Ransomware: Your Worst IT Nightmare
Ransomware Recovery ConsultantsRansomware has become a modern cyberplague that poses an extinction-level threat for businesses unprepared for an attack. Versions of ransomware like the Dharma, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been around for years and continue to do damage. More recent strains of ransomware like Ryuk and Hermes, plus daily unnamed newcomers, not only encrypt online data but also infiltrate any accessible system restores and backups. Data synched to the cloud can also be corrupted. In a vulnerable environment, this can make automated recovery impossible and effectively knocks the datacenter back to square one.

Restoring services and data after a ransomware attack becomes a race against the clock as the victim struggles to contain and remove the virus and to restore business-critical operations. Because ransomware takes time to spread, assaults are often launched during weekends, when attacks may take longer to detect. This compounds the difficulty of promptly mobilizing and coordinating a qualified response team.

Progent offers a variety of services for protecting organizations from ransomware attacks. These include user training to recognize and avoid phishing exploits, ProSight Active Security Monitoring for remote monitoring and management, plus deployment of modern security gateways with AI technology to identify and suppress zero-day threats. Progent also offers the services of experienced ransomware recovery consultants with the skills and commitment to rebuild a compromised network as quickly as possible.

Progent's Ransomware Recovery Services
After a ransomware attack, paying the ransom in Bitcoin cryptocurrency does not guarantee that cyber criminals will provide the keys to decrypt all your data. Kaspersky estimated that 17% of ransomware victims never recovered their files after having paid the ransom. The gamble is also expensive. Ryuk ransoms commonly range from 15-40 BTC ($120,000 and $400,000). This is well above the average ransomware demand, which ZDNET estimates to be around $13,000. The alternative is to piece back together the vital components of your IT environment. Without the availability of full backups, this requires a broad range of expertise, well-coordinated project management, and the willingness to work 24x7 until the job is done.

Progent has provided professional IT services throughout the United States for two decades and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SBEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally-recognized certifications including CISA, CISM, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them into a functioning system.

Progent's recovery team uses state-of-the-art project management tools to coordinate the complex recovery process and understands the importance of working quickly and in unison with a client's management and IT staff to prioritize tasks and to get essential services back on line as fast as possible.

Case Study: A Successful Ransomware Recovery
A client engaged Progent after their organization was attacked by Ryuk ransomware. Ryuk is believed to have been launched by North Korean state hackers, possibly using technology leaked from the U.S. National Security Agency. Ryuk targets specific companies with little tolerance for disruption and is one of the most profitable versions of ransomware. Headline victims include Data Resolution, a California-based data warehousing and cloud computing firm, and the Chicago Tribune. Progent's client is a manufacturer based in Chicago and has about 500 employees. The Ryuk attack had shut down all business operations and manufacturing processes. The majority of the client's backups had been online at the time of the attack and were encrypted. The client considered paying the ransom (in excess of $200,000) and hoping for the best, but in the end called Progent.


"I cannot say enough about the support Progent gave us during the most critical time of (our) business life. We may have had to pay the Hacker if not for the confidence the Progent Team gave us. That you could get our e-mail and Servers back in less than 1 week was something incredible. Every single person I spoke to or e-mailed at Progent was hell bent on getting us operational and was working 24/7 on our behalf."

Progent worked with the client to identify and prioritize the key areas that needed to be addressed in order to restart business operations:

  • Active Directory
  • Email
  • Accounting/ERP
To start, Progent followed AV/Malware Processes best practices by isolating and cleaning up infected systems. Progent then began the task of recovering Active Directory, the heart of enterprise networks built on Microsoft technology. Exchange email will not operate without Active Directory, and the client's accounting and ERP software used Microsoft SQL, which depends on Active Directory for access to the database.

Within two days, Progent was able to restore Active Directory to its pre-attack state. Progent then helped perform reinstallations and hard drive recovery on critical systems. All Exchange ties and attributes were intact, which facilitated the rebuild of Exchange. Progent was also able to locate intact OST files (Outlook Offline Folder Files) on various workstations to recover email data. A recent offline backup of the client's accounting/ERP software made it possible to return these vital applications back online. Although significant work remained to recover fully from the Ryuk attack, core services were restored quickly:


"For the most part, the manufacturing operation never missed a beat and we did not miss any customer shipments."

Over the next few weeks important milestones in the recovery process were achieved through close cooperation between Progent and the client:

  • Internal web sites were brought back up with no loss of data.
  • The MailStore Server with over 4 million archived emails was spun up and working.
  • Orders/Invoices/AP/AR/BOM and inventory were 100% restored.
  • A new Palo Alto 850 Firewall was installed.
  • 90% of user workstations were operational.

