Ransomware : Your Worst IT Catastrophe
Ransomware  Remediation ConsultantsRansomware has become an escalating cyberplague that poses an extinction-level danger for organizations poorly prepared for an assault. Multiple generations of ransomware like the CrySIS, CryptoWall, Bad Rabbit, Syskey and MongoLock cryptoworms have been running rampant for many years and still cause destruction. Newer versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch and Nephilim, plus daily as yet unnamed viruses, not only do encryption of on-line data files but also infiltrate any configured system protection. Information synched to off-site disaster recovery sites can also be encrypted. In a poorly architected environment, it can make automated restore operations hopeless and basically sets the datacenter back to square one.

Recovering applications and information following a ransomware intrusion becomes a sprint against time as the targeted organization struggles to stop lateral movement and cleanup the virus and to resume mission-critical activity. Because ransomware needs time to spread, attacks are usually launched during weekends and nights, when attacks are likely to take more time to notice. This compounds the difficulty of rapidly mobilizing and organizing a capable mitigation team.

Progent provides an assortment of solutions for protecting organizations from ransomware penetrations. Among these are user education to help identify and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for remote monitoring and management, along with installation of modern security solutions with AI capabilities to quickly detect and extinguish day-zero cyber attacks. Progent also can provide the services of expert crypto-ransomware recovery professionals with the skills and commitment to restore a compromised network as soon as possible.

Progent's Ransomware Restoration Help
Following a crypto-ransomware attack, even paying the ransom in cryptocurrency does not provide any assurance that merciless criminals will provide the keys to decipher any or all of your data. Kaspersky determined that seventeen percent of crypto-ransomware victims never recovered their data even after having paid the ransom, resulting in increased losses. The gamble is also costly. Ryuk ransoms frequently range from fifteen to forty BTC ($120,000 and $400,000). This is greatly above the usual crypto-ransomware demands, which ZDNET determined to be approximately $13,000 for small organizations. The fallback is to setup from scratch the critical components of your Information Technology environment. Without access to complete system backups, this requires a broad range of skill sets, top notch project management, and the ability to work continuously until the task is complete.

For two decades, Progent has provided certified expert IT services for companies across the US and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded high-level certifications in foundation technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have garnered internationally-recognized certifications including CISA, CISSP, CRISC, and GIAC. (Refer to Progent's certifications). Progent in addition has expertise in accounting and ERP software solutions. This breadth of expertise provides Progent the skills to knowledgably understand necessary systems and consolidate the remaining components of your network system following a crypto-ransomware penetration and rebuild them into a functioning system.

Progent's recovery team of experts deploys state-of-the-art project management tools to coordinate the complicated recovery process. Progent knows the importance of acting rapidly and together with a customerís management and IT resources to assign priority to tasks and to put critical applications back on-line as fast as humanly possible.

Business Case Study: A Successful Ransomware Virus Recovery
A client hired Progent after their organization was crashed by Ryuk ransomware virus. Ryuk is believed to have been launched by North Korean state criminal gangs, possibly using approaches leaked from Americaís NSA organization. Ryuk attacks specific companies with little ability to sustain operational disruption and is among the most profitable incarnations of crypto-ransomware. Headline targets include Data Resolution, a California-based info warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing business headquartered in the Chicago metro area with around 500 workers. The Ryuk penetration had disabled all company operations and manufacturing capabilities. Most of the client's backups had been online at the beginning of the intrusion and were damaged. The client was taking steps for paying the ransom (more than $200K) and hoping for the best, but ultimately reached out to Progent.


"I canít tell you enough about the care Progent provided us throughout the most fearful period of (our) businesses survival. We would have paid the hackers behind this attack if not for the confidence the Progent group provided us. That you could get our messaging and key servers back into operation faster than a week was beyond my wildest dreams. Every single person I worked with or texted at Progent was hell bent on getting our company operational and was working non-stop on our behalf."

