24x7 Brooklyn Critical Crypto
Infection Detection and Remediation Consultants

Ransomware : Your Crippling IT Nightmare
Crypto-Ransomware has become a too-frequent cyberplague that poses an extinction-level threat for businesses of all sizes poorly prepared for an attack. Different iterations of ransomware such as Reveton, Fusob, Locky, NotPetya and MongoLock cryptoworms have been out in the wild for years and still cause damage. Recent versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Snatch or Egregor, plus additional unnamed viruses, not only do encryption of on-line data files but also infect all accessible system protection mechanisms. Data replicated to off-site disaster recovery sites can also be corrupted. In a poorly architected system, this can make any restoration hopeless and basically knocks the datacenter back to square one.

Recovering services and information after a ransomware event becomes a sprint against the clock as the targeted organization struggles to stop the spread, eradicate the ransomware, and restore business-critical operations. Since ransomware requires time to replicate, assaults are often sprung at night, when attacks in many cases take longer to uncover. This compounds the difficulty of promptly marshalling and organizing a qualified response team.

Progent provides a variety of solutions for securing enterprises from ransomware attacks. Among these are team member education to become familiar with and avoid phishing scams, ProSight Active Security Monitoring (ASM) for remote monitoring and management, plus installation of modern security solutions with machine learning capabilities from SentinelOne to discover and extinguish day-zero threats automatically. Progent also provides the assistance of experienced crypto-ransomware recovery engineers with the skills and commitment to rebuild a breached environment as urgently as possible.

Progent's Crypto-Ransomware Recovery Support Services
After a ransomware invasion, even paying the ransom in cryptocurrency does not guarantee that merciless criminals will respond with the needed keys to unencrypt all your information. Kaspersky ascertained that seventeen percent of crypto-ransomware victims never recovered their information after having sent off the ransom, resulting in more losses. The risk is also costly. Ryuk ransoms are often a few hundred thousand dollars. For larger enterprises, the ransom can be in the millions of dollars. The alternative is to setup from scratch the mission-critical elements of your IT environment. Absent access to essential data backups, this requires a wide complement of IT skills, top notch project management, and the willingness to work 24x7 until the job is done.

For decades, Progent has offered expert Information Technology services for companies throughout the U.S. and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned top industry certifications in leading technologies including Microsoft, Cisco, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally-recognized certifications including CISA, CISSP-ISSAP, CRISC, SANS GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent in addition has expertise with financial management and ERP applications. This breadth of experience affords Progent the capability to quickly ascertain necessary systems and re-organize the surviving components of your IT system after a ransomware attack and configure them into an operational system.

Progent's security team has top notch project management systems to orchestrate the complicated recovery process. Progent understands the urgency of working rapidly and in unison with a customer's management and IT staff to prioritize tasks and to put essential applications back on line as fast as humanly possible.

Customer Case Study: A Successful Ransomware Incident Restoration
A small business hired Progent after their company was penetrated by the Ryuk crypto-ransomware. Ryuk is thought to have been deployed by Northern Korean state hackers, possibly using approaches exposed from America's National Security Agency. Ryuk targets specific companies with limited room for operational disruption and is among the most profitable instances of ransomware viruses. High publicized victims include Data Resolution, a California-based data warehousing and cloud computing business, and the Chicago Tribune. Progent's client is a small manufacturing company located in the Chicago metro area with around 500 workers. The Ryuk event had shut down all business operations and manufacturing processes. The majority of the client's data backups had been on-line at the start of the attack and were destroyed. The client was evaluating paying the ransom demand (more than $200,000) and hoping for good luck, but in the end called Progent.

