Ransomware : Your Crippling Information Technology Catastrophe
Ransomware  Remediation ExpertsRansomware has become a modern cyber pandemic that poses an extinction-level danger for organizations poorly prepared for an attack. Versions of crypto-ransomware like the Dharma, Fusob, Bad Rabbit, Syskey and MongoLock cryptoworms have been out in the wild for years and continue to inflict destruction. Newer strains of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Lockbit and Egregor, plus more unnamed newcomers, not only encrypt on-line data but also infect many available system backup. Information replicated to off-site disaster recovery sites can also be corrupted. In a poorly designed data protection solution, it can make automated restore operations impossible and effectively sets the entire system back to square one.

Getting back on-line services and data following a ransomware intrusion becomes a sprint against time as the victim struggles to contain the damage and eradicate the virus and to restore enterprise-critical activity. Due to the fact that ransomware takes time to replicate, assaults are often launched during weekends and nights, when successful penetrations tend to take more time to detect. This multiplies the difficulty of promptly marshalling and organizing a capable mitigation team.

Progent offers an assortment of services for securing enterprises from ransomware events. These include team training to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring for remote monitoring and management, along with installation of the latest generation security solutions with artificial intelligence capabilities to automatically identify and suppress zero-day threats. Progent also can provide the assistance of expert ransomware recovery engineers with the track record and perseverance to restore a breached system as soon as possible.

Progent's Crypto-Ransomware Restoration Support Services
Soon after a ransomware penetration, paying the ransom demands in Bitcoin cryptocurrency does not guarantee that distant criminals will respond with the keys to unencrypt any of your files. Kaspersky determined that seventeen percent of ransomware victims never recovered their information after having sent off the ransom, resulting in more losses. The gamble is also expensive. Ryuk ransoms often range from 15-40 BTC ($120,000 and $400,000). This is significantly higher than the usual ransomware demands, which ZDNET estimated to be in the range of $13,000 for smaller organizations. The other path is to re-install the essential elements of your IT environment. Absent the availability of complete data backups, this requires a wide range of skills, professional project management, and the capability to work non-stop until the job is finished.

For twenty years, Progent has provided expert IT services for companies throughout the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts includes professionals who have earned advanced certifications in leading technologies including Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have earned internationally-recognized certifications including CISA, CISSP-ISSAP, ISACA CRISC, and SANS GIAC. (Visit Progent's certifications). Progent also has experience in financial systems and ERP software solutions. This breadth of experience provides Progent the capability to knowledgably ascertain critical systems and consolidate the remaining components of your Information Technology system following a crypto-ransomware attack and assemble them into an operational network.

Progent's recovery team utilizes state-of-the-art project management applications to coordinate the complex restoration process. Progent understands the importance of working quickly and in concert with a customerís management and Information Technology team members to prioritize tasks and to put key systems back on line as soon as humanly possible.

Customer Story: A Successful Crypto-Ransomware Penetration Restoration
A small business contacted Progent after their company was taken over by Ryuk ransomware. Ryuk is generally considered to have been created by Northern Korean state sponsored cybercriminals, suspected of adopting approaches leaked from Americaís NSA organization. Ryuk seeks specific businesses with limited room for operational disruption and is one of the most profitable incarnations of ransomware. Headline organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturing business headquartered in Chicago with around 500 staff members. The Ryuk intrusion had brought down all essential operations and manufacturing capabilities. Most of the client's data protection had been on-line at the beginning of the intrusion and were eventually encrypted. The client was evaluating paying the ransom (in excess of $200,000) and wishfully thinking for the best, but ultimately utilized Progent.


"I canít speak enough about the help Progent provided us during the most critical period of (our) companyís life. We may have had to pay the criminal gangs except for the confidence the Progent team provided us. The fact that you were able to get our e-mail system and key applications back sooner than seven days was beyond my wildest dreams. Each staff member I interacted with or communicated with at Progent was amazingly focused on getting us back on-line and was working 24 by 7 to bail us out."

Progent worked hand in hand the client to quickly determine and assign priority to the mission critical areas that had to be recovered in order to resume business operations:

  • Microsoft Active Directory
  • Electronic Mail
  • MRP System
To begin, Progent followed ransomware incident mitigation best practices by halting the spread and cleaning up infected systems. Progent then started the task of bringing back online Windows Active Directory, the key technology of enterprise systems built upon Microsoft Windows Server technology. Exchange email will not function without AD, and the client's MRP applications utilized SQL Server, which depends on Active Directory for authentication to the database.

In less than 2 days, Progent was able to restore Active Directory services to its pre-virus state. Progent then performed rebuilding and hard drive recovery on mission critical applications. All Exchange Server schema and configuration information were usable, which facilitated the rebuild of Exchange. Progent was able to collect local OST files (Outlook Email Offline Folder Files) on team workstations and laptops in order to recover email messages. A recent offline backup of the client's financials/MRP software made it possible to restore these required services back servicing users. Although a large amount of work still had to be done to recover totally from the Ryuk damage, core services were recovered rapidly:


"For the most part, the production line operation never missed a beat and we made all customer sales."