Progent worked with the customer to quickly assess and prioritize the critical systems that needed to be addressed to make it possible to resume departmental functions:

  • Windows Active Directory
  • Electronic Messaging
  • Financials/MRP
To start, Progent followed AV/Malware Processes penetration response best practices by stopping the spread and cleaning up infected systems. Progent then began the process of bringing back online Active Directory, the key technology of enterprise environments built on Microsoft Windows technology. Microsoft Exchange messaging will not function without Windows AD, and the customerís financials and MRP system leveraged SQL Server, which depends on Windows AD for authentication to the data.

Within 2 days, Progent was able to rebuild Windows Active Directory to its pre-virus state. Progent then assisted with rebuilding and hard drive recovery of needed systems. All Exchange data and attributes were intact, which facilitated the rebuild of Exchange. Progent was able to locate local OST data files (Microsoft Outlook Offline Folder Files) on various desktop computers in order to recover email data. A not too old offline backup of the customerís manufacturing systems made them able to recover these essential services back available to users. Although a large amount of work still had to be done to recover fully from the Ryuk attack, essential services were returned to operations quickly:


"For the most part, the production manufacturing operation ran fairly normal throughout and we produced all customer shipments."

Over the following few weeks key milestones in the recovery project were accomplished through tight cooperation between Progent consultants and the client:

  • Self-hosted web applications were returned to operation with no loss of information.
  • The MailStore Microsoft Exchange Server containing more than four million archived emails was brought online and accessible to users.
  • CRM/Orders/Invoicing/AP/Accounts Receivables/Inventory modules were 100% operational.
  • A new Palo Alto 850 firewall was brought on-line.
  • Ninety percent of the desktops and laptops were functioning as before the incident.

"A huge amount of what happened that first week is nearly entirely a fog for me, but my management will not forget the countless hours each of your team put in to help get our company back. I have been working with Progent for at least 10 years, possibly more, and every time Progent has outperformed my expectations and delivered as promised. This event was no exception but maybe more Herculean."

Conclusion
A possible enterprise-killing catastrophe was avoided through the efforts of results-oriented professionals, a wide spectrum of IT skills, and tight collaboration. Although in analyzing the event afterwards the ransomware virus penetration described here should have been identified and disabled with current cyber security solutions and recognized best practices, team education, and properly executed security procedures for data backup and applying software patches, the reality remains that state-sponsored hackers from China, Russia, North Korea and elsewhere are relentless and represent an ongoing threat. If you do get hit by a ransomware penetration, remember that Progent's roster of professionals has proven experience in ransomware virus blocking, cleanup, and file disaster recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Chris (and any others who were involved), Iím grateful for letting me get some sleep after we made it past the most critical parts. Everyone did an impressive effort, and if anyone is in the Chicago area, dinner is on me!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this customer case study, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Recovery Services
For 24x7x365 crypto-ransomware cleanup consulting, reach out to Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24 Hour Cisco Consulting Companies Anchorage Muldoon Mall, America Cisco Small Business IT Consultants Anchorage Alaska
  • 24-7 Computer Network Specialists Microsoft Mac and Linux Desktop PC Desktop Computer Support
  • Adaptive Security Device Manager Network Consultants Cisco PIX to ASA upgrade Online Support Services

  • Solaris Specialists
    Top Ranked IT Services Sun Solaris

    Progent's Solaris platform consulting experts provide small companies and software developers assistance with administering and supporting Sun Solaris systems that run with Microsoft-based networks. Progent offers your business contact with Sun Solaris consultants, consulting professionals certified by Microsoft and Cisco, and security experts with CISM and CISA certification. This wide range of expertise provides you with a convenient single consulting firm to help you create and maintain a secure and robust mixed-platform connectivity and communications solution that allows Sun Solaris and Microsoft coexistence by combining Windows with major variants of UNIX such as Mac OS X, Solaris, AIX UNIX from IBM, Hewlett Packard HP-UX, BSD, SCO, and Silicon Graphics IRIX or leading Linux platforms including RedHat, SUSE Linux, CentOS, Ubuntu, PCLinuxOS, fedora Linux, Gentoo Linux, Mandriva Linux, Debian GNU/Linux, and Slackware Linux.

