Ransomware : Your Feared Information Technology Nightmare
Crypto-Ransomware  Remediation ConsultantsCrypto-Ransomware has become an escalating cyber pandemic that poses an extinction-level danger for organizations unprepared for an attack. Different versions of ransomware such as CryptoLocker, Fusob, Locky, Syskey and MongoLock cryptoworms have been replicating for many years and still inflict damage. Modern versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, plus additional unnamed malware, not only encrypt online data files but also infiltrate most configured system protection mechanisms. Files synchronized to off-site disaster recovery sites can also be encrypted. In a poorly architected data protection solution, it can make any restoration hopeless and basically sets the entire system back to square one.

Getting back applications and information after a ransomware attack becomes a sprint against the clock as the victim fights to stop lateral movement and clear the virus and to restore mission-critical operations. Due to the fact that ransomware requires time to move laterally, assaults are frequently sprung at night, when penetrations may take longer to discover. This multiplies the difficulty of promptly mobilizing and organizing an experienced response team.

Progent has a range of help services for protecting enterprises from ransomware events. Among these are staff training to help recognize and not fall victim to phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's AI-based threat protection to identify and disable zero-day modern malware assaults. Progent in addition can provide the services of expert ransomware recovery engineers with the skills and perseverance to reconstruct a breached network as quickly as possible.

Progent's Crypto-Ransomware Restoration Help
Subsequent to a crypto-ransomware event, even paying the ransom in cryptocurrency does not ensure that merciless criminals will respond with the needed codes to decrypt all your files. Kaspersky Labs estimated that 17% of crypto-ransomware victims never recovered their files after having sent off the ransom, resulting in additional losses. The gamble is also expensive. Ryuk ransoms commonly range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the usual ransomware demands, which ZDNET determined to be in the range of $13,000 for smaller businesses. The fallback is to setup from scratch the critical components of your Information Technology environment. Without access to complete data backups, this calls for a wide complement of skills, well-coordinated project management, and the willingness to work non-stop until the recovery project is over.

For twenty years, Progent has provided expert Information Technology services for companies throughout the U.S. and has earned Microsoft's Gold Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes professionals who have earned high-level certifications in foundation technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have earned internationally-renowned certifications including CISM, CISSP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent in addition has expertise in accounting and ERP application software. This breadth of experience gives Progent the skills to rapidly ascertain critical systems and organize the surviving pieces of your Information Technology environment after a crypto-ransomware attack and assemble them into an operational network.

Progent's security team of experts utilizes top notch project management systems to coordinate the complicated restoration process. Progent understands the importance of working quickly and together with a customer's management and Information Technology team members to assign priority to tasks and to get critical systems back on-line as fast as possible.

Customer Story: A Successful Ransomware Incident Recovery
A client sought out Progent after their company was taken over by the Ryuk ransomware. Ryuk is believed to have been launched by North Korean state criminal gangs, possibly adopting strategies leaked from America's National Security Agency. Ryuk attacks specific companies with little room for disruption and is among the most lucrative versions of ransomware. High publicized targets include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturing business headquartered in the Chicago metro area with around 500 staff members. The Ryuk penetration had brought down all business operations and manufacturing capabilities. Most of the client's data backups had been directly accessible at the start of the intrusion and were destroyed. The client was actively seeking loans for paying the ransom demand (more than two hundred thousand dollars) and wishfully thinking for the best, but ultimately made the decision to use Progent.


"I can't thank you enough about the expertise Progent provided us during the most fearful time of (our) company's existence. We had little choice but to pay the cyber criminals if it wasn't for the confidence the Progent team afforded us. The fact that you were able to get our e-mail system and essential servers back into operation sooner than 1 week was amazing. Every single person I talked with or e-mailed at Progent was absolutely committed on getting our system up and was working at all hours on our behalf."

Progent worked hand in hand the customer to rapidly get our arms around and prioritize the most important services that needed to be addressed in order to continue company functions:

  • Windows Active Directory
  • E-Mail
  • Financials/MRP
To get going, Progent followed Anti-virus penetration mitigation industry best practices by halting lateral movement and cleaning up infected systems. Progent then started the task of rebuilding Microsoft AD, the foundation of enterprise systems built on Microsoft technology. Microsoft Exchange messaging will not function without AD, and the customer's MRP system utilized Microsoft SQL Server, which depends on Active Directory for access to the databases.

