Ransomware : Your Feared IT Catastrophe
Ransomware  Remediation ProfessionalsCrypto-Ransomware has become a too-frequent cyber pandemic that poses an extinction-level threat for organizations poorly prepared for an attack. Versions of ransomware like the CryptoLocker, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been around for many years and continue to cause havoc. Newer versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus additional as yet unnamed newcomers, not only encrypt on-line files but also infiltrate any configured system backups. Data synchronized to off-site disaster recovery sites can also be rendered useless. In a vulnerable data protection solution, this can make any recovery useless and basically sets the network back to zero.

Getting back programs and data after a ransomware intrusion becomes a sprint against the clock as the targeted organization struggles to stop lateral movement and cleanup the ransomware and to restore business-critical activity. Because ransomware requires time to move laterally, penetrations are usually sprung at night, when successful attacks are likely to take longer to recognize. This multiplies the difficulty of promptly assembling and coordinating a qualified response team.

Progent provides a variety of solutions for securing businesses from ransomware events. These include staff education to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, plus installation of the latest generation security appliances with machine learning capabilities to automatically identify and disable zero-day threats. Progent also can provide the services of expert ransomware recovery consultants with the talent and perseverance to restore a compromised network as soon as possible.

Progent's Crypto-Ransomware Recovery Help
Soon after a crypto-ransomware penetration, paying the ransom demands in Bitcoin cryptocurrency does not provide any assurance that merciless criminals will return the keys to decrypt any of your data. Kaspersky Labs determined that seventeen percent of ransomware victims never restored their data even after having sent off the ransom, resulting in increased losses. The risk is also very costly. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the average crypto-ransomware demands, which ZDNET determined to be around $13,000 for smaller organizations. The fallback is to piece back together the key elements of your IT environment. Without access to full information backups, this requires a wide range of skills, professional team management, and the capability to work 24x7 until the recovery project is done.

For two decades, Progent has provided expert Information Technology services for businesses across the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have been awarded high-level industry certifications in important technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security consultants have garnered internationally-recognized industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent also has experience with financial management and ERP applications. This breadth of experience affords Progent the skills to quickly determine important systems and organize the remaining parts of your Information Technology system after a crypto-ransomware penetration and assemble them into an operational system.

Progent's security team of experts has powerful project management systems to orchestrate the complicated restoration process. Progent knows the urgency of working swiftly and in concert with a client's management and Information Technology team members to assign priority to tasks and to get critical systems back on-line as soon as possible.

Business Case Study: A Successful Ransomware Attack Response
A client escalated to Progent after their company was crashed by the Ryuk ransomware. Ryuk is believed to have been developed by North Korean government sponsored hackers, possibly adopting algorithms leaked from the United States National Security Agency. Ryuk attacks specific companies with limited tolerance for disruption and is one of the most profitable instances of crypto-ransomware. Headline organizations include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a regional manufacturing company based in Chicago and has about 500 staff members. The Ryuk event had frozen all business operations and manufacturing capabilities. The majority of the client's system backups had been online at the start of the intrusion and were destroyed. The client considered paying the ransom (more than $200K) and hoping for the best, but ultimately reached out to Progent.


"I can’t thank you enough about the care Progent gave us during the most critical time of (our) company’s survival. We may have had to pay the criminal gangs if not for the confidence the Progent group provided us. That you could get our e-mail system and production applications back quicker than one week was earth shattering. Every single consultant I talked with or messaged at Progent was totally committed on getting us operational and was working all day and night to bail us out."

Progent worked hand in hand the client to quickly identify and assign priority to the essential services that needed to be restored to make it possible to resume company operations:

  • Active Directory (AD)
  • Email
  • MRP System
To start, Progent adhered to Anti-virus incident response best practices by stopping lateral movement and removing active viruses. Progent then began the process of bringing back online Active Directory, the key technology of enterprise networks built on Microsoft Windows Server technology. Microsoft Exchange email will not function without AD, and the customer’s accounting and MRP system leveraged Microsoft SQL Server, which depends on Active Directory services for security authorization to the database.