  • After Hours Ryuk Ransomware Hot Line Long Beach Southern California Snatch Ransomware Hot Line
  • At Home Workers Albany Consulting - Help Desk Call Center Outsourcing Consulting Albany, NY, US Offsite Workforce Consultants nearby Albany - Help Desk Outsourcing Consulting Albany NY

  • SCDPM 2012 and Exchange Engineer
    Integration Support Data Protection Manager 2012

    Progent's Microsoft-certified consultants offer remote or onsite support to assist organizations of all sizes to design, deploy, administer, and repair a backup-and-restore system based on System Center 2012 Data Protection Manager (SCDPM 2012). Progent can help you to migrate from earlier releases of SCDPM or from a different backup/recovery system, and Progent can optimize your SCDPM 2012 implementation for on premises, cloud-based, or hybrid datacenters. Progent offers occasional support for resolving particularly challenging issues, or full project management support. Progent can also assist your business to design SCDPM 2012 into an enterprise-class disaster recovery strategy.

  • At Home Workers JundiaŪ Consulting Services - Endpoint Management Solutions Guidance JundiaŪ Immediate Remote Workforce JundiaŪ Consulting Experts - Management Systems Consulting Services Jundiai, State of Sao Paulo
  • Consultancy ransomware virus recovery
  • At Home Workers Mexico City Assistance - Integration Consulting Teleworkers Consulting and Support Services near me in Mexico City - Integration Expertise Ciudad de Mťxico, Miguel Hidalgo
  • Sodinokibi ransomware recovery Engineers
  • At Home Workforce Valencia Consulting Services - Collaboration Systems Expertise Valencia-Santa Clarita Biggest Work at Home Employees Consulting Experts nearby Valencia - Collaboration Solutions Guidance Valencia-Santa Clarita, California
  • Biggest Offsite Workforce Montgomery Consultants - Cloud Technology Consulting Montgomery Alabama Work at Home Employees Expertise in Montgomery - Cloud Integration Systems Consultants
  • BlackBerry Enterprise Server Small Business Server Support BlackBerry Email On-site IT Support
  • Boston Telecommuters Help Desk Solutions Consulting Services Boston, Suffolk County Boston Remote Workforce Assistance near Boston - Help Desk Call Center Solutions Consulting Services
  • Cisco Firepower NGIPS Professional Cisco Firepower Management Professionals
  • Cisco Integration Specialist Cleveland, OH Cisco Installer

  • SharePoint Server 2019 Consultants
    Outsourcing SharePoint 2019 Power BI Gateway

    Progent's certified SharePoint 2019 and SharePoint Online consultants can provide affordable online and onsite expertise, software development, and debugging services for organizations of all sizes who want to upgrade to SharePoint Server 2019 or SharePoint Online from legacy releases of SharePoint. Progent can assist customers design and execute an efficient upgrade to SharePoint 2019 on premises, SharePoint Online, or a hybrid network model that combines local and cloud-based infrastructure into a cohesive intranet system.

  • Cisco Remote Technical Support 24/7/365 Tech Support Cisco
  • Consultant Services Security Architecture Specialists Cybersecurity Architecture
  • Consulting Support for Montreal IT Support Firms Expertise for Computer Support Companies near me in Montreal - Transparent Short-Term Support Team Expansion Quebec

  • Technical Consultant Microsoft CRM
    Remote Support Services Microsoft Dynamics CRM

    Microsoft CRM helps small businesses nurture positive customer interactions. Built-in Sales and Customer Service modules enable employees to share information to help promote sales success and deliver consistent, efficient customer service. Progent can configure the optimal network environment, including local and offsite wireless access, to support Microsoft CRM, and Progent's Experts Team can provide your company with a certified MSCRM consultant who can show you how to combine Microsoft Dynamics CRM with your sales or customer support data.

