appliance was brought online.
  • Ninety percent of the desktops and laptops were fully operational.

"So much of what happened in the initial days is mostly a haze for me, but we will not forget the countless hours each of the team accomplished to give us our company back. I've trusted Progent for the past ten years, possibly more, and each time I needed help Progent has impressed me and delivered as promised. This time was no exception but maybe more Herculean."

Conclusion
A potential business-killing catastrophe was averted by top-tier experts, a broad range of IT skills, and close collaboration. Although upon completion of forensics the ransomware virus incident detailed here should have been shut down with up-to-date cyber security technology and NIST Cybersecurity Framework best practices, user and IT administrator education, and well thought out security procedures for backup and keeping systems up to date with security patches, the fact is that state-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a ransomware penetration, remember that Progent's team of experts has a proven track record in ransomware virus blocking, remediation, and data recovery.


"So, to Darrin, Matt, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others that were contributing), I'm grateful for allowing me to get some sleep after we made it through the initial fire. All of you did an amazing effort, and if anyone that helped is around the Chicago area, dinner is the least I can do!"

Download the Crypto-Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer story, please click:
Progent's Ryuk Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Crypto-Ransomware Recovery Expertise
For 24-Hour ransomware repair services, contact Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24 Hour Teleworkers Carlsbad Consulting Experts - Call Desk Augmentation Guidance Carlsbad-Temecula, California Carlsbad Work from Home Employees Help Desk Call Center Solutions Consulting Carlsbad-Solana Beach, California
  • 24 Hour Work at Home Employees Ipanema Consulting Experts - IP Voice Technology Assistance Botafogo, Ipanema 24/7 Ipanema Work from Home Employees VoIP Systems Consulting Services Rio de Janeiro

  • Support and Help Cisco Firepower 4100 Series Firewalls
    Remote Support Services Cisco Firepower Configuration

    The current ASA 5500-X Family Next-Generation Firewalls with Firepower Services provide significantly more bang for the buck than Cisco's earlier PIX and ASA 5500 firewalls and have superseded the ASA 5500 and PIX firewalls for new installations. Progent's Cisco-certified CCIE network experts can help your company to manage your current PIX or Cisco ASA 5500 firewalls and migrate efficiently to Cisco ASA 5500-X firewalls with Firepower Services. Progent can also assist your organization to plan, deploy, tune, manage and debug firewall environments based around Cisco ASA 5500-X firewalls with Firepower Services.

  • 24-Hour Edison-Trenton Migration Firm Small Business IT Outsourcing Group Edison

  • CISSP Certified Cybersecurity Architect Specialists
    CISSP-ISSAP Cybersecurity Consultant

    Progent's CISSP-certified network security consultants can assist businesses of all sizes with any facet of IT security. Progent can help implement efficient security systems that protect a small business against modern threats or Progent can design, configure, and manage an end-to-end security strategy for hybrid networks that support onsite, remote, and mobile users accessing IT resources spread across a mix of physical datacenters and various clouds.

  • Akron Work at Home Employees Data Protection Technology Consultants Akron At Home Workforce Consulting in Akron - Backup/Recovery Technology Consulting Akron, America

  • 24-7 MOM 2000 Case Study
    MOM Case Studies

    Before Progentís MOM-based solution, network issues were approached reactively, after users were impacted by them. With the help of proactive, automated alerts and trend reports sent by Microsoft Operations Manager, Progent is now able to fix server troubles before they becomes serious enough to disrupt network availability. Thanks to Microsoft Operations Manager, Progent can deal with potential problems before clients are aware that the problems exist. Progent has expertise with MOM 2005 and Microsoft Operations Manager 2000 to provide small company networks enterprise-class service continuity, security and productivity.

