San Francisco 24-Hour Emergency Ransomware
Virus Detection and Repair Consulting

Ransomware : Your Worst Information Technology Catastrophe
Ransomware has become a modern cyberplague that poses an existential threat for businesses of all sizes poorly prepared for an assault. Multiple generations of ransomware like the Dharma, CryptoWall, Locky, Syskey and MongoLock cryptoworms have been circulating for years and still inflict damage. The latest strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Conti or Egregor, as well as additional as yet unnamed newcomers, not only encrypt online critical data but also infiltrate most accessible system backup. Files synchronized to the cloud can also be held hostage. In a poorly designed environment, this can render automatic restoration hopeless and basically knocks the datacenter back to zero.

Restoring programs and data after a ransomware outage becomes a sprint against time as the targeted business struggles to contain the damage, remove the crypto-ransomware, and restore business-critical activity. Since ransomware requires time to move laterally, assaults are often launched on weekends and holidays, when attacks are likely to take more time to notice. This multiplies the difficulty of quickly mobilizing and organizing an experienced response team.

Progent makes available an assortment of help services for protecting enterprises from ransomware penetrations. Among these are staff education to become familiar with and avoid phishing attempts, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus setup and configuration of next-generation security solutions with machine learning capabilities from SentinelOne to discover and extinguish zero-day cyber threats quickly. Progent also can provide the services of veteran ransomware recovery professionals with the skills and perseverance to re-deploy a compromised environment as rapidly as possible.

Progent's Crypto-Ransomware Recovery Services
Following a crypto-ransomware invasion, even paying the ransom demands in cryptocurrency does not ensure that criminal gangs will provide the codes to decipher any or all of your information. Kaspersky determined that 17% of crypto-ransomware victims never recovered their files even after having sent off the ransom, resulting in more losses. The gamble is also costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The other path is to re-install the essential components of your IT environment. Absent access to essential information backups, this requires a wide complement of skill sets, top notch team management, and the capability to work 24x7 until the recovery project is finished.

For two decades, Progent has provided expert IT services for businesses throughout the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's pool of subject matter experts (SMEs) includes consultants who have been awarded advanced industry certifications in leading technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's cyber security engineers have earned internationally-renowned industry certifications including CISA, CISSP-ISSAP, ISACA CRISC, GIAC, and CMMC 2.0. (See Progent's certifications). Progent in addition has expertise in accounting and ERP software solutions. This breadth of experience gives Progent the capability to quickly determine necessary systems and integrate the surviving parts of your computer network environment following a ransomware event and assemble them into an operational network.

Progent's recovery team deploys state-of-the-art project management applications to coordinate the complicated recovery process. Progent understands the importance of acting swiftly and together with a customer's management and IT resources to assign priority to tasks and to put critical services back on line as soon as humanly possible.

Client Story: A Successful Crypto-Ransomware Penetration Recovery
A small business contacted Progent after their network system was brought down by Ryuk crypto-ransomware. Ryuk is generally considered to have been launched by North Korean state hackers, possibly using approaches leaked from the United States NSA organization. Ryuk seeks specific businesses with little or no tolerance for disruption and is among the most lucrative iterations of ransomware viruses. Headline victims include Data Resolution, a California-based info warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a single-location manufacturer based in Chicago with about 500 employees. The Ryuk penetration had disabled all essential operations and manufacturing processes. Most of the client's data backups had been online at the beginning of the intrusion and were eventually encrypted. The client was evaluating paying the ransom (in excess of $200,000) and praying for the best, but ultimately made the decision to use Progent.

Progent worked together with the customer to quickly get our arms around and prioritize the mission critical areas that had to be addressed to make it possible to restart company operations:

• Active Directory
• Electronic Mail
• Accounting/MRP

Within two days, Progent was able to rebuild Active Directory to its pre-intrusion state. Progent then helped perform rebuilding and storage recovery of the most important systems. All Exchange Server data and attributes were usable, which facilitated the rebuild of Exchange. Progent was able to assemble intact OST files (Microsoft Outlook Offline Data Files) on staff workstations in order to recover email information. A recent off-line backup of the businesses financials/MRP software made it possible to recover these essential programs back online. Although significant work needed to be completed to recover completely from the Ryuk virus, core systems were returned to operations quickly:

During the next month critical milestones in the restoration process were completed through tight collaboration between Progent team members and the customer:

• Internal web applications were brought back up without losing any data.
• The MailStore Microsoft Exchange Server exceeding 4 million historical emails was brought online and accessible to users.
• CRM/Orders/Invoices/AP/Accounts Receivables/Inventory Control capabilities were 100% operational.
• A new Palo Alto Networks 850 security appliance was installed.
• Nearly all of the desktop computers were fully operational.

Conclusion
A potential business-ending disaster was averted due to top-tier professionals, a wide range of technical expertise, and tight teamwork. Although in retrospect the crypto-ransomware virus incident described here should have been stopped with modern cyber security technology solutions and best practices, user and IT administrator education, and properly executed security procedures for information protection and applying software patches, the reality remains that government-sponsored cyber criminals from Russia, China and elsewhere are tireless and are not going away. If you do fall victim to a crypto-ransomware penetration, remember that Progent's team of experts has proven experience in ransomware virus blocking, cleanup, and data restoration.