In less than 48 hours, Progent was able to restore Windows Active Directory to its pre-penetration state. Progent then accomplished setup and storage recovery on critical servers. All Microsoft Exchange Server ties and configuration information were usable, which greatly helped the restore of Exchange. Progent was able to collect non-encrypted OST files (Microsoft Outlook Offline Data Files) on team PCs and laptops in order to recover mail data. A recent off-line backup of the client's accounting systems made it possible to recover these essential services back online for users. Although major work was left to recover fully from the Ryuk virus, critical systems were recovered rapidly:


"For the most part, the production operation showed little impact and we produced all customer deliverables."

Over the next few weeks key milestones in the restoration process were made through close collaboration between Progent consultants and the client:

  • Internal web sites were restored without losing any information.
  • The MailStore Server exceeding four million archived messages was brought online and available for users.
  • CRM/Customer Orders/Invoices/Accounts Payable (AP)/AR/Inventory functions were completely recovered.
  • A new Palo Alto Networks 850 firewall was set up and programmed.
  • Most of the user desktops and notebooks were fully operational.

"A huge amount of what happened that first week is mostly a fog for me, but my team will not soon forget the urgency all of you accomplished to give us our business back. I have utilized Progent for the past 10 years, possibly more, and each time Progent has come through and delivered as promised. This situation was a life saver."

Conclusion
A potential business-killing catastrophe was dodged by top-tier professionals, a wide range of knowledge, and close collaboration. Although in retrospect the ransomware virus incident detailed here would have been shut down with current security systems and ISO/IEC 27001 best practices, user and IT administrator education, and well designed security procedures for information backup and keeping systems up to date with security patches, the fact remains that state-sponsored cybercriminals from Russia, China and elsewhere are relentless and are not going away. If you do get hit by a crypto-ransomware penetration, remember that Progent's roster of professionals has a proven track record in ransomware virus blocking, cleanup, and file recovery.


"So, to Darrin, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others that were helping), I’m grateful for allowing me to get rested after we got past the most critical parts. Everyone did an fabulous job, and if anyone is visiting the Chicago area, a great meal is on me!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Services
For 24/7 crypto-ransomware repair consulting, contact Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24 Hour Crypto-Ransomware Recovery Help Montgomery, AL Crypto-Ransomware Repair Consultants
  • 24-7 Remote Workers Rochester Guidance - Cloud Integration Solutions Consulting and Support Services Rochester Emergency Remote Workers Consulting near me in Rochester - Cloud Integration Systems Assistance Rochester
  • 24-Hour Windows Server 2012 Consulting Service The Woodlands, Texas Windows Server 2012 Small Business Outsourcing Montgomery County
  • 24x7 Bakersfield At Home Workers Collaboration Solutions Consulting Bakersfield, US Offsite Workforce Expertise nearby Bakersfield - Collaboration Systems Consulting Services Bakersfield
  • Addison-Richardson, Texas Best Networking Organization Microsoft SQL Server 2017 Network Support Service SQL Server 2012 Addison, TX
  • After Hours Appleton Work from Home Employees Network Security Systems Expertise Appleton-Oshkosh, Wisconsin Appleton Teleworkers Network Security Solutions Consulting Appleton
  • Albuquerque CryptoLocker Cleanup Kirtland Air Force Base 24x7 Albuquerque Urgent Crypto-Ransomware Repair Experts Albuquerque New Mexico

  • SharePoint Designer 2013 Support Services
    IT Consultant SharePoint 2013 Community Sites

    Progent has been providing SharePoint consulting services since the first product was published over a a dozen years, and Progent has the scope of IT knowledge to help businesses of all sizes to design and implement a SharePoint Server 2013 deployment and create SharePoint Server 2013 apps that bring substantial business value to your information network. Progent's Microsoft-certified consultants can help you to evaluate the risks and benefits of upgrading to SharePoint Server or SharePoint Online from older versions of SharePoint or from a different collaboration solution; determine whether an in-house, Cloud-based or hybrid configuration is most sensible for your organization; and select the right edition of SharePoint 2013 for your purposes. Progent can provide comprehensive project management outsourcing or can help in individual jobs associated with your SharePoint 2013 migration.

