Ransomware : Your Feared Information Technology Catastrophe
Ransomware Recovery ExpertsRansomware has become a too-frequent cyberplague that presents an enterprise-level danger for organizations unprepared for an assault. Multiple generations of ransomware such as CrySIS, Fusob, Locky, SamSam and MongoLock cryptoworms have been out in the wild for many years and continue to inflict harm. Modern versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, LockBit and Egregor, plus more as yet unnamed viruses, not only do encryption of on-line data files but also infiltrate any configured system backup. Data synched to cloud environments can also be corrupted. In a poorly architected environment, this can render automatic restoration hopeless and effectively knocks the entire system back to zero.

Getting back on-line programs and data following a crypto-ransomware attack becomes a sprint against the clock as the targeted organization struggles to contain the damage and cleanup the crypto-ransomware and to resume mission-critical activity. Because ransomware takes time to move laterally, penetrations are frequently sprung during weekends and nights, when successful penetrations typically take longer to detect. This multiplies the difficulty of promptly mobilizing and organizing a knowledgeable response team.

Progent offers a variety of services for protecting enterprises from ransomware attacks. These include team member education to become familiar with and not fall victim to phishing exploits, ProSight Active Security Monitoring (ASM) for endpoint detection and response utilizing SentinelOne's behavior-based threat protection to identify and suppress day-zero malware assaults. Progent also provides the assistance of veteran ransomware recovery engineers with the talent and perseverance to re-deploy a breached system as quickly as possible.

Progent's Crypto-Ransomware Restoration Support Services
Following a crypto-ransomware attack, sending the ransom in cryptocurrency does not guarantee that cyber hackers will provide the codes to unencrypt any of your information. Kaspersky Labs estimated that seventeen percent of ransomware victims never restored their information even after having sent off the ransom, resulting in more losses. The risk is also very costly. Ryuk ransoms often range from fifteen to forty BTC ($120,000 and $400,000). This is greatly higher than the typical ransomware demands, which ZDNET determined to be in the range of $13,000 for smaller businesses. The alternative is to re-install the essential components of your Information Technology environment. Without access to full information backups, this requires a wide complement of skills, professional team management, and the ability to work continuously until the job is done.

For two decades, Progent has provided certified expert Information Technology services for companies throughout the US and has earned Microsoft's Gold Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have been awarded advanced industry certifications in foundation technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's security engineers have garnered internationally-renowned industry certifications including CISM, CISSP, ISACA CRISC, and GIAC. (Visit Progent's certifications). Progent in addition has expertise with financial management and ERP software solutions. This breadth of experience provides Progent the ability to rapidly understand critical systems and integrate the surviving parts of your network environment following a ransomware attack and configure them into a functioning network.

Progent's ransomware team deploys powerful project management systems to orchestrate the complicated restoration process. Progent appreciates the importance of acting quickly and in concert with a client's management and IT staff to assign priority to tasks and to get critical applications back online as soon as possible.

Customer Case Study: A Successful Ransomware Intrusion Recovery
A client engaged Progent after their network system was taken over by the Ryuk crypto-ransomware. Ryuk is believed to have been launched by North Korean state sponsored criminal gangs, possibly adopting algorithms leaked from the United States National Security Agency. Ryuk attacks specific companies with little or no ability to sustain disruption and is among the most profitable iterations of ransomware viruses. Headline victims include Data Resolution, a California-based info warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing business based in Chicago and has around 500 workers. The Ryuk penetration had shut down all company operations and manufacturing processes. Most of the client's data protection had been on-line at the time of the intrusion and were damaged. The client considered paying the ransom (more than two hundred thousand dollars) and hoping for good luck, but ultimately brought in Progent.

"I cannot tell you enough about the care Progent provided us throughout the most stressful period of (our) company's life. We may have had to pay the hackers behind this attack if not for the confidence the Progent team provided us. That you could get our e-mail and critical applications back online sooner than one week was incredible. Each expert I spoke to or e-mailed at Progent was totally committed on getting us back on-line and was working all day and night to bail us out."

