24x7x365 Miami Immediate Crypto-Ransomware
Computer Malware Identification and Repair Consultants

Ransomware : Your Worst Information Technology Nightmare
Ransomware has become a too-frequent cyberplague that presents an existential threat for businesses poorly prepared for an assault. Multiple generations of ransomware such as CrySIS, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been circulating for many years and continue to inflict damage. The latest versions of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti or Egregor, as well as frequent as yet unnamed newcomers, not only do encryption of online data but also infect any accessible system restores and backups. Data replicated to the cloud can also be encrypted. In a vulnerable data protection solution, it can make automated restore operations useless and effectively sets the network back to square one.

Getting back applications and information following a crypto-ransomware intrusion becomes a race against the clock as the targeted business struggles to stop the spread, cleanup the ransomware, and resume business-critical operations. Because ransomware needs time to move laterally, assaults are often sprung during weekends and nights, when successful attacks are likely to take more time to identify. This multiplies the difficulty of promptly mobilizing and orchestrating a qualified mitigation team.

Progent has an assortment of support services for protecting organizations from crypto-ransomware events. Among these are staff training to help identify and not fall victim to phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, along with setup and configuration of modern security gateways with AI technology from SentinelOne to identify and extinguish day-zero cyber attacks rapidly. Progent in addition provides the assistance of expert crypto-ransomware recovery professionals with the talent and perseverance to re-deploy a compromised system as rapidly as possible.

Progent's Ransomware Recovery Help
Following a ransomware penetration, even paying the ransom in cryptocurrency does not ensure that cyber hackers will respond with the keys to unencrypt all your information. Kaspersky Labs estimated that seventeen percent of ransomware victims never restored their information even after having sent off the ransom, resulting in additional losses. The risk is also expensive. Ryuk ransoms are commonly several hundred thousand dollars. For larger organizations, the ransom can be in the millions. The alternative is to re-install the vital components of your IT environment. Without access to full information backups, this calls for a wide complement of skill sets, well-coordinated project management, and the willingness to work 24x7 until the job is completed.

For two decades, Progent has offered professional IT services for businesses across the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts includes consultants who have earned top industry certifications in leading technologies like Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have garnered internationally-renowned certifications including CISA, CISSP, CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has experience in financial systems and ERP applications. This breadth of experience gives Progent the capability to rapidly determine critical systems and integrate the remaining pieces of your IT environment following a crypto-ransomware attack and configure them into an operational system.

Progent's recovery group deploys state-of-the-art project management applications to coordinate the complicated recovery process. Progent knows the urgency of acting rapidly and in unison with a client's management and Information Technology staff to assign priority to tasks and to put the most important applications back on-line as fast as possible.

Business Case Study: A Successful Crypto-Ransomware Penetration Recovery
A client engaged Progent after their network was penetrated by Ryuk ransomware virus. Ryuk is believed to have been created by North Korean state sponsored criminal gangs, suspected of adopting algorithms exposed from the U.S. NSA organization. Ryuk goes after specific companies with limited ability to sustain disruption and is among the most profitable examples of ransomware viruses. Major organizations include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a small manufacturing business located in Chicago with about 500 workers. The Ryuk event had brought down all business operations and manufacturing capabilities. The majority of the client's backups had been online at the start of the attack and were eventually encrypted. The client was pursuing financing for paying the ransom demand (in excess of $200K) and praying for good luck, but in the end called Progent.

Progent worked together with the customer to quickly identify and prioritize the key systems that needed to be recovered in order to resume company functions:

• Windows Active Directory
• Microsoft Exchange
• Financials/MRP

In less than two days, Progent was able to re-build Windows Active Directory to its pre-virus state. Progent then helped perform rebuilding and hard drive recovery of the most important applications. All Microsoft Exchange Server ties and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was also able to find intact OST files (Outlook Email Off-Line Data Files) on user desktop computers and laptops in order to recover email data. A not too old off-line backup of the customer's financials/ERP systems made it possible to restore these essential services back on-line. Although a large amount of work still had to be done to recover completely from the Ryuk attack, critical systems were returned to operations rapidly:

During the following few weeks important milestones in the restoration process were completed through close cooperation between Progent team members and the customer:

• In-house web applications were brought back up without losing any information.
• The MailStore Exchange Server exceeding 4 million archived emails was brought on-line and accessible to users.
• CRM/Product Ordering/Invoices/Accounts Payable (AP)/Accounts Receivables/Inventory Control functions were completely operational.
• A new Palo Alto 850 firewall was brought online.
• Most of the user desktops were being used by staff.

Conclusion
A likely company-ending catastrophe was averted due to hard-working experts, a broad spectrum of IT skills, and close collaboration. Although upon completion of forensics the crypto-ransomware virus incident detailed here should have been stopped with modern cyber security technology and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator education, and appropriate incident response procedures for data protection and keeping systems up to date with security patches, the reality remains that government-sponsored cybercriminals from China, Russia, North Korea and elsewhere are tireless and will continue. If you do get hit by a ransomware attack, remember that Progent's roster of professionals has a proven track record in crypto-ransomware virus defense, removal, and data recovery.