  • Award Winning Consulting Expertise for Norfolk Network Service Firms Norfolk Virginia Norfolk Consulting Expertise for IT Service Companies Norfolk Virginia Beach
  • Barra da Tijuca Snatch Ransomware Settlement Guidance Biggest Barra da Tijuca DopplePaymer Crypto-Ransomware Settlement Negotiation Consultants Barra, RJ
  • BlackBerry Computer Tech Huntsville Alabama Huntsville, Limestone County BlackBerry Redirector Support Company
  • BlackBerry Enterprise Server Express Information Technology Consulting BlackBerry BES Server Express Engineers
  • BlackBerry Software Small Office Network Consultants Santos BlackBerry BES Server On-site and Remote Support Praia Grande, São Paulo
  • CISSP Security Consultancies Beverly Hills-West Hollywood, CA Intrusion Detection Firewall
  • Citrix XenApp Remote Technical Support MetaFrame IT Consulting
  • Consultancy Firm Exchange Server 2013 Denver Mile High City Denver Colorado Exchange 2003 Server Configuration Services

  • UNIX with Windows Specialist
    IT Consultant Windows, UNIX, Solaris

    Progent's UNIX platform support services provide small businesses and developers assistance with administering and maintaining UNIX, Linux or Solaris environments that coexist with Microsoft-based technology. Progent can give your organization access to UNIX experts, consulting professionals certified by Microsoft and Cisco, and security experts with CISM certification. This wide array of expertise provides you with a convenient one-stop source to show you how to build and maintain a protected and robust cross-platform network and communications environment that allows UNIX and Microsoft coexistence by combining Windows with major variants of UNIX such as Apple macOS and OS X, Solaris, IBM AIX, HP-UX, BSD, SCO and SGI/Irix or major Linux platforms including RedHat, SuSE, Mandrake, Debian-GNU and Slackware.

  • Spora ransomware recovery Engineer
  • Consulting Experts for Alexandria IT Service Organizations Alexandria, VA Consulting Expertise for Network Support Providers - Alexandria - Transparent Temporary Staff Expansion Northern Virginia

  • Live Communications Server 2007 Consultant Services
    Services Microsoft LCS Server

    Microsoft Office Communications Server provides Instant Messaging and Real Presence in a scalable, world-class solution offering enhanced protection, seamless integration with other Microsoft software, an extendable, industry-standard development environment, and compliance with regulatory requirements such as HIPAA, Sarbanes-Oxley, and GLB. Your organization can benefit from cost savings and elevated business efficiencies, enhanced individual productivity, and stronger IP security with this simple-to-administer, highly available solution. Effective deployments of Office Communications Server require careful planning and thought prior to roll out. Progent's Microsoft-certified professionals can provide the expertise needed to realize all the advantages of Office Communications Server across your entire organization.

  • Conti Ransomware Hot Line Winston-Salem Winston-Salem Ransomware Cryptoworm Recovery
  • El Paso County Colorado Work from Home Employees Expertise - Colorado Springs - Integration Consulting At Home Workers Consulting Services nearby Colorado Springs - Infrastructure Consulting Services
  • Fargo Hermes Ransomware Forensics Fargo-Bismarck Fargo Avaddon Ransomware Forensics Fargo
  • Phobos ransomware recovery Consultancy
  • Fedora Linux, Sun Solaris, UNIX Technical Consultant Tucson, United States Debian Linux, Sun Solaris, UNIX Technology Consulting Services Tucson International Airport TUS
  • Freelance Cisco CCIE Contractor Job Opening Contract MRP Consultants Job
  • Grand Rapids, MI Integration Group Technical Support Firm Grand Rapids
  • Guarulhos Crypto-Ransomware Cleanup Guarulhos Guarulhos Netwalker Ransomware System-Rebuild Tatuapé, Guarulhos
  • Huntington Beach Remote Workforce IP Voice Technology Consulting Experts Huntington Beach, Orange County At Home Workers Consulting Experts near Huntington Beach - VoIP Solutions Consulting and Support Services Huntington Beach California
  • Juniper SRX Firewall Security Services Juniper SRX Firewall Security Auditor
  • Las Vegas Lockbit Ransomware Forensics Investigation Las Vegas, Clark County Las Vegas, Clark County Las Vegas Ryuk Crypto-Ransomware Forensics Analysis
  • Leeds Netwalker Ransomware System-Restoration Leeds, West Yorkshire Ryuk Online Crypto-Ransomware Business Recovery Services Leeds Leeds, West Yorkshire
  • Lima Crypto-Ransomware Mitigation Miraflores District Immediate Lima Conti Ransomware Operational-Recovery
  • Miami Beach Remote Workforce Backup Systems Expertise Miami Beach Florida, United States Work at Home Employees Miami Beach Guidance - Backup/Recovery Technology Assistance Miami Beach Florida
  • Microsoft Exchange Security Consultants McAllen, US Emergency Phone Support Troubleshooting
  • 24-Hour ransomware cryptoworm recovery Specialists
  • Microsoft SharePoint Server 2013 Help and Support Lehigh County Pennsylvania, America Computer Consultant SharePoint Allentown Pennsylvania, United States
  • Microsoft SharePoint Server 2013 Technical Support Hartford Manchester Southington New Britain Microsoft SharePoint Server 2013 Professionals Hartford
  • Microsoft Virtual Server Administration Consultants Consultant Services Microsoft Virtual Machines
  • Minneapolis Hermes Crypto-Ransomware Repair Minneapolis Minneapolis Minneapolis Conti Ransomware Data-Recovery