Progent worked hand in hand the client to rapidly understand and prioritize the mission critical elements that needed to be addressed in order to continue departmental operations:

• Windows Active Directory
• Email
• Accounting and Manufacturing Software

In less than two days, Progent was able to recover Active Directory to its pre-penetration state. Progent then accomplished reinstallations and storage recovery of essential applications. All Exchange Server schema and attributes were usable, which greatly helped the restore of Exchange. Progent was also able to find non-encrypted OST files (Outlook Offline Data Files) on user PCs to recover email data. A not too old off-line backup of the customer's accounting software made them able to return these vital services back online for users. Although a large amount of work remained to recover completely from the Ryuk event, critical systems were restored quickly:

During the next month key milestones in the recovery process were made through tight cooperation between Progent engineers and the customer:

• Internal web sites were brought back up without losing any information.
• The MailStore Microsoft Exchange Server with over four million historical emails was brought on-line and available for users.
• CRM/Orders/Invoicing/Accounts Payable/Accounts Receivables/Inventory Control modules were fully recovered.
• A new Palo Alto 850 firewall was installed and configured.
• 90% of the desktop computers were fully operational.

Conclusion
A likely business extinction catastrophe was avoided due to dedicated professionals, a broad spectrum of technical expertise, and close teamwork. Although upon completion of forensics the crypto-ransomware penetration described here should have been identified and stopped with up-to-date security technology and security best practices, user education, and properly executed security procedures for backup and proper patching controls, the fact remains that government-sponsored cyber criminals from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do fall victim to a crypto-ransomware attack, feel confident that Progent's team of professionals has a proven track record in ransomware virus blocking, remediation, and information systems recovery.

To review or download a PDF version of this case study, click:
Progent's Ryuk Virus Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Available from Progent
Progent can provide companies in Brooklyn a variety of online monitoring and security assessment services to help you to minimize the threat from crypto-ransomware. These services incorporate modern artificial intelligence technology to uncover new strains of ransomware that can escape detection by legacy signature-based anti-virus solutions.

• ProSight LAN Watch: Server and Desktop Monitoring
  ProSight LAN Watch is Progent's server and desktop monitoring service that incorporates state-of-the-art remote monitoring and management (RMM) techniques to keep your network running at peak levels by checking the health of critical computers that power your information system. When ProSight LAN Watch uncovers a problem, an alarm is transmitted automatically to your designated IT personnel and your Progent engineering consultant so that any looming problems can be resolved before they have a chance to disrupt productivity. Learn more about ProSight LAN Watch server and desktop monitoring consulting.

• ProSight LAN Watch with NinjaOne RMM: Unified RMM for Networks, Servers, and Desktops
  ProSight LAN Watch with NinjaOne RMM software delivers a centralized, cloud-based platform for monitoring and managing your network, server, and desktop devices by offering an environment for performing common time-consuming tasks. These include health checking, update management, automated remediation, endpoint deployment, backup and recovery, A/V protection, secure remote access, built-in and custom scripts, asset inventory, endpoint status reporting, and debugging help. When ProSight LAN Watch with NinjaOne RMM spots a serious incident, it sends an alert to your specified IT personnel and your Progent technical consultant so emerging issues can be taken care of before they impact productivity. Learn more about ProSight LAN Watch with NinjaOne RMM server and desktop remote monitoring services.

• ProSight WAN Watch: Network Infrastructure Management
  Progent's ProSight WAN Watch is an infrastructure monitoring and management service that makes it easy and affordable for small and mid-sized organizations to map out, monitor, enhance and debug their connectivity hardware such as switches, firewalls, and wireless controllers as well as servers, printers, endpoints and other devices. Using cutting-edge Remote Monitoring and Management (RMM) technology, ProSight WAN Watch ensures that network diagrams are always updated, copies and displays the configuration information of virtually all devices on your network, tracks performance, and generates alerts when issues are detected. By automating tedious management processes, ProSight WAN Watch can cut hours off ordinary chores such as making network diagrams, reconfiguring your network, finding appliances that require important software patches, or resolving performance bottlenecks. Learn more details about ProSight WAN Watch network infrastructure management consulting.