Within two days, Progent was able to rebuild Active Directory services to its pre-virus state. Progent then completed rebuilding and storage recovery on essential systems. All Microsoft Exchange Server ties and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to locate local OST files (Microsoft Outlook Offline Data Files) on user desktop computers in order to recover email messages. A recent offline backup of the customer's financials/MRP software made it possible to restore these required programs back online. Although a large amount of work was left to recover totally from the Ryuk attack, critical systems were returned to operations quickly:


"For the most part, the manufacturing operation was never shut down and we did not miss any customer deliverables."

During the following couple of weeks key milestones in the recovery process were accomplished through tight cooperation between Progent consultants and the customer:

  • In-house web sites were brought back up without losing any information.
  • The MailStore Server exceeding 4 million archived messages was restored to operations and available for users.
  • CRM/Product Ordering/Invoices/Accounts Payable/Accounts Receivables (AR)/Inventory Control functions were fully functional.
  • A new Palo Alto 850 security appliance was brought on-line.
  • Ninety percent of the desktops and laptops were being used by staff.

"A lot of what was accomplished those first few days is mostly a blur for me, but my management will not soon forget the dedication each of you put in to give us our company back. I have been working together with Progent for the past ten years, maybe more, and every time I needed help Progent has come through and delivered as promised. This time was a stunning achievement."

Conclusion
A likely business catastrophe was dodged with top-tier experts, a wide array of subject matter expertise, and tight teamwork. Although in hindsight the crypto-ransomware virus penetration detailed here should have been identified and disabled with advanced cyber security technology solutions and NIST Cybersecurity Framework best practices, team training, and well thought out security procedures for information backup and proper patching controls, the fact is that state-sponsored cybercriminals from Russia, North Korea and elsewhere are tireless and will continue. If you do fall victim to a crypto-ransomware virus, remember that Progent's roster of experts has substantial experience in ransomware virus blocking, cleanup, and information systems disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Chris (and any others who were helping), thank you for allowing me to get rested after we got over the initial push. Everyone did an incredible job, and if any of your team is in the Chicago area, a great meal is on me!"

Download the Ransomware Removal Case Study Datasheet
To review or download a PDF version of this case study, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Crypto-Ransomware Recovery Expertise
For 24x7x365 crypto-ransomware recovery expertise, reach out to Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24 Hour Walnut Creek Microsoft Dynamics GP-Great Plains Training Support Services Walnut Creek Walnut Creek MS Dynamics GP-Great Plains Upgrade Expert Walnut Creek, CA
  • 24-Hour Telecommuters Consulting Experts near me in Rochester - Network Security Solutions Consulting and Support Services Rochester Rochester At Home Workers Network Security Systems Consulting Services Rochester, NY
  • Conti ransomware recovery Services
  • 24/7/365 Microsoft Certified Partner Online Support Internet Security and Acceleration Server 2006 ISA 2006 Setup and Support
  • At Home Workers Consultants nearby Winston-Salem - Infrastructure Guidance Winston-Salem, NC Work at Home Employees Expertise in Winston-Salem - Infrastructure Expertise Winston-Salem Piedmont Triad

  • Anti-Virus Consultant
    24/7/365 Postini Services

    E-Mail Guard represents a comprehensive solution for blocking spam and virus attacks. E-Mail Guard handles the security and administration of corporate email by offering continually updated spam and virus blocking, policy administration, content testing, and defense against email-borne DHA and Distributed Denial of Service attacks. E-Mail Guard also includes monitoring, management and reporting tools as well as outgoing email filtering to help you troubleshoot your e-mail system and specify and enforce corporate security policy.

  • 24/7 Ryuk ransomware protection Consulting Services
  • At Home Workforce Assistance near Dallas - Backup/Recovery Systems Consulting Services Dallas Texas Dallas Work from Home Employees Backup Technology Consulting Services Dallas, TX
  • At Home Workforce Glendale Consulting Services - VoIP Technology Guidance Telecommuters Consultants in Glendale - VoIP Solutions Assistance Garland
  • Azure Resource Manager Specialist Consult Microsoft Azure enterprise hybrid cloud solutions
  • BlackBerry Smartphone Technology Consulting Company Cabo Frio BlackBerry BES Computer Service Providers
  • Chesapeake, South Hampton Roads Windows 2019 Server Network Support Companies Open Now Support Outsourcing Services Windows 2008 Server Chesapeake, VA
  • Cisco Engineers Honolulu, Waikiki Honolulu Hawaii Cisco Remote Troubleshooting