Progent worked with the customer to rapidly identify and prioritize the critical applications that had to be recovered in order to restart company operations:

  • Windows Active Directory
  • Microsoft Exchange
  • Accounting and Manufacturing Software
To start, Progent followed ransomware incident response industry best practices by halting lateral movement and clearing infected systems. Progent then started the work of restoring Windows Active Directory, the heart of enterprise networks built upon Microsoft Windows technology. Exchange messaging will not work without Windows AD, and the customer's MRP applications used SQL Server, which requires Windows AD for security authorization to the information.

Within two days, Progent was able to recover Active Directory services to its pre-penetration state. Progent then completed reinstallations and hard drive recovery on the most important servers. All Exchange data and configuration information were intact, which accelerated the restore of Exchange. Progent was also able to collect non-encrypted OST files (Outlook Email Offline Data Files) on team desktop computers and laptops in order to recover mail messages. A not too old offline backup of the businesses manufacturing software made them able to restore these essential services back online for users. Although significant work needed to be completed to recover completely from the Ryuk virus, core services were returned to operations rapidly:

"For the most part, the production line operation survived unscathed and we did not miss any customer sales."

During the following couple of weeks key milestones in the restoration process were completed through close cooperation between Progent engineers and the customer:

  • In-house web applications were returned to operation with no loss of information.
  • The MailStore Exchange Server containing more than 4 million historical emails was brought on-line and accessible to users.
  • CRM/Orders/Invoicing/Accounts Payable (AP)/AR/Inventory functions were 100% functional.
  • A new Palo Alto Networks 850 security appliance was brought on-line.
  • 90% of the user PCs were operational.
"So much of what occurred that first week is nearly entirely a blur for me, but our team will not soon forget the dedication all of you put in to give us our company back. I've been working with Progent for at least 10 years, possibly more, and each time Progent has outperformed my expectations and delivered as promised. This situation was no exception but maybe more Herculean."

Conclusion
A likely business-ending catastrophe was dodged through the efforts of dedicated experts, a wide array of subject matter expertise, and close teamwork. Although upon completion of forensics the ransomware incident detailed here should have been identified and prevented with advanced security technology solutions and recognized best practices, user and IT administrator training, and appropriate security procedures for information protection and proper patching controls, the reality is that state-sponsored cybercriminals from China, Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a ransomware virus, feel confident that Progent's roster of experts has substantial experience in ransomware virus blocking, cleanup, and data recovery.

"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (along with others who were involved), thanks very much for letting me get rested after we got past the most critical parts. All of you did an fabulous effort, and if any of your guys is in the Chicago area, a great meal is the least I can do!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To review or download a PDF version of this case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Remediation Services
For 24x7x365 crypto-ransomware repair services, contact Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24/7 Expertise for Corpus Christi IT Support Organizations Corpus Christi Texas Corpus Christi Corpus Christi Specialists for Network Service Companies
  • 24x7 SharePoint Server 2010 Remote Troubleshooting Raleigh Wake Forest Garner Cary Microsoft SharePoint Server 2013 Online Technical Support Raleigh Durham Chapel Hill
  • ASA 5500-X Firewall with Firepower Technology Consulting Services Cisco ASA 5500-X with Firepower Consultant
  • Albany-Troy, New York Albany Phobos Ransomware Business Recovery Albany Dharma Crypto-Ransomware System-Restoration Albany, New York, United States

    • System Center 2016 Amazon AWS Integration IT Consultant
    IT Consultant System Center 2016 Amazon AWS Integration

    Small to middle size companies can now get all the advantages of System Center Operations Manager and in addition have fast access to Progent's Microsoft and Cisco Premier network consulting experts. With Progent's affordably priced IT support programs, small businesses can select a basic Microsoft System Center Operations Manager-based co-sourcing service program with network monitoring, reporting, Help Desk and remote troubleshooting or a complete round-the-clock outsourcing solution. Progent supports Microsoft System Center Operations Manager to offer small company networks enterprise-class reliability, security, and performance.

