Crypto-Ransomware : Your Crippling Information Technology Disaster
Ransomware  Remediation ExpertsRansomware has become a modern cyber pandemic that presents an enterprise-level threat for businesses vulnerable to an assault. Different versions of crypto-ransomware like the Reveton, WannaCry, Bad Rabbit, NotPetya and MongoLock cryptoworms have been out in the wild for a long time and still cause damage. Newer variants of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, plus more unnamed malware, not only encrypt on-line data files but also infect many available system backups. Data synchronized to off-site disaster recovery sites can also be corrupted. In a poorly architected environment, it can render automated recovery hopeless and effectively sets the network back to zero.

Restoring applications and data after a ransomware event becomes a race against the clock as the targeted business struggles to stop lateral movement and cleanup the ransomware and to restore enterprise-critical activity. Since ransomware takes time to move laterally, penetrations are often sprung on weekends and holidays, when successful attacks tend to take more time to notice. This compounds the difficulty of rapidly marshalling and orchestrating an experienced response team.

Progent makes available a range of solutions for securing businesses from ransomware attacks. These include team member training to help identify and avoid phishing exploits, ProSight Active Security Monitoring for endpoint detection and response utilizing SentinelOne's AI-based threat defense to identify and suppress zero-day malware assaults. Progent in addition offers the assistance of veteran crypto-ransomware recovery engineers with the talent and commitment to rebuild a compromised system as rapidly as possible.

Progent's Crypto-Ransomware Restoration Support Services
Subsequent to a ransomware penetration, even paying the ransom in cryptocurrency does not provide any assurance that merciless criminals will provide the codes to decipher any of your files. Kaspersky estimated that seventeen percent of ransomware victims never recovered their data after having sent off the ransom, resulting in additional losses. The risk is also costly. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is well above the usual ransomware demands, which ZDNET determined to be in the range of $13,000 for smaller businesses. The other path is to setup from scratch the critical components of your IT environment. Absent the availability of full system backups, this calls for a wide range of skill sets, top notch project management, and the capability to work continuously until the task is completed.

For twenty years, Progent has offered professional IT services for businesses across the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes engineers who have earned advanced industry certifications in important technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity specialists have garnered internationally-renowned industry certifications including CISM, CISSP-ISSAP, CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has experience with accounting and ERP applications. This breadth of expertise affords Progent the skills to efficiently understand critical systems and consolidate the remaining components of your computer network system after a ransomware event and configure them into an operational system.

Progent's security team of experts deploys top notch project management applications to orchestrate the sophisticated recovery process. Progent understands the importance of acting swiftly and in unison with a client's management and Information Technology staff to assign priority to tasks and to get critical services back on-line as soon as humanly possible.

Client Story: A Successful Crypto-Ransomware Intrusion Response
A customer sought out Progent after their network was crashed by Ryuk ransomware. Ryuk is thought to have been launched by North Korean state sponsored criminal gangs, possibly using techniques leaked from the U.S. NSA organization. Ryuk targets specific organizations with little or no ability to sustain disruption and is one of the most lucrative incarnations of ransomware malware. Well Known targets include Data Resolution, a California-based data warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a small manufacturing business based in Chicago and has about 500 staff members. The Ryuk event had brought down all business operations and manufacturing capabilities. Most of the client's system backups had been on-line at the start of the attack and were destroyed. The client was actively seeking loans for paying the ransom (exceeding two hundred thousand dollars) and hoping for the best, but in the end utilized Progent.


"I can't say enough in regards to the help Progent provided us throughout the most critical time of (our) businesses life. We may have had to pay the criminal gangs except for the confidence the Progent experts gave us. The fact that you could get our e-mail and production applications back into operation quicker than 1 week was amazing. Every single expert I interacted with or messaged at Progent was amazingly focused on getting us back online and was working at all hours on our behalf."

Progent worked with the client to rapidly get our arms around and prioritize the key services that had to be addressed in order to continue departmental operations:

  • Windows Active Directory
  • E-Mail
  • Financials/MRP
To start, Progent adhered to Anti-virus penetration response industry best practices by stopping the spread and performing virus removal steps. Progent then initiated the task of rebuilding Microsoft Active Directory, the heart of enterprise networks built upon Microsoft Windows technology. Exchange email will not work without Active Directory, and the customer's MRP applications utilized Microsoft SQL Server, which depends on Windows AD for authentication to the database.