  • At Home Workers Consulting Services nearby Fort Worth - Endpoint Security Systems Guidance Dallas Fort Worth Arlington Telecommuters Assistance near Fort Worth - Network Security Systems Assistance Fort Worth, TX
  • At Home Workers Lawrence Consulting Experts - Integration Solutions Consulting Lawrence-Hillsborough County, Massachusetts Lawrence, United States Lawrence Telecommuters Integration Solutions Consulting and Support Services
  • Beverly Hills Offsite Workforce Help Desk Call Center Augmentation Assistance Beverly Hills California 24 Hour Teleworkers Beverly Hills Consulting Experts - Help Desk Call Center Augmentation Assistance Beverly Hills California
  • Charlotte Remote Workforce IP Voice Systems Consulting Experts Charlotte, Mecklenburg County, United States Charlotte Work from Home Employees VoIP Technology Assistance Charlotte
  • Cisco Small Office Network Consulting Lawrence-Essex County, MA Implementation Consulting Companies Cisco Lawrence-Hillsborough County, Massachusetts
  • Cisco Support services Cheyenne, WY Cisco Computer Consultancy Group Wyoming
  • Cleveland Hermes Crypto-Ransomware Forensics Cleveland, OH, United States Cleveland Ryuk Ransomware Forensics Analysis Cleveland Ohio, America
  • Computer Consulting Ekahau Wi-Fi Planning Remote Ekahau Predictive Wi-Fi Site Modeling Support Services
  • Contractor Job Cisco CCNP Network Engineer Motor City, United States Detroit Microsoft MCTS Support Work At Home Job
  • Engineers Dynamics GP Upgrade Planning Dynamics GP Migration Technology Professional
  • Exchange Server 2013 Computer Services Vitoria, ES Small Business Computer Consulting Company Exchange 2016 Vitoria
  • Fresno Crypto-Ransomware Hermes Preparedness Assessment Fresno Fresno Ransomware Readiness Testing Fresno Madera

  • Biggest Voice Over IP Phones Computer Consultants
    Support Services Cisco VoIP Phones and Unified Messaging

    Progent's Cisco CCIE-certified VoIP phone and video IP phone experts can assist you to configure, manage, and debug Cisco VoIP phones, desktop video IP phones and wireless IP handsets. Progent can provide expertise for all models of Cisco's IP phones from discontinued Voice over IP devices to the newest media phones. Progent's IP telephony experts can also assist you to integrate your VoIP phones and video IP phones with Cisco Unified Communications Manager, originally known as CallManager, or with Cisco Unified CM Express (CME) to build a an advanced IP-PBX ecosystem for unified messaging and company-wide collaboration. Progent can also assist you to configure Cisco Unified CM apps such as Cisco Unified CM IM and Presence Service with Jabber support, Cisco Unity Express (CUE) for voicemail, Cisco Unified Mobility for Single Number Reach, and Unified Contact Center Enterprise (UCCE) for building an advanced customer contact solution. Progent's consultants can provide expertise with all aspects of Cisco VoIP Phone integration including designing dial plans, configuring SIP gateways, deploying ISR G2 routers with CUBE internetworking support, and designing Cisco UCS server clustering and Cisco Survivable Remote Site Telephony (SRST) solutions for high availability.

  • Gilroy CA Morgan Hill Telecommuters Collaboration Solutions Consulting Services Morgan Hill Teleworkers Collaboration Technology Consulting Experts Morgan Hill California
  • IT Consultants Non-stop Clustered Servers Microsoft Windows Cluster Remote Consulting
  • Immediate Chattanooga Ransomware Remediation Chattanooga, TN Emergency Chattanooga Crypto Recovery
  • Immediate Microsoft Exchange Online Support Services Pasadena, Los Angeles County Exchange Computer Expert Pasadena California
  • Immediate Remote Workforce Assistance in Manhattan Beach - Voice/Video Conferencing Technology Assistance Manhattan Beach-Hawthorne Work at Home Employees Manhattan Beach Consulting Services - Conferencing Solutions Consulting
  • Kane County Illinois, USA Aurora Remote Workforce IP Voice Systems Consulting Experts Aurora Remote Workers Aurora Consulting Services - VoIP Technology Consulting Services
  • Los Angeles Technical Services Los Angeles Consulting Services Firm
  • Lower Manhattan Netwalker Crypto-Ransomware Mitigation NYC-Downtown, NY NYC-Tribeca, NY Lower Manhattan Sodinokibi Crypto-Ransomware System-Rebuild
  • MS Dynamics GP Miami Vender - Implementation Development Downtown Miami, US Miami Dynamics GP Upgrades Consultants Coconut Grove