  • Alpharetta Critical Ransomware Removal Support Services Alpharetta Emergency Alpharetta Crypto Recovery Experts Alpharetta-Roswell
  • At Home Workers Consultants near New Haven - Backup/Restore Solutions Guidance New Haven, United States New Haven Offsite Workforce Backup Technology Consulting Experts New Haven
  • ransomware cryptoworm recovery Engineer
  • At Home Workforce Oxford Guidance - Cybersecurity Systems Consulting Oxford Work from Home Employees Consulting Services - Oxford - Security Solutions Consultants
  • Austin, Texas Computer Tech Austin, TX IT Specialist

    • Windows 2019 Hyper-V IT Services
    Windows Server 2019 Support and Help

    Progent's Microsoft-certified Windows Server 2019 experts can assist your organization to design and implement a cost-effective migration to Windows Server 2019 using your current deployment architecture or a cloud-based or hybrid model. Microsoft Windows Server 2019 offers significant improvements in capacity, performance, manageability, Hyper-V virtualization, security and compliance, hybrid on-prem plus cloud integration, availability, and Linux support.

  • Barra da Tijuca DopplePaymer Ransomware Data-Recovery Estado do Rio de Janeiro Barra da Tijuca Sodinokibi Crypto-Ransomware Operational Recovery Barra da Tijuca, State of Rio de Janeiro
  • BlackBerry Synchronization Network Consultation Manhattan Beach-Gardena, U.S.A. BlackBerry BPS IT Consulting Firms Manhattan Beach-El Segundo
  • CISSP Cybersecurity Organizations Boston, MA, United States Firewall Information Technology Consulting
  • Chesapeake Phobos Ransomware System-Restoration South Hampton Roads Chesapeake Virginia Chesapeake Avaddon Crypto-Ransomware System-Restoration

    • Microsoft Exchange 2019 IT Services
    Exchange 2019 Online Consulting

    Progent can assist your organization in any facet of your migration to Microsoft Exchange Server 2019 including configuring Windows Server 2019 Core for hosting Exchange; planning HA system topology for an on-premises, cloud-based or hybrid deployment; migrating mailboxes; designing and implementing Hyper-V; setting up HLB; setting up DAG groups with MCDB caching; setting up Skype for Business 2019 for voicemail; setting up collaboration with SharePoint; updating firewalls; integration with Microsoft 365 and configuring Outlook clients.

  • Cisco Design Consultant Santiago, Región Metropolitana Cisco Computer Consulting Company Región Metropolitana
  • Citrus Heights Contractor 24x7 Roseville Information Technology Outsourcing Firms
  • Consulting Support for Computer Support Firms in New Orleans - Seamless Short-Term Support Staff Assistance New Orleans, LA, United States New Orleans Specialists for New Orleans Network Support Companies
  • Curitiba Remote Workers Curitiba Guidance - Help Desk Call Center Solutions Guidance Curitiba Offsite Workforce Help Desk Outsourcing Consulting Experts Curitiba, Estado do Paraná

    • ProSight Private Cloud Hosting Services Engineers
    Virtual Machine Hosting Consulting Services

    Progent's ProSight Virtual Hosting service offers proven virtualization architecture, a state-of-the-art data center facility, and the technical services of Progent's Microsoft-certified engineering team to provide small and midsize businesses with a comprehensive information technology outsourcing alternative that improves network dependability and protection, reduces management distraction, and lowers expenses. With Progent's Private Cloud Hosting, a smaller business can have each of its software platforms and key business application servers supported within a secure and fault tolerant data center on a high-performance, non-stop virtual server set up and maintained by Progent's network support experts.

  • Dallas Ryuk Crypto-Ransomware Virus Restoration Case Study Dallas DFW Dallas DFW Dallas Ransomware Recovery
  • Emergency Monterey Technology Consulting After Hours Microsoft and Cisco Certified Expert Seaside Setup Service
  • Spora ransomware recovery Specialist
  • Emergency Pittsburgh Offsite Workforce Endpoint Security Systems Expertise Pittsburgh International Airport PIT, United States Top Ranked At Home Workers Consulting Services nearby Pittsburgh - Network Security Solutions Consulting Services Pittsburgh International Airport PIT
  • Fort Myers Remote Workforce VoIP Technology Consulting and Support Services Fort Myers-Lehigh Acres, United States Top Remote Workforce Fort Myers Consulting Experts - VoIP Systems Consultants Fort Myers, FL
  • Fort Worth MongoLock Crypto-Ransomware Negotiation Consultants Fort Worth, TX, United States Fort Worth Ransomware Negotiation Guidance Fort Worth, Tarrant County
  • Hermes ransomware hot line Consult Biggest Engineers ransomware cleanup and restore