  • SQL Server 2016 Backup Remote Technical Support
    IT Consulting SQL Server 2016 Reporting Services

    Microsoft SQL Server 2016 offers major improvements in speed, scale, security, uptime, BOYD integration, plus built-in BI. Innovations include PolyBase for processing structured and unstructured databases simultaneously for data warehousing, Hadoop integration, Always Encrypted mode, Mobile Report Publisher, and centralized management of local and cloud operations and services. Progent's Microsoft-certified consulting team can provide remote and onsite expertise to assist businesses of any size to deploy, administer or debug any edition of SQL Server 2016. Progent can also assist you to interface SQL Server 2016 with all key Microsoft platforms such as Windows Server and Hyper-V, Exchange Server 2016, SharePoint Server, Dynamics GP, Lync or Skype for Business, and SCOM.

  • Consultant Security Award Winning Security Cybersecurity Contractors Saddle Brook-Bergen County, New Jersey

  • 24 Hour Expert Microsoft Certified Consulting Windows 2019
    Microsoft Expert IT Consultant Windows Server 2016

    The complexity and connectivity demands of Microsoft Windows Servers calls for an IT consulting firm with practical expertise and broad knowledge in planning and integrating seamless, end-to-end business technology systems. The background of Progent's Microsoft-certified consultants, which averages more than 10 years working with Microsoft technology, assures you success deploying Windows Server 2008 and Windows Server 2003 to align optimally with your business goals. Progent's IT services can assist you with planning, installing, administering, and troubleshooting Windows Server solutions that increase the productivity of your IT network. Progent's consultants can help you with Microsoft Windows 2008 Server, Windows 2003 Server, Windows 2000 Server, or Windows NT Server as well as Windows 8, Windows 7, Windows Vista and other clients.

  • Dane County Wisconsin Work from Home Employees Madison Consulting - Integration Consulting Services Madison Offsite Workforce Integration Assistance Madison, Dane County

  • Microsoft Help Desk Technology Consulting
    Microsoft and Cisco Authorized Expert 24x7 HelpDesk Network Consultant

    The Contact Center support model used by Progent gives small businesses an efficient option to reliance on freelance service individuals by offering broad expertise accessible to numerous engineering groups, optional 24x7 access to urgent help, fast escalation to appropriate engineers for solving the most intractable issues, service consistency and dependability, prompt follow through enforced by seasoned IT service administrators, a variety of convenient techniques for requesting service jobs, plus a high level of progress transparency made possible by ticket tracking and accessible through a web-based portal.

  • Conti ransomware recovery Engineer
  • Detroit Remote Workforce Security Solutions Consulting Services Wayne County Michigan Offsite Workforce Expertise - Detroit - Security Solutions Consulting and Support Services
  • Downers Grove Computer Network Service Company Manager Downers Grove, IL
  • Entourage Classes Office PowerPoint for Mac Learn
  • Expertise for Lakeland Network Service Firms Lakeland Consultants for Network Service Providers in Lakeland - Seamless Temporary IT Support Assistance Lakeland-Plant City

  • Specialists Ekahau Insights Wi-Fi Network Troubleshooting
    Ekahau Wi-Fi RF Spectrum Analysis Remote Support

    Progent's Ekahau-certified Wi-Fi experts can assist your business to design, implement, optimize, manage and debug a Wi-Fi solution adapted to your environment. Progent offers online or onsite expertise for Ekahau Pro for predictive Wi-Fi planning and Ekahau Sidekick for onsite RF measurement.