  • Microsoft System Center Operations Manager Computer Engineer
    Microsoft Operations Manager Integration

    Small to mid-sized companies can now get all the benefits of System Center Operations Manager and also have quick access to Progentís Microsoft and Cisco certified network consulting experts. With Progent's affordably priced IT service packages, mid-size organizations can choose a basic co-sourcing service program built around Operations Manager 2007 with server monitoring, reporting, Help Desk and online service or a complete 24x7 outsourcing solution. Progent offers expertise in Microsoft System Center Operations Manager to offer small and midsize business information systems enterprise-class availability, security and productivity.

  • Mesa Arizona, U.S.A. Windows Server 2016 Network Consulting Services Windows Server 2016 Computer Support For Small Offices Mesa, Maricopa County, U.S.A.
  • Minnetonka, Minnesota Technology Consulting 24x7 Minnetonka-Plymouth Help Center
  • Network Consulting Full-Time Job Antioch CA Pittsburgh California Microsoft Engineer Telecommuter Jobs
  • New Orleans Crypto-Ransomware Settlement Negotiation Consulting New Orleans New Orleans Phobos Ransomware Negotiation Expertise New Orleans, LA, U.S.A.
  • New Orleans Microsoft Dynamics GP-Great Plains Customization Support Services New Orleans MS Dynamics GP (Great Plains) New Orleans Solution Provider - Database Programming and Support New Orleans Louisiana, United States

  • Top Windows 2000 Server Specialists
    Microsoft Windows 2000 Remote Technical Support

    Progent's Microsoft-certified Windows Server 2000 consultants can provide computer help and information technology consulting services for the entire family of Microsoft .NET Servers, Windows 2000 Server, and Windows Server 2003. Progent's Microsoft Windows 2000 Server integration, optimization, and support offerings include network planning, installation, project management, local and off-site support, Help Desk outsourcing, professional security analysis, turn-key outsourcing, and cost-effective co-sourcing.

  • Offsite Workforce Fargo Consulting Services - Backup Systems Consulting Experts Work from Home Employees Fargo Assistance - Backup/Recovery Technology Assistance
  • Online Cisco Certified CCIE Networking Firm Calgary Cisco Planning Small Office Network Consultants Calgary
  • ransomware business recovery Professionals
  • Pittsburgh, PA MongoLock Ransomware Hot Line Pittsburgh Pennsylvania Sodinokibi Ransomware Hot Line

  • Largest Specialists Live Communications Server
    Live Communications Server Outsourcing

    Microsoft Office Communications Server provides Instant Messaging and Real Presence as part of an extensible, enterprise-grade package offering enhanced security, seamless compatibility with popular Microsoft software, an expandable, industry-standard development platform, and support for regulatory mandates such as HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley. Your enterprise can benefit from cost savings and elevated operational efficiencies, increased worker productivity, and better intellectual property security with this simple-to-administer, fault-tolerant IM platform. Successful implementations of Microsoft Office Communications Server require careful planning and thought before installation. Progent's Microsoft-authorized professionals can provide the expertise needed to realize all the advantages of Microsoft Office Communications Server across your whole organization.

