Ransomware Protection and Cleanup Solutions Philadelphia

Ransomware : Your Feared Information Technology Disaster
Ransomware has become a modern cyberplague that represents an extinction-level danger for businesses of all sizes vulnerable to an assault. Different iterations of crypto-ransomware like the CryptoLocker, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been replicating for a long time and continue to inflict destruction. Newer variants of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti and Nephilim, as well as more as yet unnamed malware, not only perform encryption of on-line files but also infiltrate many accessible system protection. Files synchronized to off-premises disaster recovery sites can also be rendered useless. In a poorly architected environment, this can render automatic restore operations hopeless and effectively knocks the datacenter back to square one.

Getting back programs and information following a ransomware attack becomes a race against time as the targeted business struggles to contain, clear the ransomware, and resume enterprise-critical operations. Since ransomware requires time to replicate across a targeted network, attacks are often sprung during nights and weekends, when successful penetrations typically take longer to discover. This multiplies the difficulty of rapidly mobilizing and organizing a capable mitigation team.

Progent makes available an assortment of support services for protecting Philadelphia businesses from ransomware events. These include team member training to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring for endpoint detection and response (EDR) using SentinelOne's behavior-based threat defense to detect and suppress zero-day malware assaults. Progent in addition offers the assistance of veteran crypto-ransomware recovery professionals with the skills and perseverance to rebuild a compromised network as quickly as possible.

Progent's Ransomware Restoration Support Services
After a ransomware event, even paying the ransom in cryptocurrency does not guarantee that merciless criminals will provide the needed codes to decrypt any or all of your information. Kaspersky Labs estimated that seventeen percent of ransomware victims never restored their files after having sent off the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms are commonly a few hundred thousand dollars. For larger enterprises, the ransom demand can reach millions. The fallback is to piece back together the critical components of your IT environment. Without access to full information backups, this requires a wide complement of skill sets, top notch project management, and the ability to work 24x7 until the job is over.

For decades, Progent has provided certified expert IT services for businesses throughout the US and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded top certifications in leading technologies like Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security experts have earned internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise in financial systems and ERP applications. This breadth of experience affords Progent the skills to knowledgably understand necessary systems and integrate the surviving pieces of your IT environment after a ransomware penetration and rebuild them into an operational system.

Progent's recovery team deploys top notch project management applications to orchestrate the complex recovery process. Progent knows the urgency of acting swiftly and in concert with a client's management and IT resources to prioritize tasks and to put key applications back on-line as fast as humanly possible.

Customer Case Study: A Successful Ransomware Incident Response
A customer contacted Progent after their company was taken over by the Ryuk ransomware virus. Ryuk is thought to have been developed by North Korean state cybercriminals, suspected of using technology exposed from America's NSA organization. Ryuk seeks specific organizations with little or no room for disruption and is among the most lucrative instances of ransomware viruses. Major targets include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a regional manufacturing company headquartered in Chicago with around 500 staff members. The Ryuk penetration had shut down all business operations and manufacturing capabilities. The majority of the client's information backups had been online at the time of the attack and were encrypted. The client was taking steps for paying the ransom demand (exceeding $200,000) and praying for good luck, but ultimately made the decision to use Progent.

Progent worked with the customer to quickly determine and assign priority to the mission critical areas that needed to be restored to make it possible to restart departmental functions:

• Microsoft Active Directory
• Microsoft Exchange
• Accounting and Manufacturing Software

In less than 48 hours, Progent was able to re-build Windows Active Directory to its pre-attack state. Progent then accomplished reinstallations and hard drive recovery on essential systems. All Exchange Server schema and configuration information were usable, which greatly helped the restore of Exchange. Progent was also able to find local OST files (Outlook Email Offline Folder Files) on staff desktop computers in order to recover mail information. A recent offline backup of the customer's financials/ERP systems made it possible to restore these required programs back available to users. Although major work needed to be completed to recover fully from the Ryuk virus, essential services were restored rapidly:

Throughout the next few weeks critical milestones in the restoration project were accomplished in close collaboration between Progent consultants and the client:

• Internal web applications were restored without losing any data.
• The MailStore Exchange Server containing more than four million archived messages was brought on-line and accessible to users.
• CRM/Customer Orders/Invoicing/AP/Accounts Receivables (AR)/Inventory functions were 100 percent operational.
• A new Palo Alto 850 security appliance was set up.
• Most of the user desktops and notebooks were functioning as before the incident.

Conclusion
A potential company-ending disaster was dodged due to top-tier professionals, a wide range of technical expertise, and tight teamwork. Although in hindsight the ransomware penetration described here would have been identified and stopped with modern cyber security technology and best practices, user and IT administrator education, and well designed incident response procedures for data protection and proper patching controls, the fact remains that state-sponsored criminal cyber gangs from Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to a ransomware penetration, remember that Progent's team of professionals has a proven track record in crypto-ransomware virus defense, remediation, and information systems disaster recovery.

Download the Ransomware Cleanup Case Study Datasheet
To read or download a PDF version of this customer story, click:
Progent's Ransomware Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Ransomware Cleanup Consulting Services in Philadelphia
For ransomware system restoration consulting services in the Philadelphia area, phone Progent at 800-462-8800 or go to Contact Progent.