To read or download a PDF version of this customer case study, please click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Available from Progent
Progent can provide companies in Miami a portfolio of online monitoring and security evaluation services to help you to minimize the threat from crypto-ransomware. These services incorporate next-generation machine learning technology to uncover new strains of ransomware that can evade traditional signature-based anti-virus products.

• ProSight LAN Watch: Server and Desktop Monitoring
  ProSight LAN Watch is Progent's server and desktop monitoring service that incorporates state-of-the-art remote monitoring and management techniques to help keep your network operating efficiently by tracking the state of critical computers that power your business network. When ProSight LAN Watch detects an issue, an alarm is transmitted immediately to your designated IT management personnel and your assigned Progent consultant so that all looming problems can be addressed before they can disrupt your network. Learn more details about ProSight LAN Watch server and desktop monitoring consulting.

• ProSight LAN Watch with NinjaOne RMM: Centralized RMM Solution for Networks, Servers, and Desktops
  ProSight LAN Watch with NinjaOne RMM software delivers a unified, cloud-based solution for monitoring and managing your client-server infrastructure by offering tools for performing common time-consuming tasks. These include health monitoring, update management, automated remediation, endpoint setup, backup and recovery, anti-virus defense, secure remote access, built-in and custom scripts, asset inventory, endpoint profile reporting, and troubleshooting help. If ProSight LAN Watch with NinjaOne RMM uncovers a serious issue, it sends an alarm to your specified IT management staff and your assigned Progent consultant so that potential issues can be fixed before they impact productivity. Learn more about ProSight LAN Watch with NinjaOne RMM server and desktop monitoring services.

• ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
  Progent's ProSight WAN Watch is a network infrastructure monitoring and management service that makes it easy and affordable for smaller businesses to map out, monitor, optimize and debug their networking hardware like routers and switches, firewalls, and load balancers as well as servers, printers, endpoints and other networked devices. Incorporating state-of-the-art RMM technology, WAN Watch makes sure that infrastructure topology diagrams are kept updated, captures and displays the configuration of almost all devices on your network, monitors performance, and generates alerts when problems are detected. By automating complex management activities, ProSight WAN Watch can knock hours off common chores such as network mapping, expanding your network, finding devices that need critical updates, or identifying the cause of performance issues. Learn more about ProSight WAN Watch infrastructure monitoring and management services.

• ProSight Reporting: Real-time Reporting for Ticketing and Network Monitoring Applications
  ProSight Reporting is an expanding suite of in-depth management reporting plug-ins designed to work with the industry's leading ticketing and remote network monitoring platforms including ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting uses Microsoft Graph and utilizes color coding to highlight and contextualize critical issues like inconsistent support follow-up or machines with missing patches. By exposing ticketing or network health concerns clearly and in near-real time, ProSight Reporting improves network value, reduces management overhead, and saves money. For details, see ProSight Reporting for ticketing and network monitoring platforms.

• ProSight Data Protection Services: Managed Backup and Disaster Recovery Services
  Progent has partnered with leading backup/restore technology companies to create ProSight Data Protection Services (DPS), a selection of subscription-based management offerings that provide backup-as-a-service (BaaS). ProSight DPS products manage and track your data backup processes and allow transparent backup and fast recovery of vital files/folders, applications, system images, plus virtual machines. ProSight DPS helps your business protect against data loss resulting from equipment breakdown, natural calamities, fire, malware like ransomware, human error, ill-intentioned insiders, or software glitches. Managed backup services in the ProSight Data Protection Services product family include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup based on Barracuda purpose-built storage, and ProSight MSP360 Cloud and On-prem Backup. Your Progent expert can help you to identify which of these managed backup services are best suited for your network.

• ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
  ProSight Email Guard is Progent's spam and virus filtering service that uses the technology of top data security vendors to deliver centralized control and comprehensive protection for your email traffic. The hybrid structure of Email Guard managed service combines a Cloud Protection Layer with a local security gateway appliance to provide complete defense against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks (DHAs), and other email-borne malware. Email Guard's cloud filter serves as a preliminary barricade and keeps most threats from making it to your network firewall. This reduces your vulnerability to inbound attacks and saves system bandwidth and storage. Email Guard's onsite gateway device adds a further level of inspection for inbound email. For outgoing email, the on-premises security gateway provides anti-virus and anti-spam protection, policy-based Data Loss Prevention, and email encryption. The on-premises security gateway can also assist Microsoft Exchange Server to track and protect internal email traffic that originates and ends inside your corporate firewall. For more information, see Email Guard spam filtering and data leakage protection.

• ProSight Duo Multi-Factor Authentication: Access Security, Endpoint Remediation, and Protected Single Sign-on (SSO)
  Progent's Duo authentication services utilize Cisco's Duo technology to protect against stolen passwords through the use of two-factor authentication. Duo enables single-tap identity confirmation on Apple iOS, Android, and other personal devices. Using Duo 2FA, whenever you sign into a secured application and give your password you are requested to confirm your identity via a unit that only you possess and that is accessed using a different ("out-of-band") network channel. A wide range of devices can be utilized as this added form of authentication such as an iPhone or Android or watch, a hardware/software token, a landline telephone, etc. You may designate several verification devices. To find out more about Duo identity authentication services, visit Duo MFA two-factor authentication (2FA) services.