Within 48 hours, Progent was able to recover Active Directory to its pre-virus state. Progent then charged ahead with reinstallations and storage recovery on key servers. All Exchange data and configuration information were intact, which accelerated the rebuild of Exchange. Progent was also able to collect non-encrypted OST files (Outlook Email Off-Line Data Files) on staff PCs and laptops to recover mail information. A not too old offline backup of the client's manufacturing systems made them able to return these essential applications back servicing users. Although a large amount of work needed to be completed to recover completely from the Ryuk damage, core systems were restored rapidly:


"For the most part, the production line operation did not miss a beat and we delivered all customer sales."

During the next month key milestones in the restoration project were accomplished in tight cooperation between Progent engineers and the client:

  • Self-hosted web sites were returned to operation with no loss of information.
  • The MailStore Exchange Server exceeding 4 million historical emails was brought online and accessible to users.
  • CRM/Orders/Invoicing/Accounts Payable (AP)/AR/Inventory Control functions were 100 percent operational.
  • A new Palo Alto Networks 850 firewall was brought online.
  • Nearly all of the user desktops were being used by staff.

"A lot of what was accomplished in the initial days is nearly entirely a fog for me, but we will not forget the urgency each and every one of your team put in to help get our company back. I have been working with Progent for at least 10 years, maybe more, and every time I needed help Progent has shined and delivered. This time was a life saver."

Conclusion
A possible enterprise-killing catastrophe was averted by hard-working experts, a wide spectrum of subject matter expertise, and close teamwork. Although in retrospect the crypto-ransomware virus penetration detailed here would have been shut down with advanced cyber security technology and ISO/IEC 27001 best practices, user and IT administrator training, and appropriate incident response procedures for information backup and proper patching controls, the reality is that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do get hit by a ransomware virus, remember that Progent's roster of professionals has extensive experience in ransomware virus defense, remediation, and file restoration.


"So, to Darrin, Matt, Aaron, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others who were contributing), thank you for making it so I could get rested after we made it over the initial push. Everyone did an impressive job, and if anyone is around the Chicago area, a great meal is the least I can do!"

Download the Crypto-Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Repair Expertise
For 24-Hour ransomware removal services, contact Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24-7 SharePoint Server 2013 Support Wilmington-New Castle, DE Wilmington Delaware Configuration Microsoft SharePoint Server 2007

  • After Hours Meraki AP Management Troubleshooting
    Help and Support Meraki MR66 Access Point

    Progent's Meraki Wi-Fi access point consultants provide remote and onsite support services to assist businesses of any size to plan, deploy, maintain, upgrade or debug Wi-Fi networks that utilize Cisco Meraki wireless access points. Progent can help your business to configure and manage Cisco's Meraki-based wireless infrastructure for sites that range from a telecommuter's home or a branch office to a large campus or a nationwide enterprise. Progent can also help you to integrate additional Cisco products such as Catalyst and Nexus switches, routers and ASA firewalls to create a seamless ecosystem that provides identical connectivity, responsiveness, security, ease of management and uptime for wired and Wi-Fi users regardless of their location or computing device.

  • Addison Crypto-Ransomware Malware Vulnerability Addison-Richardson, TX Addison-Farmers Branch, TX Addison Crypto-Ransomware Report

  • Contract Linux Consultants Contract Job
    Contract Cisco Consulting Telecommuting Job

    Progent's Experts Team provides consulting in important fields that include Macintosh integration and applications; Support for Linux, UNIX-based, and Sun environments; Manufacturing Resource Planning, Enterprise Resource Planning, or Customer Relationship Management customization; Mission-critical and specialized application support; CIO, business analyst, and project management outsourcing; Special applications development and integration; Web site, electronic business, Electronic Data Interchange, and client information portal design and deployment; SQL support and performance consulting; Business intelligence consulting; and Telecom systems support.

  • After Hours Computer Support Companies Cisco Cisco Technology Consultants Uberlândia, MG

  • Cisco Firewall Network Assessment
    Online Cisco Certified CCIE Computer Network Firms

    Progent's CCIE-certified network infrastructure experts have extensive background assisting Internet Service Providers to design, implement, administer, optimize, and troubleshoot fault-tolerant, extensible network solutions appropriate for shared public networks.