  • Consulting Team Utah - Salt Lake City, UT, West Valley City, UT, Provo, UT, Sandy, UT IT Consultants Utah - Salt Lake City, UT, West Valley City, UT, Provo, UT, Sandy, UT
  • Durham IT Staff Temps Support Short-Term Staffing Support Consulting Specialist
  • Dynamics GP Santa Rosa VAR - Upgrades Consultants Rohnert Park, CA Microsoft Dynamics GP (Great Plains) Santa Rosa VAR - Reporting Consultants Sebastopol CA
  • Engineer ransomware cleanup and file recovery ransomware virus recovery Professionals
  • Exchange 2007 Remote Technical Support Exchange 2007 Support and Help
  • Exchange Contractor Exchange Network Consultants Minneapolis Minnesota

  • Outsourcing Windows Server 2019
    24-7 Windows Server 2019 Live Migration Specialists

    Progent's certified Windows Server 2019 consultants can assist your company to plan and carry out a cost-effective migration to Windows Server 2019 using existing deployment architecture or a cloud-hosted or hybrid deployment model. Microsoft Windows Server 2019 delivers significant enhancements in capacity, speed, manageability, virtualization, cybersecurity, hybrid local/cloud integration, availability, and container support.

  • Garden Grove California Network Solutions Microsoft Windows Cisco CCIE Consulting Services Company Garden Grove

  • Microsoft Windows 8.1 Consultants
    Windows 8.1 Storage Spaces Networking Consultants

    Progent's engineers can provide a variety of technical services to help companies of all sizes to install, administer, and troubleshoot IT systems that include desktops, notebooks, tablets, or smartphones based on Microsoft Windows 8.1. For enterprises, Progent's senior project managers can assist to create testing labs to assess Microsoft Windows 8.1 and plan and implement Windows 8.1 deployment projects following industry best practices.

  • Houston Ransomware Nephilim Susceptibility Review Houston, Harris County Houston Ransomware Hermes Readiness Testing Houston Sugar Land Baytown
  • Immediate Cisco CCIP Consultant Part Time Job Tucson, Pima County MCSE Remote Support Subcontractor Pima County
  • Joinville, SC Remote Joinville Maze Crypto-Ransomware Forensics Investigation Joinville Crypto-Ransomware Forensics Investigation
  • Ryuk ransomware protection Consult
  • Lakeland Ransomware File-Recovery Lakeland Florida Best Lakeland Nephilim Crypto-Ransomware Recovery Lakeland-Lakeland, Florida
  • Lima Ryuk Crypto-Ransomware Malware Repair Example San Isidro District Lima Nephilim Crypto-Ransomware Restoration
  • Long Beach, Los Angeles County, United States Supplemental Network Support Staffing Support Consulting Services 24x7x365 Temporary Staffing Services Consulting Support Long Beach California
  • MS Dynamics GP-Software Savannah Dealer - Installation Consultants Savannah Savannah Garden City Savannah Dynamics GP (Great Plains) Upgrade Help
  • ransomware removal and recovery Professional
  • Melbourne Dynamics GP-Software Customization Support Melbourne Melbourne Dynamics GP-Software Training Support Services Melbourne
  • Meraki 802.11ac AP Migration Network Consultant Meraki MR52 Access Point Consultant Services

  • Private Cloud Integration Services
    Technology Professional Virtual Server Private Cloud Hosting

    Progentís private cloud hosting allows small and midsize businesses to run key applications such as SQL and Exchange from a hardened Tier III data center facility on fully redundant equipment with offsite data backup. Progent utilizes Microsoft's Hyper-V technology for server virtualization and Data Protection Manager (DPM) for backup replication and restore. You can use Progentís private cloud hosting service to eliminate major capital costs for the purchase, maintenance, and management of computer equipment and data center facilities while benefiting the highest levels of system availability and physical security.

  • Microsoft Certified Consultant Open Positions Top Contractor Jobs Microsoft MCDST Support Roseville, CA
  • Microsoft Experts Palo Alto Integration Firms Urgent Menlo Park Support Specialist

  • Microsoft Access report formatting Contract Programmer
    Microsoft Access RDP Consulting

    Progent offers economical remote consulting services for all editions of Office Access including Access desktop and Access Web App and offers advanced support for application development, database migration, performance tuning, report design, and troubleshooting. Progent also offers tailored online classes for Office Access development and DBA services.