    • SharePoint Deployment Architecture Information Technology Consulting
    SharePoint 2016 MinRole Information Technology Consulting

    Progent's Microsoft-certified SharePoint consultants can provide affordable online and onsite expertise, application development, and technical support services for organizations of all sizes who intend to upgrade to SharePoint 2016 or SharePoint Online from prior releases of SharePoint.

  • Integration Support ISA 2006 Microsoft ISA Server 2006 Onsite Technical Support
  • Lubbock Maintenance Top Rated Cisco Expert Lubbock, Texas Specialists
  • Marion County Indiana BlackBerry Integration Services Indianapolis BlackBerry Smartphone Small Business IT Consulting Company
  • Microsoft Certified Partner Voice over IP Consulting MS Office Communications Server 2007 Engineer

    • SonicWall TZ300 Firewall Cybersecurity Firms
    SonicWall NSA 5650 Firewall Security Consultant

    Progent's certified SonicWall firewall experts can help you configure, maintain, and troubleshoot SonicWall firewall/VPN devices including the current SonicWall TZ and NSa Series of firewalls and the legacy SonicWall PRO 1260 Secure Switch devices. Progent's CISSP and GIAC-certified cybersecurity consultants can show you how to incorporate SonicWall security gateways into a complete security plan and design security into your corporate processes.

  • Microsoft SharePoint 2010 Remote Support Services Niterói Top Ranked Microsoft SharePoint Server 2013 Consultant

    • Consultant Microsoft Exchange Server 2016 Migration
    Exchange 2016 Migration Planning Specialist

    Progent can assist your business in any and all phases of your upgrade to Exchange 2016 such as designing HA system topology for an on-premises, cloud-based or hybrid environment; licensing compliance for Exchange Server and Windows Server 2012 R2; migrating mailboxes; Hyper-V virtualization design; specifying mass storage requirements for your virtual machines (VMs), databases and logs; configuring hardware load balancing (HLB) for high-availability CAS services; planning, configuring and testing Exchange and Windows Servers and Database Availability Groups (DAGs); setting up collaboration with SharePoint; updating your firewall; resolving SSL issues; providing client integration with Office desktop or Microsoft 365; and setting up Outlook on the web.

  • Midtown Manhattan Expertise for Network Service Providers New York City-Upper East Side Consulting Expertise for Midtown Manhattan Network Support Organizations NYC-Upper East Side, NY

    • Integration ASA Firewall
    ASA Firewall Outsourcing

    The current ASA 5500-X Series of firewalls with Firepower Services offer substantially more value than Cisco's legacy firewalls and have replaced the ASA 5500 and PIX 500 firewalls for new deployments. Progent's Cisco-certified CCIE network experts can help you to maintain your legacy PIX or Cisco ASA 5500 firewalls and migrate efficiently to ASA 5500-X firewalls with Firepower Services. Progent can also help your company to design, configure, tune, manage and debug firewall solutions based on Cisco ASA 5500-X firewalls with Firepower Services.

  • Mobile, AL 24 Hour Consulting Experts for IT Support Firms - Mobile - Transparent Temporary IT Support Help Consultants for Computer Support Firms near me in Mobile - Transparent Temporary Staff Augmentation Mobile Bay, Alabama
  • Niterói Exchange 2010 Server Technical Consultant Small Business Specialist Exchange Server 2010 Niterói
  • On-site Support Ubuntu Linux, Sun Solaris, UNIX Mandrake Linux, Sun Solaris, UNIX Technology Consulting Livermore, Alameda County

    • Automated Server Management IT Consultants
    Outsourcing ProSight Remote Server Monitoring

    ProSight LAN Watch is Progent's server and endpoint monitoring service that incorporates state-of-the-art remote monitoring and management technology to help keep your IT system running efficiently by tracking the health of vital assets that drive your network environment. When ProSight LAN Watch uncovers a problem, an alarm is transmitted immediately to your specified IT staff and your assigned Progent engineering consultant so that all potential problems can be resolved before they can disrupt your business.