  • Grand Rapids Ryuk Crypto-Ransomware Defense Glendale, CA Grand Rapids Ransomware Mitigation Glendale, United States
  • Guarulhos Dharma Ransomware File-Recovery Guarulhos, SP Guarulhos MongoLock Crypto-Ransomware Cleanup Guarulhos, Sao Paulo
  • Hialeah At Home Workers Network Security Solutions Consulting Experts Work from Home Employees Guidance near me in Hialeah - Endpoint Security Solutions Consulting and Support Services Hialeah
  • Irvine NotPetya Ransomware Settlement Help Irvine Placentia Irvine, Orange County Irvine Ransomware Negotiation Experts
  • Jundiaí Work at Home Employees IP Voice Solutions Consultants Jundiaí, São Paulo Jundiaí Remote Workers VoIP Solutions Expertise Jundiai
  • MIA BlackBerry Enterprise Server IT Outsourcing Group BlackBerry BPS IT Service Provider Miami
  • MOM 2007 Technology Consulting Monitoring and Reporting Network Consultants
  • Memphis MongoLock Ransomware Forensics Analysis Memphis, Shelby County, USA Memphis Ransomware Forensics Investigation Memphis
  • Microsoft and Apple Help Center 24/7 Microsoft Network Technical Support Companies Pomona, CA
  • Midtown Manhattan Remote Workforce Cloud Integration Systems Guidance NYC-Greenwich Village, New York At Home Workforce Consultants in Midtown Manhattan - Cloud Systems Consulting Experts New York City-Upper West Side, New York
  • Migrations Monterey County Cisco Experts Salinas Security Consulting
  • Mountain View Computer Services Sunnyvale Computer Network Consultants
  • Naples Hermes Ransomware Settlement Consulting Naples, FL Naples Crypto-Ransomware Settlement Negotiation Services Naples
  • Offsite Workforce Skokie Guidance - Cloud Systems Consulting Experts Skokie-Vernon Hills, Illinois Skokie Teleworkers Cloud Solutions Assistance Skokie-Deerfield
  • Ontario 24-Hour Ottawa Crypto-Ransomware Repair Consultants 24/7 Ottawa Ransomware Repair Quebec
  • Ontario Rialto Hesperia Chino, United States Ontario WannaCry Crypto-Ransomware Mitigation Ontario Netwalker Crypto-Ransomware Remediation Ontario, CA, United States

  • Microsoft Desktop Service Providers
    Microsoft Desktop Network Consulting Organization

    Progent offers a wide array of cost-effective support services to assist your company to install, configure, troubleshoot, and administer desktop PCs and laptops powered by Microsoft Windows, macOS and OS X, or various editions of Linux. Progent can offer onsite or remote help for individual computers or notebooks or work with your business to design and carry out a company-wide rollout of new or updated OS software and applications. Progent can also provide engineers and technical workers to help your company to plan for and complete an office move or consolidation organized to produce minimal disruption of your productivity.

  • Operations Manager Migration Information Technology Consulting SCOM Management Packs Onsite Technical Support
  • Outsource SQL Portland Maine SQL Technical Support Firm Portland, ME, Lewiston, ME, Bangor, ME, New England
  • Patch management Consult 24x7 Wi-Fi access point patch management Professionals
  • Professionals Red Hat Linux, Sun Solaris, UNIX Denver Golden Triangle Denver Mile High City Remote Support CentOS Linux, Solaris, UNIX
  • Remote Workers Aurora Consulting and Support Services - Endpoint Management Tools Guidance Aurora Illinois At Home Workforce Expertise - Aurora - Endpoint Management Solutions Expertise Aurora, IL, US
  • LockBit ransomware recovery Technology Professional
  • Remote Workers Consulting Services nearby Shreveport - Setup Consultants Shreveport, LA, U.S.A. Telecommuters Shreveport Expertise - Infrastructure Consulting Experts Shreveport Louisiana, United States
  • Remote Workers Consulting and Support Services near me in Chicago - Integration Solutions Consulting and Support Services Chicago Illinois, United States Chicago At Home Workers Integration Solutions Guidance Joliet, Illinois, U.S.A.
  • ransomware removal and restore Specialist
  • San Jose Work at Home Employees Cloud Integration Systems Consulting Experts San Jose California Silicon Valley, CA San Jose At Home Workers Cloud Systems Consulting Services
  • Santa Catarina Remote Workforce Consultants near me in Joinville - Conferencing Technology Consulting Experts 24-Hour At Home Workers Joinville Consulting and Support Services - Conferencing Technology Guidance Joinville

  • Windows, Linux, UNIX, Solaris Online Troubleshooting
    Consult Linux with Windows

    If your office network mixes Linux-based products platforms with Windows, Progent can show you how to integrate your computers into a unified environment that allows all your operating systems to run side by side for simple management, transparent dataflow, high dependability, superior performance, and strong protection. Progent's Linux and Microsoft Windows integration assistance offerings feature network infrastructure integration and support, consulting for Windows services for UNIX, online server monitoring and management, remote network help and troubleshooting, on-site technical support, and Contact Center services.