  • Dharma ransomware recovery Professionals
  • Augusta, GA SQL 2012 IT Technical Support Company Microsoft SQL Server 2016 Server Consultants Augusta, GA
  • Bellevue Work at Home Employees Solutions Consulting and Support Services Bellevue At Home Workforce Integration Solutions Assistance Bellevue

  • Windows Server 2019 Hybrid Solutions Consultants
    Windows Server 2019 Cybersecurity Professional

    Progent's certified Windows Server 2019 consultants can assist your organization to plan and implement a cost-effective migration to Windows Server 2019 using existing system architecture or a new cloud-based or hybrid deployment model. Windows Server 2019 delivers major enhancements in scale, speed, ease of management, virtualization, cybersecurity, hybrid on-prem plus cloud integration, availability, and container support.

  • Boston Work at Home Employees Backup/Recovery Solutions Consulting and Support Services Offsite Workforce Consulting Services nearby Boston - Backup/Recovery Solutions Expertise Boston, Suffolk County
  • CISA Consulting Subcontractor Job Jackson County Missouri Best Microsoft Certified Remote Engineer Telecommute Jobs Kansas City Missouri, US
  • Cincinnati Ryuk Crypto-Ransomware Filtering Hamilton County Ohio Top Ranked Cincinnati Sodinokibi Ransomware Business Recovery Cincinnati Ohio
  • Cisco CCIE VoIP Network Consultant Part Time Job Tampa St Petersburg Clearwater Microsoft MCTS Support Openings Tampa, Hillsborough County, USA
  • Cisco and Microsoft Network Traffic Analysis Security Group Award Winning Consultancy Security Information and Event Management
  • Clearwater, FL Windows Server 2016 Security Consultants Windows 2008 Server Computer Setup Pinellas County Florida
  • Computer Consultant Windows Security Pulaski County Arkansas Windows Security Online Support
  • Dallas Computer Setup Top Quality Dallas County Small Office IT Support

  • Mobile Device Management Setup and Support
    Microsoft Intune and Apple iOS Engineer

    Progent's Microsoft-certified Intune consultants can assist your company to understand the strategic case for adopting Microsoft Intune for administering your mobile devices including notebooks, smartphones, and tablets powered by Windows, iOS, and Google Android. Progent's Intune consultants can assist your company to configure security policies, plan and deploy test environments to evaluate the appropriateness of Intune for your environment, deploy Intune throughout your enterprise, combine Intune with SCCM for unified change management, and troubleshoot your Intune deployment.

  • Denton County Texas After Hours Windows Security Small Office Computer Consultant Help Desk Network Repair Service Denton County Texas
  • East Palo Alto Work at Home Employees Palo Alto Consulting Services - Infrastructure Consulting Experts Palo Alto At Home Workers Setup Assistance East Palo Alto
  • Locky ransomware recovery Consult
  • Emergency Chicago Offsite Workforce Collaboration Systems Consulting and Support Services Chicagoland Chicago Telecommuters Collaboration Systems Expertise Chicago Downtown
  • Emergency Network Repair Service Cisco Miami Beach, Florida Cisco Outsourcing Companies Miami Beach, FL
  • Eugene Work from Home Employees Setup Consultants Eugene Springfield, United States Telecommuters Eugene Assistance - Setup Consulting and Support Services Lane County Oregon
  • ISSAP Certified Security Architecture Specialist CISSP-ISSAP Cybersecurity Architecture Consultancy
  • Irving Microsoft SQL 2014 Computer Setup Microsoft SQL 2008 Small Business Computer Consultant Irving Dallas Plano
  • Lakeland Work from Home Employees Endpoint Management Solutions Consultants Lakeland, Florida Lakeland At Home Workforce Management Systems Consulting Lakeland-Lakeland, Florida
  • Lincoln Offsite Workforce Setup Consultants Lincoln Seward County, United States Lancaster County Nebraska Lincoln At Home Workforce Infrastructure Guidance
  • Maricopa County Arizona Microsoft Exchange Server 2013 Consulting Team Chandler Exchange Server 2013 Network Management Services
  • Microsoft T-SQL Contract Programming Firm SQL Server Replication Professionals

  • .Net Networking Companies
    Project Server Outsource

    Progent's Microsoft-certified consultants can provide network help and technology consulting services for Microsoft .NET Servers and programs and for Microsoft Windows Server 2012 R2, Windows Server 2008 R2 and Windows Server 2003. Progent's consulting team can help you plan, integrate, troubleshoot and manage the entire family of Windows .NET Servers including SQL Server, Microsoft ISA Server, Microsoft Small Business Server, Exchange Server, Microsoft SharePoint Server, Windows Hyper-V, Lync Server, Microsoft Project Server, and System Center Operations Manager (SCOM).