  • Comprehensive Event Management Network Consultants
    Remote Monitoring and Reporting Technology Consulting

    Remote 24x7 network monitoring, proactive alarms, and periodic reports are crucial to maintaining the health of your network and avoiding preventable and costly disruptions. Remote Monitoring and Management (RMM) technology has advanced to the point that businesses of any size can afford a level of protection that was previously limited to enterprises. Progent can provide a variety Remote Monitoring and Management options delivered as economical service packages created to help you to identify and resolve a most IT network problems before they get big enough to disrupt productivity.

  • Mobile, AL Dynamics GP Mobile Premier Partner - Installation Consulting Port of Mobile, Alabama Mobile MS Dynamics GP-Great Plains Training Experts
  • Network Security Consulting Windows 2019 Server Manhattan Beach-Inglewood, California Configure Windows 2008 Server Manhattan Beach-Torrance
  • New Haven Connecticut Remote Teleworkers Consulting Services in New Haven - Support Consulting Services 24x7 Remote Workers Assistance near me in New Haven - Integration Solutions Consulting Experts New Haven County Connecticut

  • Consultant Virtual Application Delivery
    Citrix XenApp Consultant

    Progent's Citrix-certified consultants can help your business to plan, install, administer, and troubleshoot a virtual application delivery and management system built on XenApp. Progent's Cisco CCIE network consultants can show you how to optimize your infrastructure for delivering server-side and client-side applications, and Progent's datacenter management and support experts can assist your organization to manage and maintain an off-site datacenter that features high availability, advanced security, and fast disaster recovery.

  • Offsite Managed Data Backup/Recovery Services Help and Support Remote Data Backup and Restore Services Specialists
  • Omaha Critical Crypto-Ransomware Cleanup Omaha Emergency Omaha CryptoLocker Cleanup
  • Open Now Microsoft MCSA Consultant Career Opportunities Modesto Stanislaus County Microsoft MCA Consulting Subcontractor Job Waterford, Newman, Hughson CA
  • Panama City Remote Workers Endpoint Management Solutions Consultants Panama City Remote Workers Management Tools Assistance Panamá
  • Porto Alegre Work from Home Employees Integration Solutions Consulting Porto Alegre, Rio Grande do Sul Remote Work from Home Employees Porto Alegre Assistance - Integration Guidance
  • Progent's Management Online Support Progent Management Computer Networking
  • Recife Exchange 2003 Server Tech Support Outsource Recife, Pernambuco Exchange Server 2013 Small Business IT Consulting Group
  • Red Hat Linux, Solaris, UNIX Support and Setup Manhattan Beach, California Suse Linux, Solaris, UNIX Online Support Services Manhattan Beach-Redondo Beach, United States
  • Remote Workers Consulting Experts in San Diego - Management Solutions Consulting Experts San Diego - La Jolla San Diego Offsite Workforce Endpoint Management Solutions Expertise San Diego - La Jolla, USA