To review or download a PDF version of this ransomware incident report, click:
Progent's Ransomware Incident Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Offered by Progent
Progent offers businesses in San Francisco a variety of online monitoring and security assessment services to help you to reduce the threat from ransomware. These services include modern AI technology to detect zero-day variants of ransomware that can get past legacy signature-based security products.

• ProSight LAN Watch: Server and Desktop Monitoring
  ProSight LAN Watch is Progent's server and desktop monitoring managed service that uses advanced remote monitoring and management technology to help keep your network operating efficiently by tracking the state of critical assets that drive your information system. When ProSight LAN Watch detects a problem, an alert is sent automatically to your designated IT management personnel and your assigned Progent consultant so all potential problems can be addressed before they can disrupt your network. Find out more details about ProSight LAN Watch server and desktop remote monitoring consulting.

• ProSight LAN Watch with NinjaOne RMM: Unified RMM Solution for Networks, Servers, and Desktops
  ProSight LAN Watch with NinjaOne RMM software offers a centralized, cloud-based platform for managing your client-server infrastructure by providing tools for streamlining common time-consuming jobs. These include health checking, patch management, automated remediation, endpoint deployment, backup and restore, A/V response, secure remote access, standard and custom scripts, asset inventory, endpoint profile reports, and troubleshooting help. If ProSight LAN Watch with NinjaOne RMM uncovers a serious issue, it transmits an alarm to your designated IT management personnel and your assigned Progent technical consultant so that emerging problems can be taken care of before they impact your network. Learn more about ProSight LAN Watch with NinjaOne RMM server and desktop remote monitoring consulting.

• ProSight WAN Watch: Infrastructure Management
  ProSight WAN Watch is a network infrastructure monitoring and management service that makes it easy and affordable for small and mid-sized businesses to diagram, monitor, enhance and troubleshoot their networking hardware like switches, firewalls, and wireless controllers as well as servers, client computers and other networked devices. Incorporating state-of-the-art Remote Monitoring and Management (RMM) technology, WAN Watch makes sure that network diagrams are always updated, copies and manages the configuration of virtually all devices connected to your network, tracks performance, and generates notices when potential issues are detected. By automating tedious management activities, ProSight WAN Watch can cut hours off common tasks like network mapping, reconfiguring your network, finding devices that need critical software patches, or identifying the cause of performance issues. Learn more about ProSight WAN Watch network infrastructure management services.

• ProSight Reporting: Real-time and In-depth Reporting for Ticketing and Network Monitoring Applications
  ProSight Reporting is a growing line of in-depth reporting plug-ins created to integrate with the top ticketing and remote network monitoring platforms such as ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting uses Microsoft Graph and utilizes color coding to highlight and contextualize key issues like inconsistent support follow-up or endpoints with out-of-date AVs. By exposing ticketing or network health concerns clearly and in near-real time, ProSight Reporting improves productivity, reduces management hassle, and saves money. For more information, visit ProSight Reporting for ticketing and network monitoring platforms.

• ProSight Data Protection Services (DPS): Backup and Recovery Services
  Progent has partnered with leading backup/restore technology providers to produce ProSight Data Protection Services, a portfolio of subscription-based management outsourcing plans that deliver backup-as-a-service (BaaS). ProSight DPS services automate and track your backup processes and enable transparent backup and rapid recovery of vital files, apps, images, and VMs. ProSight DPS lets you recover from data loss caused by equipment failures, natural calamities, fire, cyber attacks like ransomware, user error, malicious employees, or application bugs. Managed backup services available in the ProSight DPS portfolio include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup using Barracuda dedicated storage, and ProSight MSP360 Hybrid Backup. Your Progent expert can assist you to identify which of these fully managed services are most appropriate for your IT environment.

• ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
  ProSight Email Guard is Progent's spam filtering service that uses the technology of top information security companies to provide web-based control and comprehensive security for your inbound and outbound email. The powerful structure of Progent's Email Guard managed service combines cloud-based filtering with an on-premises gateway device to provide advanced defense against spam, viruses, Dos Attacks, DHAs, and other email-borne malware. The cloud filter serves as a first line of defense and blocks most threats from reaching your security perimeter. This reduces your vulnerability to external attacks and conserves network bandwidth and storage. Email Guard's on-premises gateway appliance provides a deeper layer of inspection for incoming email. For outbound email, the local gateway provides anti-virus and anti-spam filtering, DLP, and email encryption. The on-premises security gateway can also assist Microsoft Exchange Server to track and safeguard internal email that stays inside your corporate firewall. For more details, visit Email Guard spam filtering and data leakage protection.

• ProSight Duo Two-Factor Authentication: Access Security, Endpoint Policy Enforcement, and Secure Single Sign-on
  Progent's Duo MFA services incorporate Cisco's Duo cloud technology to protect against stolen passwords through the use of two-factor authentication (2FA). Duo enables one-tap identity confirmation with Apple iOS, Google Android, and other out-of-band devices. With Duo 2FA, when you log into a secured application and enter your password you are requested to verify who you are on a unit that only you possess and that is accessed using a different network channel. A wide selection of devices can be utilized for this second form of ID validation including an iPhone or Android or wearable, a hardware/software token, a landline telephone, etc. You may register several validation devices. To learn more about ProSight Duo identity authentication services, go to Duo MFA two-factor authentication (2FA) services for access security.