  • Security Contractors CISSP Mobile County Alabama After Hours Consultant Security Mobile Bay, Alabama
  • SharePoint Professional Silicon Valley San Jose SharePoint 2013 Network Consultants
  • Consultancy ransomware cryptoworm recovery
  • Small Business Cloud Migration Network Design and Consulting Small Business IT Outsourcing Computer Consulting Company
  • Southfield-Troy, MI Southfield Teleworkers Backup Technology Assistance Top Rated Work at Home Employees Southfield Consulting - Backup/Recovery Technology Consulting Experts Southfield-Livonia, Michigan

  • Catalyst Switch IOS XE Consultant Services
    Catalyst Switch IOS Information Technology Consulting

    With Catalyst switches for small and mid-size businesses, Cisco allows companies to gain the full benefits of bringing smart traffic control to their networks. Cisco's Catalyst switch technology allows you to deploy capabilities that make your IT network sufficiently available to accommodate real-time needs, scalable to support growth, safe enough to guard confidential data, and designed for prioritizing and controlling all traffic to streamline network operations. Progent's CCIE certified consultants can show you how to pick out and deploy Cisco switches that make sense for your business. In addition, Progent's CISM and CISSP certified security specialists can help you create a comprehensive protection policy and configure Cisco Catalyst switches so they help enforce your security strategy. Cisco Catalyst switching products that Progent supports include the Cisco Catalyst 2960 switches, Catalyst 3750 switches, Cisco Catalyst 4948 switches, and Catalyst 6500 Series Switches.

  • Support Slackware Linux, Sun Solaris, UNIX Sandy Springs-Cumberland Ubuntu Linux, Solaris, UNIX Consultants Sandy Springs-Norcross, GA
  • Technology Professional Windows Server 2003 Windows Server 2003 Professionals
  • Telecommuters Ontario Consulting and Support Services - Cloud Integration Solutions Consultants Ontario, CA, U.S.A. Ontario Remote Workers Cloud Systems Assistance Ontario, CA
  • Teleworkers Consultants - New Orleans - Integration Guidance Port of New Orleans At Home Workers New Orleans Consultants - Infrastructure Consulting and Support Services New Orleans Louisiana
  • Tukwila-Federal Way, WA BlackBerry Technical Support Company Top BlackBerry Exchange Support Organizations Tukwila-SeaTac, WA, US

  • 24-7 Reporting Excel
    Microsoft Project Onsite Technical Support

    Progent's team of application experts can provide in-depth consulting, software development, deployment help, and online training for leading business applications that address vital areas including ERP and MRP, general accounting, business analytics, web commerce application design, and the MS Office suite of business productivity software. As a Microsoft Partner with years of experience delivering high-level consulting and troubleshooting support online, Progent can help clients throughout the U.S. to avoid the time and expense related to travel and on-premises activity without compromising the effectiveness of consulting services.

  • Ubuntu Linux, Sun Solaris, UNIX Computer Consultant Melbourne Fedora Linux, Solaris, UNIX Online Consulting
  • Virginia Beach, Southside Exchange Server 2019 Information Technology Consultant Microsoft Exchange 2010 Computer Service Virginia Beach, Southside
  • Windows 2008 Server Providers The Woodlands, TX Windows Server 2012 Network Service The Woodlands, Texas
  • Windows 2012 Cluster Server Support and Integration Failover Clustering Windows 2012 Professional
  • Windows Server 2016 Migration Firm Birmingham Alabama Birmingham International Airport BHM Windows Server 2016 Upgrade
  • Work at Home Employees San Antonio Consultants - Setup Consultants San Antonio Airport SAT San Antonio Teleworkers Setup Consulting Experts
  • Work from Home Employees Atlanta Consulting - Conferencing Technology Consulting and Support Services Atlanta Remote Workers Video Conferencing Systems Guidance
  • Work from Home Employees Jacksonville Consulting Experts - Cloud Technology Consulting Jacksonville, FL Remote Workers Jacksonville Consulting - Cloud Integration Technology Consulting and Support Services
  • Work from Home Employees Southfield Consulting Experts - Infrastructure Guidance Southfield-Dearborn, Michigan Top Southfield Remote Workforce Setup Consulting Southfield-Ann Arbor

  • CISA Certified Cybersecurity Contractor
    CISA Certified Security Organization

    The Certified Information Systems Auditor accreditation is a prestigious qualification that represents expertise in network security auditing. Accredited by the American National Standards Institute, the CISA credential has candidates pass an extensive test administered by the ISACA professional group. Progent offers the expertise of a CISA-Premier Cybersecurity audit consultant trained to help companies in the fields of information systems audit process, information technology governance, systems and architecture ROI, IT service delivery, protection of information assets, and disaster recovery preparedness.


    © 2002-2024 Progent Corporation. All rights reserved.