  • Services Microsoft Small Business Server
    Network Engineer Microsoft SBS 2008

    Microsoft Small Business Server is a low-cost suite of server products that provides the foundation for a powerful but easy-to-manage information. The technical sophistication of the Microsoft .NET products bundled with Microsoft Small Business Server requires a network support expert with hands-on experience planning and building cohesive, comprehensive business technology environments. Progent's Microsoft SBS Server consultants have an average of more than 10 years of experience supporting business networks founded on Microsoft technology. This experience assures you success in installing, managing, and repairing network environments that include the Microsoft SBS Server package of servers and applications.

  • 24/7 ransomware cryptoworm recovery Specialists
  • Riverside Telecommuters Call Desk Augmentation Assistance Riverside - Chino, America Telecommuters Consulting Experts in Riverside - Help Desk Augmentation Consulting and Support Services Riverside

  • 64-bit Upgrade Support
    64-bit Processing Consulting Services

    Progent's Microsoft-certified consultants can help you design, document, carry out, manage, and repair a system-wide move to 64-bit server and desktop operating systems and business applications. Progent can help you test your 64-bit infrastructure to verify that it handles all of the key 32-bit programs which you want to retain plus the new 64-bit versions of applications you plan to run.

  • DopplePaymer ransomware recovery Consulting Services
  • Roseville Snatch Ransomware Removal Roseville, America Roseville MongoLock Ransomware Repair
  • Saddle Brook IT Staff Temps Support Saddle Brook, NJ Top Ranked Short-Term Staffing Services Consultants Saddle Brook-Bergen County
  • 24 Hour Sodinokibi ransomware recovery Technology Professional
  • Salem At Home Workforce Cloud Technology Consulting Salem, Marion County Offsite Workforce Consulting and Support Services near Salem - Cloud Systems Consulting Services Salem
  • Suse Linux, Sun Solaris, UNIX IT Consultants New Haven, CT Gentoo Linux, Sun Solaris, UNIX Online Technical Support New Haven
  • Telecommuters Chesapeake Consultants - Network Security Systems Guidance South Hampton Roads Offsite Workforce Chesapeake Consulting and Support Services - Cybersecurity Systems Consulting Experts Chesapeake, VA
  • Toledo Spora Crypto-Ransomware Negotiation Experts Toledo, Lucas County Toledo Hermes Ransomware Negotiation Support Toledo
  • Vitoria, State of Espírito Santo At Home Workforce Consulting Experts near Vitória - Video Conferencing Systems Consulting Experts Telecommuters Guidance near me in Vitória - Conferencing Solutions Consultants Vitoria, State of Espírito Santo
  • Walnut Creek Conti Ransomware Forensics Investigation Walnut Creek Walnut Creek Walnut Creek Spora Crypto-Ransomware Forensics Analysis
  • Wi-Fi controllers patch management Technology Professional Open Now Endpoint patch management Consult
  • Work at Home Employees Consulting Experts - Fremont - Call Desk Solutions Assistance Milpitas Fremont At Home Workers Call Desk Solutions Assistance Fremont California

  • Microsoft Azure hybrid cloud solutions Professional
    Programming Companies Azure cloud integration

    Progent can help you with every stage of Azure cloud migration including needs definition, readiness assessment, system design, pre-production testing, implementation, centralized management, performance optimization, license management, disaster recovery preparedness, security policy enforcement, and compliance validation. Progent can assist your IT staff to set up and troubleshoot firewall appliances and VPN tunnels so your users can securely access to Azure services, and Progent's Microsoft-certified consulting experts can help you integrate key Microsoft technologies to run in Azure including Windows Server, Exchange, SQL Server and SharePoint. Progent can also assist your organization to set up a hybrid cloud ecosystem that seamlessly integrates physical datacenters with Azure-based resources.

  • Work from Home Employees Assistance near Charleston - IP Voice Solutions Guidance Charleston South Carolina Remote Workers Expertise - Charleston - VoIP Technology Expertise

  • © 2002-2022 Progent Corporation. All rights reserved.