• Outsourced/Co-managed Call Desk: Help Desk Managed Services
  Progent's Help Desk services permit your information technology team to offload Call Center services to Progent or split activity for support services seamlessly between your internal network support group and Progent's extensive pool of certified IT support engineers and subject matter experts. Progent's Shared Help Desk Service offers a transparent supplement to your internal IT support resources. End user interaction with the Help Desk, provision of technical assistance, escalation, trouble ticket generation and updates, performance measurement, and management of the service database are cohesive regardless of whether incidents are resolved by your internal IT support staff, by Progent, or both. Learn more about Progent's outsourced/shared Call Desk services.

• Active Defense Against Ransomware: AI-based Ransomware Detection and Cleanup
  Progent's Active Protection Against Ransomware is an endpoint protection solution that utilizes next generation behavior analysis technology to guard endpoints as well as physical and virtual servers against new malware assaults like ransomware and file-less exploits, which easily evade legacy signature-matching anti-virus tools. Progent Active Security Monitoring services safeguard local and cloud resources and offers a single platform to address the complete threat lifecycle including blocking, identification, containment, cleanup, and forensics. Top features include single-click rollback using Windows Volume Shadow Copy Service (VSS) and automatic network-wide immunization against newly discovered threats. Learn more about Progent's ransomware defense and cleanup services.

• ProSight IT Asset Management: Network Documentation Management
  ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to capture, maintain, find and safeguard information related to your IT infrastructure, procedures, applications, and services. You can quickly locate passwords or IP addresses and be alerted automatically about impending expirations of SSL certificates or domains. By cleaning up and organizing your IT infrastructure documentation, you can save as much as 50% of time thrown away trying to find critical information about your network. ProSight IT Asset Management includes a centralized location for holding and sharing all documents required for managing your network infrastructure like recommended procedures and How-To's. ProSight IT Asset Management also offers a high level of automation for gathering and associating IT information. Whether you're making improvements, doing regular maintenance, or reacting to a crisis, ProSight IT Asset Management gets you the knowledge you need when you need it. Learn more about ProSight IT Asset Management service.

• Patch Management: Software/Firmware Update Management Services
  Progent's support services for software and firmware patch management provide businesses of all sizes a versatile and affordable solution for evaluating, validating, scheduling, implementing, and documenting updates to your ever-evolving information network. In addition to optimizing the security and functionality of your IT network, Progent's software/firmware update management services free up time for your in-house IT staff to focus on line-of-business initiatives and activities that deliver the highest business value from your network. Find out more about Progent's patch management support services.

• ProSight Virtual Hosting: Hosted VMs at Progent's World-class Data Center
  With Progent's ProSight Virtual Hosting service, a small organization can have its key servers and applications hosted in a protected Tier III data center on a high-performance virtual machine host set up and maintained by Progent's network support professionals. With Progent's ProSight Virtual Hosting model, the customer retains ownership of the data, the operating system software, and the applications. Since the system is virtualized, it can be moved immediately to a different hardware solution without requiring a time-consuming and technically risky reinstallation process. With ProSight Virtual Hosting, your business is not locked into a single hosting provider. Find out more about ProSight Virtual Hosting services.

• ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
  Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) service that utilizes SentinelOne's next generation behavior analysis technology to defend physical and virtual endpoints against modern malware attacks such as ransomware and email phishing, which easily evade traditional signature-based AV products. ProSight ASM safeguards local and cloud-based resources and offers a unified platform to address the complete malware attack progression including blocking, infiltration detection, mitigation, cleanup, and post-attack forensics. Top features include one-click rollback using Windows VSS and real-time network-wide immunization against newly discovered attacks. Progent is a SentinelOne Partner, dealer, and integrator. Find out more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware recovery.

• ProSight Enhanced Security Protection (ESP): Endpoint Security and Microsoft Exchange Email Filtering
  ProSight Enhanced Security Protection (ESP) managed services deliver economical in-depth security for physical servers and VMs, desktops, smartphones, and Exchange email. ProSight ESP uses adaptive security and modern behavior analysis for continuously monitoring and reacting to security assaults from all vectors. ProSight ESP delivers two-way firewall protection, intrusion alarms, endpoint management, and web filtering via cutting-edge tools packaged within one agent managed from a unified control. Progent's security and virtualization experts can assist you to plan and configure a ProSight ESP environment that addresses your company's specific needs and that helps you prove compliance with legal and industry data security regulations. Progent will help you define and implement security policies that ProSight ESP will manage, and Progent will monitor your IT environment and react to alerts that call for urgent attention. Progent's consultants can also assist your company to set up and test a backup and restore system such as ProSight Data Protection Services (DPS) so you can get back in business quickly from a potentially disastrous security attack like ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Microsoft Exchange filtering.