  • Open Now Beverly Hills At Home Workforce Cloud Integration Solutions Expertise Beverly Hills-West Hollywood, CA At Home Workforce Beverly Hills Assistance - Cloud Integration Technology Guidance Beverly Hills

  • Exchange 2019 SharePoint Integration Professionals
    MCSE Expert Certified Exchange 2019 DAG Consultancy

    Progent can assist your organization in any phase of your migration to Microsoft Exchange 2019 including configuring Windows Server 2019 for hosting Exchange; designing high availability (HA) architecture for an on-premises, cloud-based or hybrid deployment; migrating mailboxes; designing and configuring Hyper-V; configuring hardware load balancing; building Database Availability Groups (DAGs) with MCDB solid-state caching; integrating with Skype for Business 2019 for voicemail services; integration with SharePoint Server or SharePoint Online; preparing firewalls; integration with Microsoft 365 and setting up Outlook.

  • Ottawa IT Staffing Temps Support Gatineau, Quebec Ottawa Supplemetary IT Staffing Help Ottawa

  • Consultant Services Ubiquiti UniFi WiFi access point
    Ubiquiti switch Specialist

    Ubiquiti's UniFi family of Wi-Fi network appliances includes a wide selection of Wave 2 802.11ax Wi-Fi access points, security gateways, and managed switches. UniFi appliances running across multiple sites with any number of access points can be remotely configured and administered using Ubiquiti's free UniFi Controller software, which centralizes and simplifies setup, discovery, administration, tuning, troubleshooting, monitoring, and reporting. Progent offers the expertise of seasoned wireless consultants who can help you to assess the benefits of Ubiquiti's UniFi technology for your environment and assist you to design, deploy, administer, and troubleshoot your UniFi ecosystem.

  • Palo Alto Sodinokibi Crypto-Ransomware Forensics Investigation Palo Alto, CA Palo Alto Spora Crypto-Ransomware Forensics Analysis East Palo Alto, U.S.A.

  • Infor SyteLine CloudSuite Job Costing Consultants
    Infor SyteLine CloudSuite Business Analyst Professional

    Infor CloudSuite Industrial, formerly known as SyteLine, is an ERP platform that embodies more than 25 years of background assisting manufacturing and service organizations to simplify supply chains and improve the efficiency of key processes in order to get products to market fast and adhere to customer schedules dependably. Progent offers the skills of an ERP specialist with more than 20 years of experience working with the Infor CloudSuite Industrial/SyteLine product family. Progent offers online or on-premises consulting that can range from as-needed guidance to solution planning and project management. Sample consulting services offered by Progent for CloudSuite Industrial/SyteLine include installation, migration, business analysis, customization, Configure/Price/ Quote, web site integration, troubleshooting, data conversion, Microsoft 365 integration, training, and DBA services.

  • Remote Workforce Boston Consulting Experts - Endpoint Management Tools Consulting Experts New England Boston Work at Home Employees Management Solutions Consultants New England

  • Amazon MWS integration Contract Programming Firm
    Amazon MWS development Coder

    Amazon Marketplace Web Service (Amazon MWS) is a library of APIs that enables Amazon sellers to improve the efficiency of their business processes by automating crucial sales activities such as listings, orders, shipments, inbound and outbound fulfillment, and reports. By leveraging Amazon's vast online selling environment and automating their sales, vendors can expand their reach, reduce their cost of sales, accelerate response time to customers, and add to their bottom line. Progent's Amazon Marketplace Web Service developers can collaborate with your development team and provide application programming, workflow integration, project management support, and mentoring to help you shorten development time and expedite your ROI.

  • Seattle, WA Urgent Seattle Crypto Removal Services Seattle Crypto Removal Consultants Seattle Kirkland Everett, WA

  • Knowledge Transfer Technical Support Services
    Computer Consultants Knowledge Transfer

    Progent practices information transfer from Progent's consultants to clients. By educating customers to deal with technical issues that are within their comfort zone, Progent is able to concentrate on providing hard-to-find services where Progent has little competition. Small businesses who work with trusted freelance consultants or who maintain internal IT personnel benefit when Progent transfers knowledge about new technology and proven processes to make their networks more robust, protected, and efficient.

  • Security Organizations Security Security Security Consultant

  • Top Rated Nation Wide Support Consultancy Firm
    Microsoft Experts Virginia Troubleshooters

    Progent's Technical Response Center (TRC) offers low-cost nationwide extended hours remote help for IT networks based on Windows and Cisco technology. Progent's Microsoft and Cisco-Premier service professionals offer extended hours telephone support and online secure network access to troubleshoot and repair technical problems rapidly and economically.