  • Missouri - Kansas City, MO, Saint Louis, MO, Springfield, MO, Independence, MO Maintenance Missouri Small Business Network Consulting Companies
  • Montreal Work at Home Employees Collaboration Technology Guidance Montreal Award Winning Work at Home Employees Montreal Expertise - Collaboration Solutions Consulting Experts Montreal, QC
  • Network Security Inventory Specialist Consultants Information Risk Assessment

  • Consulting Threat Management Gateway 2010
    Remote Technical Support Forefront TMG

    Microsoft Forefront Threat Management Gateway builds on the proven security technologies of Internet Security and Acceleration Server 2006 and provides a easily managed Internet gateway that delivers a one-server solution for an array of security functions including an application layer and network layer firewall, URL monitoring and filtering, malware inspection, IPS, reputation services, Virtual Private Network management, and HTTP/HTTPS inspection. Microsoft Forefront Threat Management Gateway 2010 provides advanced web security reporting features, permits customized reports generated by SQL Server, works with Active Directory to simplify policy enforcement, and can be deployed as a virtual machine to lower costs and enhance recoverability. Progent's Microsoft consultants can assist you to design and execute pilot and production implementations; interface Microsoft Forefront TMG 2010 with Windows 2008, AD, Microsoft SQL Server, Microsoft Exchange Server, and Microsoft SharePoint; set up Microsoft Forefront Threat Management Gateway to run on a virtual server with Microsoft Windows Hyper-V; and deliver continuing support and troubleshooting. Progent can also help your organization to migrate smoothly to Forefront Threat Management Gateway from ISA Server 2006 or ISA Server 2004.

  • Networking Computer Consultancy Company Peoria Technical Support Organizations Help Desk Peoria County Illinois
  • Oxford Microsoft Dynamics GP-Software Reporting Consultants Oxford, Oxfordshire Dynamics GP-Great Plains Oxford Solution Provider - Implementation Consultants Oxfordshire, South East England
  • PCLinuxOS Linux Consultant Services Consulting CentOS Linux
  • Portland Crypto-Ransomware DopplePaymer Readiness Checkup Portland International Airport PDX, United States Portland Ransomware NotPetya Preparedness Report Portland - Beaverton
  • Ransomware Cleanup and Restore WannaCry Ransomware Hot Line Suisun City CA
  • Reading Remote Workers Connectivity Solutions Consulting Experts Reading, England Work from Home Employees Consulting and Support Services - Reading - Integration Solutions Consulting Experts Reading, Britain
  • Remote Workers Consultants - Calgary - Collaboration Systems Expertise Calgary, Alberta Telecommuters Guidance near Calgary - Collaboration Technology Guidance Calgary, Alberta

  • Altaro O365 SharePoint Backup Computer Engineer
    24x7 Altaro Office 365 Backup Remote Troubleshooting

    Progent is an Altaro partner and can design and manage a deployment of Altaro Office 365 Backup to protect your O365 mailboxes, files residing on your company's OneDrive Accounts and SharePoint Document Libraries, plus user and group Teams Chats.

  • Remote Workforce Bakersfield Consulting - Call Desk Outsourcing Consulting and Support Services At Home Workforce Bakersfield Guidance - Help Desk Solutions Consultants Bakersfield, Kern County
  • 24/7/365 ransomware removal and file recovery Consulting Services
  • San Francisco NotPetya Crypto-Ransomware Forensics San Francisco Airport SFO San Francisco Spora Crypto-Ransomware Forensics Investigation San Francisco, CA
  • San Jose San Jose Microsoft Dynamics GP (Great Plains) Customization Consultants MS Dynamics GP San Jose Dealer - Business Intelligence Development

  • Professionals Offsite Workers Cloud Integration
    Offsite Employees Cloud Integration On-site Support

    Progent can help small and medium-size businesses to provision their offsite employees with reliable integration with public cloud resources.