  • On-site Technical Support Cisco Clearwater Florida Clearwater, Pinellas County, USA Cisco Software Support

    • Expert Microsoft Certified Internet Security and Acceleration Server Online Technical Support
    ISA Server Consultancy

    Progent's Microsoft-certified TMG 2010 and ISA Server 2006 experts can assist you to plan, deploy, and manage an implementation of Forefront TMG or Internet Security and Acceleration Server 2006 on your information system that delivers the firewall protection, speed and ease-of-use that your business needs.

  • Online Technical Support Cisco Help Desk Help Desk Call Center Support and Setup

    • SQL Server 2019 Cybersecurity Support and Setup
    24/7/365 Setup and Support SQL Server 2019 SSRS

    Progent's Microsoft-certified SharePoint 2019 and SharePoint Online experts can provide affordable online and onsite consulting, software development, and technical support services for organizations of all sizes who want to upgrade to SharePoint 2019 or SharePoint Online from earlier releases of SharePoint. Progent can help you plan and execute an efficient migration to SharePoint 2019 on prem, SharePoint Online, or a hybrid environment that combines local and cloud infrastructure into a seamless information management system.

  • Phoenix, AZ Exchange Network Admin Companies Exchange Network Specialist Phoenix Arizona

    • Threat Management Gateway 2010 On-site Support
    Help and Support Forefront TMG

    Forefront TMG 2010 builds on the powerful security technologies of ISA Server 2006 and provides a easily managed web gateway that delivers a one-server platform for an array of security functions including an application and network layer firewall, URL filtering, antimalware, intrusion protection, reputation services, Virtual Private Network management, and HTTP and HTTPS inspection. Forefront TMG 2010 includes comprehensive web security reporting features, allows custom reporting powered by Microsoft SQL Server, works with Active Directory to streamline authentication and policy enforcement, and can be operated as a virtual machine to lower costs and improve recoverability. Progent's Microsoft consultants can help your company to design and carry out pilot and production implementations; integrate Microsoft Forefront Threat Management Gateway 2010 with Windows 2008, AD, Microsoft SQL Server, Microsoft Exchange Server, and SharePoint 2010; set up Forefront TMG 2010 to run on a virtual machine with Windows Hyper-V; and provide ongoing support and troubleshooting. Progent's consultants can also help your organization to migrate economically to Microsoft Forefront TMG 2010 from Microsoft ISA Server 2006 or 2004.

  • ransomware cryptoworm recovery Consultants
  • Portland At Home Workforce Collaboration Systems Consulting Services Portland Portland At Home Workforce Collaboration Solutions Consulting Services Portland
  • Remote Help Desk Security Consultants Flint Flint Michigan Windows Security IT Consultants

    • Remote Office Network Consulting
    Branch Location Configuration

    Years of background providing Microsoft expertise and Cisco network consulting has enabled Progent to build an unmatched ability for serving branch offices that require IT help with the flexibility associated with with small companies but which offers effective client interaction, thorough documentation, and compliance with enterprise IT protocols. If your enterprise maintains a remote office located anywhere in California or any area covered by Progent's consultants, Progent can provide a broad array of in-person and off-site network consulting services and network architecture expertise.