"A lot of what happened that first week is mostly a blur for me, but we will not forget the countless hours each and everyone of you put in to give us our business back. I have been working with Progent for at least 10 years maybe more and every time, Progent has come through and delivered. This time was no exception but maybe more Herculean."

Conclusion
A potential business disaster was averted by hard work, a broad range of technical expertise, and close teamwork. Although in hindsight the ransomware attack described here could have been prevented with modern security technology, user training, and appropriate procedures for backup and applying software patches, the fact remains that government-sponsored cyber criminals from China, Russia, North Korea and elsewhere are relentless and are not going away. If you do fall victim to ransomware, remember that Progent's team has proven experience in ransomware virus removal and file recovery.


"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen, Tony and Chris (and any others that were involved), thank you for allowing me to get some sleep after we got past the first week. All of you did an incredible job and if anyone is visiting the Chicago area, dinner is on me!"

Additional Ransomware Protection Services Offered by Progent
Progent offers a range of remote monitoring and security assessment services to help you minimize the threat from ransomware. These services include next-generation machine learning technology to detect new variants of ransomware that can escape detection by traditional signature-based anti-virus solutions.

  • ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Recovery
    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates cutting edge behavior machine learning tools to defend endpoints as well as servers and VMs against modern malware attacks such as ransomware and email phishing, which easily evade legacy signature-matching anti-virus tools. ProSight ASM protects local and cloud-based resources and offers a unified platform to address the entire threat progression including protection, identification, mitigation, remediation, and forensics. Top capabilities include single-click rollback with Windows Volume Shadow Copy Service and automatic system-wide immunization against new attacks. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense.

  • ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Protection
    Progent's ProSight Enhanced Security Protection managed services offer economical multi-layer security for physical servers and virtual machines, workstations, mobile devices, and Exchange Server. ProSight ESP uses contextual security and advanced machine learning for round-the-clock monitoring and reacting to security threats from all attack vectors. ProSight ESP delivers two-way firewall protection, penetration alerts, endpoint management, and web filtering via cutting-edge tools incorporated within a single agent accessible from a single control. Progent's data protection and virtualization experts can assist your business to design and configure a ProSight ESP environment that meets your company's unique requirements and that allows you achieve and demonstrate compliance with legal and industry data security regulations. Progent will assist you define and configure policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that require immediate action. Progent's consultants can also assist your company to install and test a backup and disaster recovery system like ProSight Data Protection Services (DPS) so you can recover rapidly from a destructive security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Microsoft Exchange filtering.

  • ProSight Data Protection Services: Managed Backup and Recovery
    ProSight Data Protection Services offer small and mid-sized organizations an affordable end-to-end solution for reliable backup/disaster recovery. Available at a low monthly rate, ProSight DPS automates and monitors your backup activities and allows rapid recovery of vital files, applications and VMs that have become lost or corrupted as a result of hardware breakdowns, software glitches, disasters, human mistakes, or malware attacks like ransomware. ProSight DPS can help you back up, retrieve and restore files, folders, applications, system images, plus Microsoft Hyper-V and VMware virtual machine images. Critical data can be protected on the cloud, to a local storage device, or mirrored to both. Progent's cloud backup specialists can provide world-class support to configure ProSight Data Protection Services to comply with government and industry regulatory standards like HIPPA, FINRA, PCI and Safe Harbor and, whenever necessary, can assist you to recover your critical data. Read more about ProSight DPS Managed Backup.

  • The ProSight Ransomware Preparedness Report Service
    The ProSight Ransomware Preparedness Report is a low-cost service centered on a phone discussion with a Progent information assurance expert. The interview is intended to assess your organization's preparedness either to stop or recover rapidly from a ransomware attack. Progent will work with you directly to collect information concerning your existing AV defense and backup/recovery platform, and Progent will then produce a written Basic Security and Best Practices Report document describing how you can follow best practices to create a cost-effective security and backup system that meets your business needs. For more information, see Progent's ProSight Ransomware Preparedness Report Service.
Contact Progent for Ransomware Recovery Consulting and Remote Security Monitoring
For ransomware recovery or prevention expertise, call Progent at 800-993-9400 or go to Contact Progent.
















© 2002- 2019 Progent Corporation. All rights reserved.