• Progent's Outsourced/Shared Call Desk: Support Desk Managed Services
  Progent's Help Center services allow your IT staff to offload Call Center services to Progent or divide activity for Help Desk services transparently between your in-house network support staff and Progent's nationwide pool of IT service engineers and subject matter experts. Progent's Co-managed Service Desk provides a seamless extension of your in-house network support resources. Client access to the Service Desk, delivery of technical assistance, escalation, ticket generation and tracking, performance metrics, and management of the service database are cohesive whether issues are resolved by your corporate IT support resources, by Progent's team, or both. Read more about Progent's outsourced/shared Call Desk services.

• Active Defense Against Ransomware: Machine Learning-based Ransomware Identification and Cleanup
  Progent's Active Protection Against Ransomware is an endpoint protection (EPP) managed service that utilizes cutting edge behavior machine learning technology to defend endpoint devices as well as servers and VMs against new malware assaults like ransomware and file-less exploits, which easily get by legacy signature-matching anti-virus tools. Progent Active Security Monitoring services protect on-premises and cloud resources and provides a unified platform to address the complete malware attack progression including filtering, detection, containment, remediation, and post-attack forensics. Key features include single-click rollback with Windows Volume Shadow Copy Service (VSS) and automatic system-wide immunization against newly discovered threats. Learn more about Progent's ransomware protection and recovery services.

• ProSight IT Asset Management: Network Documentation Management
  ProSight IT Asset Management service is an IT infrastructure documentation management service that allows you to create, update, find and protect data related to your IT infrastructure, processes, business apps, and services. You can instantly locate passwords or serial numbers and be alerted about impending expirations of SSL certificates or domains. By cleaning up and organizing your IT infrastructure documentation, you can save up to half of time thrown away trying to find critical information about your network. ProSight IT Asset Management includes a centralized location for storing and collaborating on all documents related to managing your network infrastructure like standard operating procedures (SOPs) and self-service instructions. ProSight IT Asset Management also supports a high level of automation for gathering and relating IT data. Whether you're making enhancements, performing regular maintenance, or responding to a crisis, ProSight IT Asset Management gets you the information you need the instant you need it. Learn more about Progent's ProSight IT Asset Management service.

• Progent's Patch Management: Software/Firmware Update Management Services
  Progent's managed services for software and firmware patch management offer businesses of all sizes a versatile and cost-effective alternative for evaluating, validating, scheduling, applying, and documenting updates to your dynamic IT system. In addition to maximizing the security and functionality of your IT network, Progent's software/firmware update management services permit your IT staff to focus on line-of-business projects and activities that deliver the highest business value from your network. Read more about Progent's software/firmware update management support services.

• ProSight Virtual Hosting: Hosted VMs at Progent's World-class Data Center
  With ProSight Virtual Hosting service, a small or mid-size business can have its critical servers and applications hosted in a secure Tier III data center on a fast virtual host configured and managed by Progent's network support experts. Under Progent's ProSight Virtual Hosting model, the customer retains ownership of the data, the operating system platforms, and the applications. Because the system is virtualized, it can be ported immediately to an alternate hardware environment without requiring a lengthy and technically risky reinstallation process. With ProSight Virtual Hosting, your business is not tied one hosting service. Learn more details about ProSight Virtual Hosting services.

• ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
  ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) service that utilizes SentinelOne's cutting edge behavior analysis technology to defend physical and virtual endpoint devices against new malware assaults such as ransomware and file-less exploits, which easily get by legacy signature-matching AV tools. ProSight Active Security Monitoring safeguards on-premises and cloud resources and provides a unified platform to address the entire malware attack progression including blocking, detection, containment, cleanup, and post-attack forensics. Top features include one-click rollback with Windows Volume Shadow Copy Service (VSS) and automatic network-wide immunization against new attacks. Progent is a SentinelOne Partner, reseller, and integrator. Read more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware recovery.

• ProSight Enhanced Security Protection: Endpoint Security and Microsoft Exchange Email Filtering
  Progent's ProSight Enhanced Security Protection managed services offer affordable multi-layer security for physical servers and virtual machines, desktops, smartphones, and Microsoft Exchange. ProSight ESP utilizes contextual security and modern behavior analysis for round-the-clock monitoring and responding to cyber threats from all attack vectors. ProSight ESP delivers two-way firewall protection, penetration alerts, endpoint control, and web filtering through cutting-edge technologies packaged within a single agent managed from a unified console. Progent's security and virtualization consultants can assist you to plan and implement a ProSight ESP environment that addresses your company's unique requirements and that helps you prove compliance with legal and industry information security regulations. Progent will assist you specify and configure policies that ProSight ESP will manage, and Progent will monitor your network and react to alarms that require immediate action. Progent can also help you to set up and test a backup and restore solution such as ProSight Data Protection Services so you can get back in business rapidly from a potentially disastrous cyber attack like ransomware. Learn more about Progent's ProSight Enhanced Security Protection unified endpoint protection and Exchange email filtering.