  • ProSight Remote Network Management Consulting Services Online Support Managed IT Services Consulting
  • ProSight VM Hosting Professionals Services Private Cloud Virtual Datacenter Hosting
  • Quebec Telecommuters Ottawa Consulting Experts - Backup/Recovery Solutions Guidance At Home Workforce Ottawa Guidance - Data Protection Solutions Consulting Experts Ottawa, ON
  • Remote Exchange 2016 Outsourcing Services Portland, Multnomah County Exchange Server 2013 Networking Consultant Portland - Tualatin, United States
  • Remote Workforce Anchorage Consulting - Data Protection Solutions Consulting Anchorage, AK Telecommuters Anchorage Expertise - Backup/Restore Solutions Expertise Anchorage Alaska, United States
  • SCVMM 2012 Reporting Specialist SCVMM 2012 NVGRE Gateway IT Consultant
  • Sales Agent Program for IT Services On-site Support Network Support Resale Programs Computer Consulting
  • Hermes ransomware recovery Specialist
  • San Diego, CA Work at Home Employees San Diego UCSD Consulting Services - Network Security Systems Consulting Services At Home Workers Consulting Experts - San Diego UCSD - Cybersecurity Solutions Consulting and Support Services San Diego
  • San Mateo Expertise for Computer Support Providers San Mateo California San Carlos, CA, America San Mateo Consulting Experts for IT Service Providers
  • Santa Cruz Santa Cruz Spora Crypto-Ransomware Forensics Analysis Santa Cruz Dharma Crypto-Ransomware Forensics Analysis Watsonville CA
  • Santos NotPetya Ransomware Recovery Urgent Santos Ransomware Business Recovery Praia Grande, S„o Paulo
  • Scottsdale-Maricopa County Migration Consultant Scottsdale Information Systems Firms
  • Setup Cisco Oklahoma City Oklahoma, US Oklahoma County Cisco Outsourcing
  • Engineer ransomware cryptoworm recovery
  • Silver Lake Los Angeles At Home Workers Collaboration Technology Expertise Top Los Angeles At Home Workforce Collaboration Solutions Consulting Experts Los Angeles

  • Lync Server 2013 Back End Server Engineers
    Consulting Lync Server 2013 dial plans

    Microsoft Lync 2010 supports Instant Messaging, Real Presence, voice/video conferencing, desktop collaboration, and both IP-based and public switched telephone network voice communication. Lync Server 2010 can enhance the functionality of Microsoft Exchange, SharePoint and Office or Microsoft 365 and streamlines management via integration with Windows AD. Lync 2010 can also reduce capital and operational costs by eliminating Voice-over-IP equipment and subscription services, PBX gear, or conventional teleconferencing solutions. Progent's Microsoft-certified IM and Presence consultants offer remote and onsite support services to help your company to manage and troubleshoot your existing Lync Server 2010 environment or evaluate the benefits of migrating from Lync Server 2010 to Skype for Business, which is the new release of the product family. Progent can also assist you to design and carry out a smooth Skype for Business migration.

  • Solaris Computer Consultants Engineers UNIX
  • Spokane Remote Workforce Set up Consulting Services Spokane Inland Northwest Spokane Work at Home Employees Solutions Consulting Services Spokane Washington
  • Springfield DopplePaymer Ransomware System-Rebuild Springfield, MA 24x7x365 Springfield Phobos Ransomware System-Restore

  • ProSight Endpoint Protection Engineer
    Computer Virus Forensics IT Consulting

    Progent's ProSight Active Security Monitoring incorporates next generation behavior AI tools from SentinelOne to defend endpoint devices and servers and VMs against familiar and novel ransomware crypto-worms like Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit or Nephilim.

  • St Louis St. Louis Conti Crypto-Ransomware Remediation St. Louis Phobos Crypto-Ransomware Repair Lambert International Airport STL
  • Stockton Ransomware Mitigation Manteca, CA, USA Stockton Crypto-Ransomware Repair and File Recovery
  • Conti ransomware recovery Consultancy
  • Stockton-Tracy Network Security Consulting Stockton-Lathrop Network Support Companies
  • Support Services Exchange Server 2016 Upgrade Planning Top Quality On-site Support Microsoft Exchange 2016 Migration
  • Top Quality Small Business Outsourcing IT Shreveport, LA Installer Shreveport
  • Webster, TX Remote Workforce Expertise in Webster - Network Security Solutions Consultants Webster, TX Top Quality At Home Workforce Guidance near me in Webster - Network Security Solutions Consulting
  • Windows Server 2019 and SCOM Technology Consulting Services Configuration Windows Server 2019 Live Migration
  • Nephilim ransomware recovery Services
  • Wisconsin Network Design Consultant Microsoft and Cisco Authorized Expert Wisconsin IT Outsourcing
  • Work at Home Employees Assistance - Tampa - Backup/Recovery Technology Guidance Tampa Bay Emergency At Home Workers Expertise in Tampa - Backup/Restore Solutions Guidance Tampa, Hillsborough County

  • © 2002-2022 Progent Corporation. All rights reserved.