More topics of interest:


An index of content::

Administration for Jacksonville, Miami, Saint Petersburg, FL Computer Outsourcing Consultant for Jacksonville Florida
Altaro VM Backup Online Technical Support Remote Support Services for Altaro VM Backup and VMware
Apple Mac Backup Consultant Services Specialist
BlackBerry Email Small Business IT Consulting Firm Network Installation for BlackBerry BPS Raleigh Durham Cary
BlackBerry Professional Software Network System Support Consultant RIM BlackBerry Problem Resolution Tacoma Olympia
BlackBerry Software Information Systems Firms Security Consulting Firm for BlackBerry Wireless in Winston-Salem North Carolina
BlackBerry Software Network Design and Consulting BlackBerry BES Small Office Server Support
BlackBerry Synchronization Migration BlackBerry Software Integration Companies San Diego - La Jolla
BlackBerry Wireless Small Business IT Outsourcing Companies Onsite Support in Washington District of Columbia
BlackBerry Wireless Tech Expert IT Consulting Companies for BlackBerry Enterprise Server Mobile
CISSP Certified Security Analyst Consulting Services CISSP Certified Cybersecurity Architect Services
CISSP Consultants Nationwide Security Security Contractors Boise, ID
CISSP Information systems Security Outsourcing CISSP Testing Phoenix
CISSP Security Consultancy Computer Security
CISSP Technology Consulting Services Firewall Network Security Test Pennsylvania
Charlotte, NC Professionals Security Services for CISSP Phoenix - Tempe - Mesa
Charlotte, North Carolina Online Support Services Charlotte, NC Design Firm
Chicago, IL Computer Network Support Company Computer Network Support for Chicago
Cisco Certified Experts Cincinnati, Ohio Small Business Network Consulting Firm Cincinnati, OH Computer System Consultant
Cisco Consulting Services Firm Award Winning Cisco Migration Help
Cisco Information Technology Outsource Contractor for Cisco
Cisco Security Consulting Firm Networking Company
Cisco Small Business Network Consulting Company Denver, CO Cisco Tech Services
Cisco Small Office Computer Consultant Computer Consulting Firm for Cisco Birmingham, Jefferson County
Cisco Support Organization Cisco IT Manager
Cisco and Microsoft Certified IT Consulting Firm San Francisco IT Outsourcing Firms in California
Compensation for Microsoft Consultant Contractor Jobs Compensation for Microsoft Certified Telecommuting Job
Computer Consultancy for Allen Cisco and Microsoft Certified Experts Allen Consulting Firm
Computer Consultancy for Microsoft SQL Server 2017 SQL Server 2014 Small Business Server Support
Computer Security Specialist for Firewall CISSP Security Auditor
Computer Tech Fresno, CA Network Support Company
Computer Tech for Cisco Cisco Technical Consulting Anaheim Orange Garden Grove
Computer Virus Forensics Consultants Network Consultants
Consult for NetApp MetroCluster Troubleshooting NetApp MetroCluster Consultancy
Consultant Anchorage Integration Consultant for Cisco Hialeah, FL
Consultant Services Grover City, CA Orange County Florida Network Engineer
Consultant Services for XenServer Nationwide Consultancy
Consultant for ransomware removal and file recovery Danville, CA Small Business IT Consultants
Consultants for Operations Manager System Center Operations Manager Technology Consulting
Consulting SQL 2014 Network Consulting
Development Companies for Project 2007 Project Online Desktop Client Development Company
Dharma ransomware recovery Consultant Chicago, IL Part Time Jobs for CISSP Engineer Dallas Texas
Downers Grove Outsource IT CCIE Expert Certified Downers Grove Repair
Engineer for Private Cloud Virtual Datacenter Hosting Engineer
Engineers Cisco Computer Specialist Alaska
Engineers for Locky ransomware recovery in Madison, Wisconsin Network Consulting Plano - Allen
Excel Power BI Developer Firms Office Excel 2013 Engineer
Exchange 2007 Implementation Support Microsoft Exchange 2016 Security Consulting Companies
Exchange Server 2013 Consultant Microsoft Exchange Server 2013 Small Business IT Consulting
Exchange Server 2013 Outsource Exchange Server 2010 Problem Resolution
Firewall IT Services Security Audits
Florida IT Outsourcing Firm Florida Small Business IT Consultant
Full-Time Jobs for Microsoft Remote Consulting Cisco CCSP Network Engineer Virtual Office Job Boston
Garland Remote Consulting Garland, TX Outsourcing Firm
Georgia Small Business Network Consulting Small Office Network Consultants for Atlanta Georgia