• ProSight Reporting: In-depth Reporting for Ticketing and Network Monitoring Applications
  ProSight Reporting is an expanding suite of in-depth reporting plug-ins created to integrate with the industry's top ticketing and remote network monitoring programs including ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting incorporates Microsoft Graph and utilizes color coding to highlight and contextualize key issues such as inconsistent support follow-through or endpoints with missing patches. By identifying ticketing or network health concerns clearly and in near-real time, ProSight Reporting enhances productivity, lowers management hassle, and saves money. For more information, see ProSight Reporting for ticketing and network monitoring platforms.

• ProSight Data Protection Services: Backup and Disaster Recovery Services
  Progent has partnered with advanced backup software companies to create ProSight Data Protection Services (DPS), a portfolio of subscription-based management offerings that deliver backup-as-a-service. ProSight DPS services manage and track your backup processes and enable non-disruptive backup and rapid restoration of critical files, applications, images, plus VMs. ProSight DPS lets your business avoid data loss caused by hardware breakdown, natural disasters, fire, malware such as ransomware, human mistakes, ill-intentioned employees, or application glitches. Managed backup services in the ProSight DPS portfolio include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup using Barracuda dedicated hardware, and ProSight DPS MSP360 Hybrid Backup. Your Progent service representative can assist you to identify which of these fully managed backup services are most appropriate for your IT environment.

• ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
  ProSight Email Guard is Progent's spam filtering service that uses the infrastructure of top information security companies to deliver centralized management and world-class security for your inbound and outbound email. The hybrid architecture of Email Guard integrates a Cloud Protection Layer with an on-premises gateway device to provide complete defense against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks, and other email-borne malware. The Cloud Protection Layer serves as a preliminary barricade and keeps most threats from reaching your network firewall. This reduces your vulnerability to external threats and saves network bandwidth and storage. Email Guard's onsite gateway device provides a further level of analysis for incoming email. For outbound email, the on-premises gateway provides AV and anti-spam protection, protection against data leaks, and email encryption. The onsite gateway can also assist Microsoft Exchange Server to monitor and protect internal email traffic that originates and ends within your security perimeter. For more details, see ProSight Email Guard spam filtering and data leakage protection.

• ProSight Duo Two-Factor Authentication: Identity Validation, Endpoint Remediation, and Protected Single Sign-on (SSO)
  Progent's Duo MFA service plans incorporate Cisco's Duo cloud technology to defend against compromised passwords by using two-factor authentication. Duo enables single-tap identity verification on Apple iOS, Google Android, and other personal devices. Using 2FA, whenever you sign into a secured online account and enter your password you are requested to verify your identity via a unit that only you possess and that uses a different network channel. A wide selection of devices can be used for this second form of ID validation such as an iPhone or Android or wearable, a hardware/software token, a landline phone, etc. You can register multiple verification devices. To learn more about ProSight Duo identity authentication services, refer to Duo MFA two-factor authentication services for access security.

• Outsourced/Co-managed Service Desk: Call Center Managed Services
  Progent's Call Desk managed services enable your IT team to offload Help Desk services to Progent or divide activity for Service Desk support seamlessly between your internal network support group and Progent's nationwide pool of IT support engineers and subject matter experts (SMEs). Progent's Shared Help Desk Service provides a transparent supplement to your corporate network support organization. End user interaction with the Service Desk, provision of support services, escalation, ticket generation and tracking, efficiency metrics, and management of the service database are cohesive regardless of whether issues are taken care of by your corporate support organization, by Progent's team, or a mix of the two. Learn more about Progent's outsourced/shared Call Desk services.