  • Sorocaba IT Staffing Help Sorocaba, SP Short-Term Staffing Services Consulting Sorocaba, SP

  • Specialist Catalyst 802.11ax AP Migration
    Catalyst Wi-Fi 6 AP Placement Network Consultants

    Progent's Cisco Catalyst 802.11ax WAP experts can provide affordable online and on-premises help for Catalyst Wi-Fi 6 wireless access points.

  • Sorocaba Netwalker Crypto-Ransomware Negotiation Support Sorocaba Sorocaba Hermes Crypto-Ransomware Negotiation Consulting Sorocaba
  • Spokane Ransomware Repair Consulting Eastern Washington Spokane Immediate Spokane CryptoLocker Recovery Consultants Spokane, WA
  • Springfield Remote Workers Infrastructure Consulting and Support Services Springfield, MA Offsite Workforce Consulting Services in Springfield - Integration Guidance Springfield, USA
  • After Hours ransomware cleanup and file restore Consulting
  • Suse Linux, Solaris, UNIX Information Technology Consulting Red Hat Linux, Sun Solaris, UNIX Support and Help Sorocaba
  • Teleworkers Nashville Guidance - Backup Solutions Consultants Nashville Tennessee Remote Workforce Nashville Expertise - Backup/Recovery Solutions Consulting Services Nashville Goodlettsville

  • SQL Server 2016 and VMWare Consultants
    Remote Technical Support SQL Server 2016

    Microsoft SQL Server 2016 offers significant improvements in speed, scale, security and compliance, availability, BOYD support, plus built-in business intelligence. New features include PolyBase for processing SQL and NoSQ files in one appliance for data warehousing, Jason support, Row-level Security, Mobile Report Publisher, and centralized control over local and cloud resources. Progent's Microsoft-certified consulting team can deliver online and onsite support to help businesses of any size to deploy, administer or troubleshoot any edition of SQL Server 2016. Progent can also help you to interface SQL Server 2016 with other key Microsoft technologies including Windows Server and Hyper-V, Exchange Server 2016, SharePoint Server, Microsoft Dynamics CRM and GP, Lync or Skype for Business, and SCOM.

  • Temporary IT Staffing for Computer Support Groups Reston-Ashburn, VA Open Now Temporary IT Staffing for Network Support Groups Reston-McLean
  • ransomware removal and file restore Professionals
  • Top Temporary Network Support Staffing Support Consulting Expertise Bellevue Bellevue Temporary IT Staffing Support Bellevue, King County

  • Hermes ransomware recovery Consultants
    Professionals Netwalker ransomware recovery

    Progent's ransomware experts can help your business to evaluate your ransomware vulnerability, remotely monitor and protect your IT environment, assist with settlement negotiations with a hacker, and reconstruct a network victimized by a ransomware cryptoworm such as Ryuk, Maze, Sodinokibi, Netwalker, Conti or Nephilim.

  • Vancouver , British Columbia SQL Server 2019 Onsite Technical Support Biggest Microsoft SQL 2008 Integration Firms British Columbia

  • Engineer Aironet 1600 Access Point
    Support Services Aironet 802.11ac AP

    Progent's Cisco CCIE wireless network experts offer online or on-premises integration and troubleshooting services to help your organization to design, implement, update, tune, administer and troubleshoot Aironet wireless access point deployments of any size or architecture. Progent's Cisco wireless controller experts can also help you to combine your wireless ecosystem with your wired network and cloud-based resources to create a seamless enterprise-wide connectivity solution that is simple to administer and expand. Progent also offers affordable Wi-Fi site surveys to assist you to determine the most efficient selection, location and setup of Aironet wireless access points to accommodate your unique office layout, construction, and anticipated workloads.

  • Windows 2019 Server Consultant Services Oklahoma City, OK Windows Server 2012 Engineers Oklahoma County
  • Windows 2019 Server Network Support Company Orlando-Kissimmee Orlando-Kissimmee Windows Repair Installation
  • Windows Small Business IT Support Firm Windows Server 2016 Computer Specialist Manaus

  • © 2002-2021 Progent Corporation. All rights reserved.