  • Stamford Offsite Workforce Integration Assistance Stamford Norwalk Shelton Remote Workforce Stamford Consultants - Integration Solutions Consulting Stamford Norwalk Shelton

  • Online Troubleshooting Windows Server 2012 R2 Server Manager
    Consulting Services Windows Server 2012R2 Security

    Progent's Microsoft-certified professionals can help you to assess the benefits of Windows Server 2012 R2 for your organization, develop test systems and rollout strategies, optimize your infrastructure for local, multi-location, private or public cloud-based, and hybrid datacenters, train your IT support staff, develop an enterprise-wide security plan, streamline IT administration, assist with creating applications, and generate and validate a disaster recovery/business continuity plan.

  • Support Firms Microsoft SQL 2008 Staten Island, NYC, United States Microsoft SQL Server 2017 Network Support Consultants Brooklyn
  • Suse Linux, Solaris, UNIX Outsourcing Jundiai, Sao Paulo Support Debian Linux, Solaris, UNIX Jundiaí, SP
  • Technical Consultant Zero Trust Cybersecurity Identity Authentication Information Technology Consulting
  • Teleworkers Guidance near me in Alpharetta - Voice/Video Conferencing Systems Consultants Alpharetta 24x7 Alpharetta Work from Home Employees Video Conferencing Technology Consulting Alpharetta
  • Teleworkers Sherman Oaks Consulting Experts - Video Conferencing Technology Consulting and Support Services Sherman Oaks-Reseda, CA Sherman Oaks-Woodland Hills, California Sherman Oaks Offsite Workforce Conferencing Technology Assistance
  • Ubuntu Linux, Solaris, UNIX Remote Consulting Sandy Springs-Cumberland Slackware Linux, Sun Solaris, UNIX Online Troubleshooting
  • Vitoria Vitória Ransomware Locky Readiness Report Vitória Crypto-Ransomware Egregor Vulnerability Report Vitoria
  • Egregor ransomware recovery Technology Professional
  • Wilmington Work at Home Employees Integration Consulting Experts Wilmington, DE Offsite Workforce Consulting nearby Wilmington - Integration Consulting Services

  • Private Cloud Virtual Datacenter Hosting Specialists
    Private Cloud Hosting for Virtual Data Centers Professional

    Progent's ProSight Virtual hosting services offer small and midsize businesses a variety of benefits such as reduced capital costs, reductions in operational costs, better executive focus, enterprise-class protection, enhanced availability, and business continuity.

  • Windows Server 2019 Windows Defender ATP IT Services Support Services Windows Server 2019 High Availability

  • OS X Technical Support Services
    Largest Macintosh OSX Online Technical Support

    Progent's consultants can provide macOS and Mac OS X users a variety of services such as workstation support, Apple macOS and OS X expertise, Mac integration with Windows environments, Microsoft Entourage and Exchange Server expertise, security services, and custom education. Progent can help clients to upgrade to macOS from OS X or other earlier versions of Apple Mac OS X and Progent can provide help with Apple Mac application software. Progent can also help your business with Apple iPhone support and Apple iPad management, or moving to iCloud. For computer environments based exclusively on Apple macOS or OS X or for networks incorporating a combination of Mac, Linux and Windows powered servers and desktops, Progent's Apple, Cisco, and Microsoft professionals have the background and depth to handle the difficulty of designing, configuring and supporting a network environment that is reliable, secure, efficient and able to achieve your organization's objectives.

  • Winston-Salem Ransomware Mitigation Winston-Salem 24-Hour Winston-Salem Snatch Ransomware Cleanup

  • Emergency Gentoo Linux On-site Support
    Consultant Debian Linux

    If your company is producing Linux-based software on a network that includes MS Windows-based processors, PCs, and office applications, Progent offers comprehensive information technology outsourcing that allows you to concentrate on your area of strategic expertise while avoiding the constant distraction of managing your business network. By using smart server monitoring and by delivering remote and in-person assistance as your business needs it, Progent offers an economical solution for supporting an information system that provides high dependability, protection, and efficiency. Progent's UNIX/Linux developer assistance offerings include full-service it outsourcing, virtual server infrastructure, remote and on-premises support and troubleshooting, proactive network monitoring, and Helpdesk support.


    © 2002-2023 Progent Corporation. All rights reserved.