• Progent Active Defense Against Ransomware: AI-based Ransomware Identification and Remediation
  Progent's Active Defense Against Ransomware is an endpoint protection (EPP) managed service that utilizes cutting edge behavior-based analysis technology to defend endpoint devices and physical and virtual servers against new malware attacks like ransomware and file-less exploits, which easily escape legacy signature-matching anti-virus tools. Progent Active Security Monitoring services safeguard on-premises and cloud-based resources and offers a unified platform to manage the entire malware attack lifecycle including blocking, infiltration detection, mitigation, cleanup, and forensics. Key capabilities include one-click rollback with Windows Volume Shadow Copy Service and automatic system-wide immunization against new threats. Learn more about Progent's ransomware defense and cleanup services.

• ProSight IT Asset Management: Network Documentation Management
  Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to create, update, find and protect data about your IT infrastructure, processes, applications, and services. You can quickly locate passwords or serial numbers and be alerted automatically about upcoming expirations of SSL certificates or domains. By updating and organizing your network documentation, you can eliminate as much as 50% of time wasted looking for critical information about your network. ProSight IT Asset Management includes a centralized repository for storing and sharing all documents required for managing your network infrastructure such as recommended procedures and How-To's. ProSight IT Asset Management also offers advanced automation for gathering and associating IT information. Whether you're planning improvements, performing maintenance, or responding to a crisis, ProSight IT Asset Management delivers the information you need as soon as you need it. Find out more about Progent's ProSight IT Asset Management service.

• Patch Management: Software/Firmware Update Management Services
  Progent's support services for software and firmware patch management provide businesses of any size a versatile and affordable solution for evaluating, testing, scheduling, applying, and tracking updates to your dynamic IT network. In addition to optimizing the protection and reliability of your computer network, Progent's patch management services free up time for your IT team to concentrate on line-of-business projects and tasks that derive the highest business value from your network. Find out more about Progent's patch management services.

• ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
  With ProSight Virtual Hosting service, a small business can have its critical servers and applications hosted in a protected Tier III data center on a fast virtual host set up and maintained by Progent's IT support experts. Under Progent's ProSight Virtual Hosting service model, the customer owns the data, the OS platforms, and the applications. Since the system is virtualized, it can be moved immediately to an alternate hosting environment without requiring a time-consuming and technically risky reinstallation process. With ProSight Virtual Hosting, your business is not tied a single hosting service. Learn more about ProSight Virtual Hosting services.

• ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
  ProSight Active Security Monitoring is an endpoint protection service that incorporates SentinelOne's next generation behavior-based machine learning technology to defend physical and virtual endpoints against new malware assaults such as ransomware and file-less exploits, which routinely evade traditional signature-based AV tools. ProSight Active Security Monitoring protects local and cloud resources and offers a unified platform to automate the complete threat lifecycle including blocking, infiltration detection, containment, remediation, and post-attack forensics. Key features include one-click rollback using Windows VSS and automatic system-wide immunization against newly discovered threats. Progent is a SentinelOne Partner, dealer, and integrator. Find out more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware recovery.

• ProSight Enhanced Security Protection: Physical and Virtual Endpoint Protection and Exchange Filtering
  Progent's ProSight Enhanced Security Protection (ESP) managed services deliver economical in-depth protection for physical servers and VMs, desktops, smartphones, and Exchange Server. ProSight ESP uses adaptive security and modern behavior analysis for continuously monitoring and reacting to cyber assaults from all vectors. ProSight ESP delivers two-way firewall protection, penetration alerts, device management, and web filtering via leading-edge tools packaged within a single agent accessible from a unified console. Progent's data protection and virtualization consultants can help your business to design and implement a ProSight ESP deployment that addresses your organization's specific requirements and that allows you demonstrate compliance with government and industry data protection regulations. Progent will assist you define and configure security policies that ProSight ESP will manage, and Progent will monitor your IT environment and respond to alarms that require urgent action. Progent's consultants can also help your company to install and test a backup and disaster recovery system like ProSight Data Protection Services so you can recover rapidly from a potentially disastrous cyber attack like ransomware. Learn more about Progent's ProSight Enhanced Security Protection unified physical and virtual endpoint security and Microsoft Exchange email filtering.