24/7/365 Atlanta Critical Crypto-Ransomware
Computer Malware Identification and Remediation Help

Ransomware : Your Crippling Information Technology Disaster
Crypto-Ransomware has become a too-frequent cyberplague that poses an enterprise-level danger for businesses vulnerable to an assault. Versions of ransomware like the CrySIS, WannaCry, Bad Rabbit, SamSam and MongoLock cryptoworms have been running rampant for years and still inflict harm. Newer versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, LockBit or Nephilim, plus additional unnamed newcomers, not only do encryption of on-line critical data but also infiltrate any configured system protection mechanisms. Data synchronized to off-site disaster recovery sites can also be encrypted. In a vulnerable data protection solution, this can render any recovery hopeless and basically knocks the entire system back to zero.

Retrieving services and information following a crypto-ransomware event becomes a sprint against the clock as the targeted organization fights to stop the spread, remove the ransomware, and resume business-critical activity. Because ransomware needs time to spread, penetrations are often sprung at night, when successful attacks in many cases take longer to recognize. This multiplies the difficulty of quickly mobilizing and coordinating a knowledgeable mitigation team.

Progent offers a range of help services for securing businesses from ransomware attacks. Among these are team training to become familiar with and avoid phishing exploits, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus deployment of modern security gateways with machine learning capabilities from SentinelOne to discover and extinguish day-zero threats rapidly. Progent in addition provides the assistance of experienced ransomware recovery consultants with the track record and commitment to reconstruct a compromised environment as quickly as possible.

Progent's Crypto-Ransomware Recovery Services
After a crypto-ransomware attack, sending the ransom demands in cryptocurrency does not ensure that merciless criminals will provide the needed keys to decipher all your data. Kaspersky ascertained that seventeen percent of ransomware victims never recovered their information after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions of dollars. The fallback is to piece back together the essential components of your Information Technology environment. Without access to full system backups, this requires a broad complement of skills, well-coordinated team management, and the capability to work 24x7 until the job is over.

For twenty years, Progent has provided certified expert Information Technology services for companies across the United States and has earned Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded top industry certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cybersecurity specialists have earned internationally-recognized industry certifications including CISM, CISSP, CRISC, SANS GIAC, and CMMC 2.0. (See Progent's certifications). Progent also has experience with financial management and ERP applications. This breadth of experience affords Progent the capability to efficiently identify critical systems and re-organize the remaining parts of your IT system following a ransomware attack and rebuild them into an operational network.

Progent's ransomware group uses state-of-the-art project management applications to orchestrate the sophisticated recovery process. Progent understands the urgency of working rapidly and in unison with a customer's management and Information Technology resources to prioritize tasks and to get critical systems back on-line as fast as humanly possible.

Client Case Study: A Successful Ransomware Intrusion Recovery
A customer contacted Progent after their network system was penetrated by the Ryuk ransomware. Ryuk is thought to have been created by North Korean government sponsored hackers, suspected of adopting techniques exposed from the U.S. NSA organization. Ryuk attacks specific businesses with little ability to sustain disruption and is one of the most profitable examples of ransomware malware. Headline targets include Data Resolution, a California-based information warehousing and cloud computing business, and the Chicago Tribune. Progent's customer is a single-location manufacturing business based in Chicago with about 500 workers. The Ryuk attack had shut down all essential operations and manufacturing processes. Most of the client's data backups had been directly accessible at the start of the attack and were destroyed. The client was evaluating paying the ransom (exceeding two hundred thousand dollars) and hoping for good luck, but ultimately called Progent.

Progent worked together with the customer to rapidly determine and prioritize the mission critical elements that had to be addressed in order to restart company functions:

• Active Directory
• Microsoft Exchange Email
• MRP System

In less than 2 days, Progent was able to recover Active Directory services to its pre-intrusion state. Progent then initiated setup and storage recovery on mission critical servers. All Microsoft Exchange Server data and attributes were intact, which greatly helped the restore of Exchange. Progent was also able to collect intact OST data files (Outlook Email Offline Folder Files) on team PCs and laptops to recover email messages. A recent offline backup of the client's accounting/MRP systems made it possible to return these essential applications back online. Although major work still had to be done to recover fully from the Ryuk virus, the most important systems were restored rapidly:

During the next couple of weeks key milestones in the restoration process were achieved through close collaboration between Progent team members and the client:

• Self-hosted web applications were brought back up without losing any data.
• The MailStore Exchange Server with over 4 million historical messages was spun up and accessible to users.
• CRM/Product Ordering/Invoices/AP/Accounts Receivables (AR)/Inventory Control capabilities were completely functional.
• A new Palo Alto Networks 850 firewall was brought online.
• Ninety percent of the user workstations were operational.

Conclusion
A potential business extinction catastrophe was evaded due to top-tier professionals, a wide spectrum of technical expertise, and tight teamwork. Although in analyzing the event afterwards the ransomware attack described here would have been identified and disabled with up-to-date cyber security systems and best practices, user training, and properly executed security procedures for backup and applying software patches, the fact remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a crypto-ransomware incursion, feel confident that Progent's roster of experts has a proven track record in ransomware virus defense, cleanup, and file recovery.