Great Plains Accounting Specialist Dynamics GP Continuum Consulting Services
Help Desk Support Firm IT Outsourcing Systems Consultant Arvada, Jefferson County
Hermes ransomware recovery Consult in Sausalito, CA Garland Microsoft SQL Server Network Consultation
Hermes ransomware recovery Professional Point Richmond, CA Minneapolis, MN Remote Technical Support
Home Based Virtual Office Palo Alto, Santa Clara County Microsoft MCTS Consulting Part-Time Job
IT Outsourcing Firm for Remote Help Desk Microsoft Computer Network Consulting in St Lucie, County
Information Technology Outsourcing for Windows Server 2012 IT Consulting Group
Integration Consultants for Windows Server 2016 Greensboro Windows 2019 Server Remote Consulting
Integration Services for Microsoft SharePoint Server 2007 SharePoint Server 2013 Support and Help Los Angeles, Downtown
Jacksonville, FL Implementation Consolidate
Jacksonville, FL, Miami, FL, Saint Petersburg, FL, Orlando, FL Software Recovery Consultants
Jobs Available for ISSAP Consultant Remote Support Job for Microsoft MCITP Remote Support San Diego, CA
Jobs Available for Network Support ISSAP Consultant Full-Time Job
Juniper Junos J-Web IT Services Cybersecurity Firms for Juniper Junos Network and Security Manager
Lodi Server Install Migration Consultant for Stockton California
Los Angeles Computer Consultation Network Specialist
Los Angeles, San Diego, Long Beach, Santa Ana, Anaheim, Riverside, Bakersfield, CA Migrations Los Angeles California Technology Support
MCSE Expert Certified Security Consulting Firms Small Business IT Consulting Companies for Yolo County in California
Manager for Cupertino Sunnyvale Network Support
Meraki Wireless Access Point Specialist Onsite Technical Support for Meraki Access Point Security
Microsoft Exchange Server 2007 Remote Support Services Technology Consultants for Microsoft Exchange in Akron
Microsoft Exchange Server 2007 Small Business Computer Consultants Information Technology Integrators for Exchange 2010 Server
Microsoft Exchange Server 2013 Migration Consultant Server Consultants for Exchange
Microsoft Exchange Server Help Springfield Holyoke Agawam Microsoft Windows Network Installations
Microsoft MCA Consulting Freelancing Job Employment Opportunities in Lambert International Airport STL
Microsoft SQL 2008 Small Business IT Outsourcing Company Microsoft SQL Server 2016 Computer Network Support Companies
Microsoft SQL 2014 Technology Consulting Microsoft SQL Server 2016 Computer Consulting Services
Microsoft SQL Server 2016 Computer Network Providers SQL Server 2012 Small Business Network Consulting Companies
Microsoft SharePoint 2010 Support and Integration SharePoint Server 2013 Integration Services
Microsoft SharePoint 2013 Technology Consulting Services Microsoft SharePoint Server 2013 Technical Support
Microsoft Windows 2003 Network Consulting Microsoft Certified Partner Windows 2008 Server Integration Support
Minnetonka Small Business Network Consulting Services Manage
Network Architect Firms Honolulu Technology Consulting for Microsoft Windows Server 2019
Network Installations for Exchange Server 2013 Exchange 2007 Small Office Server Support
Network Security Engineer Job Opportunity MCSE Remote Consultant Contractor
Network Security Evaluation Security Network Security Evaluation New England
NotPetya ransomware recovery Specialists Remote Technical Support for Microsoft SharePoint Server 2010
Novato ransomware cleanup and file restore Specialists UNIX Technical Consultant
Online Troubleshooting for Linux Redhat Onsite Technical Support Denver, CO
Portland, Oregon Computer Consultancy Firms Portland, Oregon Onsite and Remote Support
ProSight VM Hosting Technology Professional ProSight Virtual Machine Hosting Consult
Progent Start-Up Companies Install Network Documentation
QTS Sacramento Internet Data Center Professionals QTS/Herakles Data Center Consulting Services
Redundant ISP Setup and Support On-site Technical Support
Redwood City Software Consulting Services Mountain View System Repair in California
Remote Technical Support for BlackBerry BES Server BlackBerry Exchange System Consulting
Ryuk ransomware recovery Consult in El Dorado Hills, CA BlackBerry BPS Online Consulting
Ryuk ransomware removal and recovery Consult Dallas County Exchange Computer Support Companies
SQL 2014 Computer Companies Microsoft SQL Server 2017 Technology Consulting Company in Texas Medical Center, Houston