Throughout the following few weeks important milestones in the restoration project were accomplished through close cooperation between Progent engineers and the client:

  • In-house web sites were restored without losing any information.
  • The MailStore Server exceeding 4 million historical emails was brought on-line and accessible to users.
  • CRM/Customer Orders/Invoicing/Accounts Payable (AP)/AR/Inventory modules were 100% restored.
  • A new Palo Alto Networks 850 security appliance was installed.
  • 90% of the user workstations were being used by staff.

"Much of what went on those first few days is mostly a fog for me, but my team will not forget the dedication each and every one of your team accomplished to give us our company back. I have utilized Progent for the past ten years, maybe more, and each time I needed help Progent has outperformed my expectations and delivered. This situation was a Herculean accomplishment."

Conclusion
A possible enterprise-killing catastrophe was avoided due to hard-working experts, a wide spectrum of knowledge, and close teamwork. Although in hindsight the ransomware attack described here could have been prevented with modern security technology solutions and recognized best practices, staff training, and properly executed incident response procedures for information backup and proper patching controls, the fact is that government-sponsored criminal cyber gangs from China, Russia, North Korea and elsewhere are tireless and will continue. If you do fall victim to a ransomware incident, remember that Progent's team of experts has a proven track record in crypto-ransomware virus defense, removal, and information systems recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Tony (along with others who were helping), Iím grateful for making it so I could get some sleep after we got past the first week. Everyone did an fabulous effort, and if anyone that helped is in the Chicago area, dinner is on me!"

Download the Crypto-Ransomware Recovery Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Crypto-Ransomware Remediation Expertise
For 24/7 ransomware remediation services, reach out to Progent at 800-993-9400 or go to Contact Progent.



An index of content::

  • 24-7 Microsoft SQL 2008 Network Architect JundiaŪ Microsoft SQL Server 2016 Integration Firm
  • 24x7x365 Contract Telecom Consultants Career Independent EDI Contractor Full-Time Job
  • Application Consultants SQL Server Microsoft Certified Partner MS SQL Security Auditing
  • At Home Workers Consulting nearby Fort Lauderdale - IP Voice Technology Guidance Broward County Florida Fort Lauderdale At Home Workers IP Voice Solutions Consulting Broward County Florida
  • At Home Workforce Expertise nearby Los Angeles - Set up Guidance Los Angeles California Offsite Workforce Consulting near me in Los Angeles - Solutions Guidance Encino
  • CCIE Expert Certified Small Office Install Small Business Support Organizations
  • Cisco Computer Consultant Sao Paulo State Cisco Support Outsourcing
  • Cisco Information Technology Management Port of Baltimore Cisco IT Consultants Baltimore
  • Cisco Outsourcing Companies Broomfield Cisco Expert Broomfield CO
  • Cisco Service San Francisco East Bay Cisco Online Troubleshooting Livermore
  • Detroit CryptoLocker Repair Services Detroit, MI Detroit MongoLock Crypto Removal

  • Juniper J6350 Router Firewall Audit
    Juniper J4350 Router Cybersecurity Firms

    Progent's Juniper-certified network engineers can assist your organization to design and carry out the installation of Juniper J Series firewall/VPN routers, configure security policies and fault-tolerant redundancy, and provide ongoing technical consulting and troubleshooting services.

  • Edison-Princeton, NJ 24/7 SQL 2012 Installer Network Installations Microsoft SQL Server 2016 Edison-Piscataway, NJ
  • Emergency Consulting Expertise for Computer Support Companies in Eugene - Transparent Temporary Support Team Assistance Eugene Eugene Consulting Experts for IT Service Firms Lane County Oregon

  • Services ProSight Remote IT Management
    ProSight Managed Services Consulting

    Progent's ProSight family of managed services are geared to provide businesses who have small internal IT support staffs with low-cost access to world-class management platforms and technical experts. Advantages of the ProSight line of managed IT services include flat-rate network maintenance expenses, automation of common administrative processes, continual absorption of new technology, smooth migration from older technology to current solutions, close alignment of computer technology with strategic objectives, access to seasoned IT experts, and freeing up management to focus on business instead of fast-evolving information technology.

  • Emergency Consulting Experts for Arlington Computer Support Organizations Arlington, Dallas, Fort Worth Consulting for Arlington Network Support Providers Arlington, Dallas, Fort Worth, U.S.A.