To read or download a PDF version of this customer story, click:
Progent's Ryuk Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Crypto-Ransomware Protection Services Offered by Progent
Progent offers companies in Atlanta a range of online monitoring and security evaluation services designed to assist you to reduce your vulnerability to ransomware. These services include modern artificial intelligence technology to detect new variants of ransomware that can get past legacy signature-based security products.

• ProSight LAN Watch: Server and Desktop Monitoring and Management
  ProSight LAN Watch is Progent's server and desktop monitoring service that incorporates advanced remote monitoring and management (RMM) technology to help keep your IT system operating efficiently by tracking the state of critical computers that drive your business network. When ProSight LAN Watch detects an issue, an alert is sent automatically to your designated IT staff and your assigned Progent consultant so that all potential issues can be resolved before they have a chance to disrupt productivity. Learn more details about ProSight LAN Watch server and desktop remote monitoring services.

• ProSight LAN Watch with NinjaOne RMM: Unified RMM for Networks, Servers, and Desktops
  ProSight LAN Watch with NinjaOne RMM software offers a unified, cloud-driven platform for managing your client-server infrastructure by providing an environment for streamlining common tedious tasks. These can include health monitoring, patch management, automated remediation, endpoint setup, backup and restore, anti-virus protection, remote access, standard and custom scripts, asset inventory, endpoint profile reports, and troubleshooting assistance. If ProSight LAN Watch with NinjaOne RMM spots a serious issue, it transmits an alert to your designated IT personnel and your assigned Progent consultant so that emerging issues can be taken care of before they impact productivity. Find out more about ProSight LAN Watch with NinjaOne RMM server and desktop monitoring consulting.

• ProSight WAN Watch: Infrastructure Management
  Progent's ProSight WAN Watch is a network infrastructure management service that makes it easy and inexpensive for smaller businesses to map, track, optimize and debug their networking appliances such as routers and switches, firewalls, and wireless controllers as well as servers, endpoints and other devices. Using state-of-the-art Remote Monitoring and Management technology, WAN Watch ensures that infrastructure topology diagrams are kept current, copies and displays the configuration information of almost all devices connected to your network, tracks performance, and generates notices when issues are discovered. By automating complex management and troubleshooting activities, WAN Watch can cut hours off common chores like network mapping, reconfiguring your network, locating appliances that need important software patches, or resolving performance bottlenecks. Learn more about ProSight WAN Watch network infrastructure monitoring and management services.

• ProSight Reporting: In-depth Reporting for Ticketing and Network Monitoring Platforms
  ProSight Reporting is a growing suite of real-time reporting plug-ins created to integrate with the industry's leading ticketing and network monitoring programs including ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting incorporates Microsoft Graph and utilizes color coding to surface and contextualize critical issues like inconsistent support follow-up or endpoints with out-of-date AVs. By exposing ticketing or network health concerns concisely and in near-real time, ProSight Reporting enhances productivity, reduces management overhead, and saves money. For details, see ProSight Reporting for ticketing and network monitoring platforms.

• ProSight Data Protection Services (DPS): Managed Backup and Disaster Recovery Services
  Progent has partnered with leading backup/restore technology providers to create ProSight Data Protection Services (DPS), a portfolio of subscription-based offerings that provide backup-as-a-service. ProSight DPS services manage and track your data backup operations and enable transparent backup and rapid restoration of critical files, applications, system images, and Hyper-V and VMware virtual machines. ProSight DPS lets you protect against data loss caused by equipment failures, natural calamities, fire, cyber attacks such as ransomware, human error, ill-intentioned employees, or software bugs. Managed backup services in the ProSight DPS product line include ProSight Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup based on Barracuda dedicated hardware, and ProSight MSP360 Cloud and On-prem Backup. Your Progent service representative can help you to identify which of these fully managed services are best suited for your IT environment.

• ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
  ProSight Email Guard is Progent's spam and virus filtering service that uses the technology of top data security vendors to provide web-based management and comprehensive protection for your email traffic. The powerful architecture of Email Guard managed service integrates cloud-based filtering with a local security gateway device to offer advanced protection against spam, viruses, Denial of Service Attacks, DHAs, and other email-based threats. Email Guard's Cloud Protection Layer serves as a preliminary barricade and keeps most threats from making it to your network firewall. This reduces your exposure to external threats and conserves system bandwidth and storage. Email Guard's on-premises gateway device provides a further level of analysis for incoming email. For outbound email, the onsite security gateway offers AV and anti-spam filtering, DLP, and email encryption. The onsite security gateway can also assist Exchange Server to monitor and protect internal email traffic that originates and ends inside your corporate firewall. For more details, visit Email Guard spam and content filtering.

• ProSight Duo Multi-Factor Authentication: Access Security, Endpoint Remediation, and Secure Single Sign-on (SSO)
  Progent's Duo MFA managed services utilize Cisco's Duo cloud technology to protect against compromised passwords through the use of two-factor authentication. Duo enables single-tap identity confirmation with iOS, Google Android, and other out-of-band devices. With 2FA, when you log into a protected online account and give your password you are asked to verify who you are via a unit that only you possess and that is accessed using a different network channel. A wide selection of out-of-band devices can be used for this second form of authentication such as a smartphone or watch, a hardware/software token, a landline telephone, etc. You may register several validation devices. For details about Duo identity authentication services, go to Duo MFA two-factor authentication services for access security.