Sacramento County ransomware removal and file restore Specialist Exchange Server 2016 Integration Firms
San Francisco Maintenance Cisco and Microsoft Bay Area Information Systems Firms in California
San Jose System Recovery Silicon valley Solution Provider
San Jose System Recovery Silicon valley Contractor in Northern California
Sandy Springs, Georgia Implementation Sandy Springs, GA Small Business IT Outsourcing Group
Santa Clara County Small Office IT Consulting Services Microsoft and Cisco Network Service for Campbell
Security Consulting Services for Vermont - Burlington, VT, Rutland, VT, Montpelier, VT Vermont Outsourcing IT
Security Cybersecurity Contractors Anchorage, Juneau, Fairbanks, AK Firewall Configuration for Firewall
Security Firewall Configuration Firewall Firewall Setup
Service Provider for Windows Server 2012 R2 Windows Server 2012 Technical Support Company Tampa, FL
SharePoint Server 2010 Integration Microsoft SharePoint Server 2010 Technical Support Services in Silicon Valley
SharePoint Server Support Microsoft SharePoint 2013 Network Consultant
Shreveport Network Consultation Information Technology Outsourcing Group for Shreveport, LA
Small Business Computer Consulting Firm for Microsoft Windows Server 2016 Network Specialist for Windows 2008 Server
Small Business IT Consulting Company Microsoft, Cisco and Security Certified Experts New York Security Consulting Group
Small Business IT Outsourcing Firms for Microsoft Windows Server 2016 Windows Service Providers
Solaris Outsourcing Virginia UNIX Consulting
Solaris with Windows Engineer Windows, UNIX, Solaris Support Outsourcing
SonicWALL VPN Cybersecurity Firm Cybersecurity Consultancies for SonicWALL PRO
South Dakota Small Business Computer Consulting Firm South Dakota Configure
Specialist for NotPetya ransomware recovery Livermore, CA Security Consultant for Microsoft Exchange Server 2007 in Orlando, Orange County
Sunnyvale Small Business Specialist San Jose Integration Company in Northern California
Support Companies Indianapolis, Marion County, Indiana Small Business Outsourcing IT
Support Organization for BlackBerry BES Server BlackBerry BES Server Technology Consultants in Newark
Support and Help for Hyper-V 2016 Private Cloud Microsoft Expert Online Help for Windows Server Hyper-V 2016 Shielded VMs
Systems Consultant for Columbia South Carolina Columbia, SC, Charleston, SC, Rock Hill, SC, Greenville, SC IT Service Providers
Tampa, FL ransomware removal and recovery Specialist Corte Madera Outsource California
Tech Expert Help Desk Consultancy Services Group
Technical Support for SharePoint Server 2013 SharePoint Server 2010 Integration Support Madison Wisconsin
Technology Consulting Company for Microsoft and Cisco Networking Networking Consultancy Services in Sunnyvale
Technology Consulting for Debian Linux, Sun Solaris, UNIX On-site Technical Support
Technology Consulting for Firewall Los Angeles, San Diego, Long Beach, Santa Ana, Anaheim, Riverside, Bakersfield, CA Top Ranked Security Firewall Configuration
Texas Design Companies CISSP Certified Security Texas Computer Network Companies
Troubleshoot Dallas Software Recovery
Upgrade for Emergency Phone Support Consulting Service Firm for Windows Security in Vancouver
Utah Small Business Network Consulting Company CISSP Certified Expert Utah Network Consultants
VPN IT Consulting Remote Access On-site Support
Virginia Server Support Virginia Small Business Computer Consultants
Virus Recovery Computer Engineer ProSight Ransomware Rollback Troubleshooting
WannaCry ransomware recovery Consultants in Boise, ID Computer Network Consulting company for San Jose
Wayne, NJ MongoLock ransomware recovery Professionals Microsoft MCDBA Remote Engineer Contractor Job in New Rochelle
Windows 2003 Remote Technical Support Microsoft Certified Expert Support for Windows 2003
Windows Server 2012 Consultancy Firm Network Support Companies Milwaukee
Windows Server 2012 Networking Consultant Windows 2008 Server Network Management Chicago West Side
Windows Server 2012 R2 Data Recovery Windows Server 2012 Security Consulting Firm
Windsor, CA ransomware cleanup and file recovery Consultancy Microsoft and Cisco System Consultants
ransomware removal and recovery Technology Professional Software Consultant
ransomware removal and recovery Technology Professional Auburn, MA Microsoft Windows Network Consultants