  • Technology Consulting Services CRM
    MSCRM Network Consultant

    Microsoft Dynamics Customer Relationship Management helps small businesses nurture positive client relationships. Integrated Sales and Customer Service modules allow employees to share data to help improve selling success and offer steady, efficient customer service. Progent can set up the optimal server and communications infrastructure, including local and offsite wireless access, to back Microsoft CRM, and Progent's Experts Team can supply your company with a certified MS CRM professional who can show you how to combine Microsoft CRM with your sales or customer support data.

  • Exchange Information Technology Outsourcing Firms Exchange Small Business Outsourcing Houston, Texas
  • Fargo 24x7x365 Crypto Removal Fargo Fargo Ransomware Recovery Fargo-Fargo, North Dakota, United States
  • Firewall Security Audit Services Manchester Firewall Consultant Hillsborough County New Hampshire, US

  • Specialist Small Business
    Small Office Network Support Services

    If you have a company IT system with 10 to 50 network clients, Progent's IT outsourcing services free your business from over-reliance on single independent service provider while giving you affordable and dependable access to high-quality network expertise. By providing network consulting help when you need it, offering advanced knowledge for key technologies, offering value-added support such as 24x7 server monitoring, and billing only for services you use, Progent offers you an affordable way for maximizing the productivity and profitability of your small business network. Progent is the intelligent way for small organizations to build and support a reliable and safe information system and to have quick access to the skilled help ordinarily restricted to businesses who are able to afford a large internal IT organization.

  • Garden Grove, CA Emergency Phone Support Small Business Network Consulting Company Microsoft and Cisco Maintenance Garden Grove Lake Forest
  • Hartford Telecommuters IP Voice Solutions Consulting Hartford Enfield Bristol Farmington, America Hartford At Home Workers IP Voice Systems Consulting Hartford County Connecticut
  • Herakles/QTS Test Lab Specialists Disaster Recovery Test Lab Consultant
  • Microsoft Configuration Manager Tech Consulting 24/7/365 Desktop Update Automation Technology Consultants
  • Microsoft Office 365 Webinar Consultants Online Microsoft Office 365 Training Consultant Services
  • Office 365 Single Sign On Consulting Services Online Troubleshooting Outlook autodiscover
  • Photoshop Trainer Largest Apple Final Cut Pro Learn
  • Pittsburgh Offsite Workforce Collaboration Solutions Consulting Services Pittsburgh, Allegheny County Pittsburgh, PA, U.S.A. Pittsburgh Remote Workers Collaboration Solutions Guidance
  • Remote Help Desk Security Consulting Services Simi Valley, County Top Quality PC Consulting Microsoft Network Simi Valley, CA
  • Remote Workforce Consulting and Support Services near Albany - Solutions Expertise Albany-Schenectady, NY Albany Offsite Workforce Integration Guidance Albany-Clifton Park, United States
  • Santa Cruz Computer Network Consulting company Small Business IT Consulting Group Santa Cruz County
  • Santa Rosa, CA Security Protect Santa Rosa California CISSP Network Security Audit
  • Small Business Network Computer Specialist McAllen, Hidalgo County Cisco CCIE Small Business IT Consulting Firms McAllen, USA
  • Support Organization Microsoft and Apple Thornton, Weld County Thornton, Weld County Microsoft Windows Tech Outsourcing

  • Remote Troubleshooting System Center 2016 Security and Compliance
    Online Help System Center 2016 and Windows Server 2016

    Microsoft System Center 2016 delivers major enhancements in the management of hybrid cloud networks through comprehensive support for Windows Server 2016 servers, Windows 10; unified management of heterogeneous environments that include various Linux distributions, Microsoft Hyper-V and VMware; and better public and private cloud support including closer integration with Intune for iPhone and Google Android smartphone management plus native integration with Microsoft Operations Management Suite (OSM) for cloud-based analytics. Progent's Microsoft-certified consulting team offers world-class online and on-premises support for all elements of System Center 2016 including Operations Manager (SCOM), Configuration Manager (SCCM), Virtual Machine Manager, Data Protection Manager, Orchestrator, and Service Manager (SCSM). Progent can assist your business to plan and install a new implementation of Microsoft System Center 2016, expand or tune an existing one, migrate efficiently from an earlier release of System Center, or troubleshoot your System Center environment.

  • Tacoma Offsite Workforce Backup Systems Guidance Tacoma Teleworkers Tacoma Consulting Services - Backup/Recovery Systems Expertise
  • Telecommuters Expertise in Newark - Conferencing Systems Consulting Port Newark Newark At Home Workforce Voice/Video Conferencing Solutions Consulting Experts Newark, US
  • Telecommuters Mesa Consulting and Support Services - Backup/Recovery Systems Consulting and Support Services Mesa Arizona At Home Workforce Consulting nearby Mesa - Backup/Restore Technology Consultants Mesa, AZ, USA
  • Toronto-Hamilton Networking Organization Toronto Canada Designers
  • White Papers Small Business IT Outsourcing IT Outsourcing Example White Papers

  • © 2002-2021 Progent Corporation. All rights reserved.