  • Remote Workforce Allentown Consulting Services - VoIP Technology Consulting Experts Allentown Bethlehem Easton 24/7 At Home Workforce Allentown Guidance - VoIP Solutions Consulting Experts Lehigh County Pennsylvania
  • Rochester Crypto-Ransomware Settlement Negotiation Consultants Monroe County New York Rochester MongoLock Crypto-Ransomware Settlement Consulting Rochester, NY
  • San Rafael Computer Network Specialists Corte Madera Systems Consultant
  • Security Consultants Des Moines, Polk County CISSP Information Technology Consulting Des Moines
  • SharePoint Server 2007 Support Mobile Alabama Microsoft SharePoint Server 2007 Specialists Mobile Bay, Alabama
  • Spokane Offsite Workforce Cloud Integration Systems Consultants Spokane Washington Teleworkers Consulting nearby Spokane - Cloud Systems Consulting Spokane County Washington

    • PEN Testing Consulting
    Stealth Penetration Testing Cybersecurity Contractor

    Stealth penetration testing is a key part of any overall network security strategy. Progent's security professionals can run extensive intrusion checks without the knowledge of your company's in-house network support staff. Stealth penetration checking uncovers whether current security defense systems such as intrusion detection warnings and event log analysis are properly set up and actively monitored. Progent can provide ongoing automatic PEN testing to map your internal/external attack surface and to detect ways that exploitable vulnerabilities, unsafe configurations, stolen credentials, overlooked patches, and dangerous IT product defaults can be combined by threat actors into the multi-front attacks common to modern versions of ransomware.

  • ransomware virus recovery Consultants
  • Stamford DopplePaymer Ransomware Negotiation Guidance Stamford Hermes Ransomware Settlement Negotiation Guidance Stamford Norwalk Shelton
  • Telecommuters Expertise near Scottsdale - Video Conferencing Solutions Consulting 24x7 Telecommuters Scottsdale Guidance - Video Conferencing Technology Guidance Scottsdale, Maricopa County
  • Teleworkers Detroit Consulting Experts - Collaboration Solutions Consulting Services Detroit, MI Detroit Michigan At Home Workers Consulting Services nearby Detroit - Collaboration Solutions Consulting and Support Services
  • Travis County Texas Onsite Technical Support Ubuntu Linux, Sun Solaris, UNIX Austin Integration Red Hat Linux, Solaris, UNIX

    • Colo Technology Consulting
    Configuration Internet Data Center

    For large organizations, Progent can leverage in-house network support staffs by providing world-class experience in supporting key Microsoft and Cisco technologies. Progent's certified experts offer Enterprise Active Directory consulting, Exchange Server 2010 integration, SharePoint expertise, and Microsoft SQL Server help. For the nationwide or worldwide businesses with branch offices, Progent can act as a seamless nearby extension of corporate IT management. Progent's enterprise support services include corporate-wide security, online branch office support, system design, Sarbanes Oxley conformance, project planning, and world-class support for multiple location network environments powered by Enterprise Windows 2000. Progent can provide on-site engineers and technicians to assist with a site relocation or branch move, or a system architect to assist with building or utilizing an Internet Data Center or co-location site.

  • Waltham-Brookline Providers Top Quality Cisco Certified Information Technology Consulting Companies Waltham, Massachusetts
  • Waterford, Newman, Hughson CA Modesto At Home Workers Endpoint Management Systems Expertise Remote Workers Assistance near Modesto - Management Solutions Consulting Experts Ceres, CA

    • SharePoint Server 2013 On-site Support
    Windows SharePoint Services Remote Support Services

    Progent's Microsoft-certified consultants offer companies of any size consulting, troubleshooting, and application development expertise for SharePoint and SharePoint Online. SharePoint is an enterprise solution that uses web technology for efficiently connecting people, groups and data. Microsoft SharePoint Server offers a common spot for your workers or customers to connect to, organize, distribute and interact with useful data, documents, and applications and to communicate with one another. SharePoint enables quicker and better decisions, more effective access across teams and more streamlined business processes. Windows SharePoint Services connect workers, customers, teams and projects with the knowledge they've created in a manner that makes data convenient to locate, retrieve and re-use. Progent's certified SharePoint experts can help you to support your existing SharePoint ecosystem or upgrade to the latest version of SharePoint.

  • Wichita, KS Wichita At Home Workers Help Desk Call Center Solutions Guidance Wichita Teleworkers Call Desk Outsourcing Assistance Wichita Kansas
  • Work from Home Employees Long Beach Consulting Services - Help Desk Outsourcing Assistance Los Angeles County Long Beach Telecommuters Call Desk Augmentation Consultants
    •
    © 2002-2023 Progent Corporation. All rights reserved.