• Outsourced/Co-managed Call Desk: Call Center Managed Services
  Progent's Help Desk managed services allow your information technology team to offload Support Desk services to Progent or divide activity for support services seamlessly between your internal network support team and Progent's extensive pool of IT service technicians, engineers and subject matter experts (SMEs). Progent's Co-managed Service Desk offers a smooth supplement to your corporate network support group. End user interaction with the Service Desk, delivery of support, problem escalation, ticket generation and updates, performance measurement, and maintenance of the support database are cohesive regardless of whether incidents are resolved by your in-house support resources, by Progent's team, or by a combination. Find out more about Progent's outsourced/co-managed Help Center services.

• Progent Active Protection Against Ransomware: AI-based Ransomware Detection and Cleanup
  Progent's Active Protection Against Ransomware is an endpoint protection managed service that utilizes next generation behavior analysis technology to defend endpoints as well as physical and virtual servers against new malware assaults such as ransomware and file-less exploits, which easily escape legacy signature-based anti-virus tools. Progent ASM services protect on-premises and cloud-based resources and offers a unified platform to automate the complete threat lifecycle including protection, identification, mitigation, remediation, and post-attack forensics. Top capabilities include one-click rollback using Windows Volume Shadow Copy Service (VSS) and automatic network-wide immunization against new attacks. Read more about Progent's ransomware protection and cleanup services.

• ProSight IT Asset Management: Network Documentation Management
  ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to create, update, retrieve and safeguard data related to your IT infrastructure, processes, business apps, and services. You can quickly locate passwords or IP addresses and be alerted automatically about impending expirations of SSL certificates or domains. By updating and managing your IT documentation, you can eliminate as much as half of time spent looking for vital information about your IT network. ProSight IT Asset Management features a common location for holding and collaborating on all documents required for managing your network infrastructure such as recommended procedures and self-service instructions. ProSight IT Asset Management also supports a high level of automation for collecting and relating IT information. Whether you're making improvements, performing regular maintenance, or responding to an emergency, ProSight IT Asset Management delivers the information you require the instant you need it. Find out more about Progent's ProSight IT Asset Management service.

• Progent's Patch Management: Software/Firmware Update Management Services
  Progent's managed services for software and firmware patch management provide businesses of any size a flexible and cost-effective alternative for assessing, testing, scheduling, implementing, and tracking updates to your ever-evolving IT system. In addition to optimizing the security and functionality of your IT environment, Progent's patch management services allow your in-house IT team to focus on line-of-business projects and activities that derive the highest business value from your network. Learn more about Progent's software/firmware update management services.

• ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
  With ProSight Virtual Hosting service, a small organization can have its key servers and apps hosted in a secure Tier III data center on a fast virtual host configured and maintained by Progent's network support experts. Under the ProSight Virtual Hosting model, the customer retains ownership of the data, the operating system platforms, and the applications. Since the environment is virtualized, it can be ported immediately to a different hardware environment without requiring a lengthy and difficult reinstallation process. With ProSight Virtual Hosting, your business is not locked into one hosting service. Find out more about ProSight Virtual Hosting services.

• ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
  Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection service that incorporates SentinelOne's next generation behavior-based analysis tools to defend physical and virtual endpoint devices against new malware attacks such as ransomware and file-less exploits, which routinely get by legacy signature-based AV products. ProSight ASM protects on-premises and cloud resources and offers a single platform to manage the complete threat progression including protection, infiltration detection, mitigation, cleanup, and forensics. Key capabilities include single-click rollback with Windows Volume Shadow Copy Service (VSS) and automatic network-wide immunization against new attacks. Progent is a SentinelOne Partner, reseller, and integrator. Read more about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware recovery.

• ProSight Enhanced Security Protection: Physical and Virtual Endpoint Security and Exchange Filtering
  ProSight Enhanced Security Protection (ESP) managed services deliver affordable multi-layer protection for physical servers and VMs, desktops, smartphones, and Exchange Server. ProSight ESP utilizes adaptive security and modern behavior analysis for round-the-clock monitoring and reacting to cyber threats from all vectors. ProSight ESP delivers firewall protection, penetration alerts, endpoint management, and web filtering via leading-edge technologies incorporated within one agent accessible from a single control. Progent's data protection and virtualization consultants can help you to plan and implement a ProSight ESP deployment that meets your organization's specific needs and that helps you demonstrate compliance with government and industry data protection regulations. Progent will help you specify and configure policies that ProSight ESP will manage, and Progent will monitor your network and react to alerts that call for immediate action. Progent's consultants can also help you to install and test a backup and restore system such as ProSight Data Protection Services so you can recover quickly from a destructive security attack such as ransomware. Learn more about Progent's ProSight Enhanced Security Protection unified physical and virtual endpoint protection and Exchange email filtering.