24x7x365 Brooklyn Urgent Crypto-Ransomware
Virus Assessment and Remediation Services

Ransomware : Your Worst Information Technology Disaster
Crypto-Ransomware has become a modern cyberplague that represents an extinction-level danger for organizations vulnerable to an assault. Different iterations of ransomware such as CrySIS, WannaCry, Locky, NotPetya and MongoLock cryptoworms have been circulating for a long time and continue to cause damage. More recent strains of ransomware such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit or Egregor, plus frequent unnamed viruses, not only encrypt on-line data files but also infect most available system protection mechanisms. Information synchronized to the cloud can also be corrupted. In a poorly designed environment, it can render automated restoration useless and basically sets the network back to square one.

Recovering applications and data after a crypto-ransomware event becomes a race against the clock as the targeted organization tries its best to contain, clear the virus, and resume enterprise-critical operations. Due to the fact that crypto-ransomware requires time to move laterally, penetrations are frequently launched during weekends and nights, when successful attacks in many cases take longer to discover. This multiplies the difficulty of promptly assembling and organizing an experienced response team.

Progent makes available a variety of services for securing enterprises from ransomware penetrations. These include team training to help identify and avoid phishing scams, ProSight Active Security Monitoring for remote monitoring and management, in addition to deployment of modern security solutions with AI capabilities from SentinelOne to identify and disable zero-day cyber attacks rapidly. Progent also provides the services of seasoned ransomware recovery engineers with the talent and commitment to re-deploy a breached environment as urgently as possible.

Progent's Crypto-Ransomware Recovery Support Services
Following a ransomware attack, even paying the ransom demands in cryptocurrency does not provide any assurance that merciless criminals will return the needed codes to decipher any of your data. Kaspersky Labs determined that 17% of crypto-ransomware victims never recovered their data even after having sent off the ransom, resulting in more losses. The risk is also expensive. Ryuk ransoms are often several hundred thousand dollars. For larger enterprises, the ransom can be in the millions. The fallback is to re-install the vital elements of your Information Technology environment. Without the availability of full data backups, this calls for a wide complement of skill sets, professional team management, and the ability to work continuously until the task is done.

For decades, Progent has made available expert Information Technology services for businesses across the U.S. and has earned Microsoft's Partnership certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have attained high-level certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security consultants have garnered internationally-recognized certifications including CISM, CISSP-ISSAP, CRISC, GIAC, and CMMC 2.0. (Visit Progent's certifications). Progent also has experience with accounting and ERP application software. This breadth of expertise affords Progent the capability to quickly ascertain critical systems and organize the remaining parts of your IT system following a crypto-ransomware event and assemble them into an operational network.

Progent's security team of experts utilizes state-of-the-art project management tools to orchestrate the complicated restoration process. Progent appreciates the urgency of acting rapidly and in concert with a client's management and IT staff to assign priority to tasks and to put critical applications back on line as soon as humanly possible.

Client Case Study: A Successful Ransomware Incident Restoration
A client contacted Progent after their company was penetrated by Ryuk ransomware virus. Ryuk is believed to have been launched by Northern Korean state sponsored hackers, possibly using technology exposed from the U.S. National Security Agency. Ryuk goes after specific companies with little or no tolerance for disruption and is one of the most lucrative incarnations of crypto-ransomware. High publicized victims include Data Resolution, a California-based information warehousing and cloud computing firm, and the Chicago Tribune. Progent's customer is a small manufacturer based in the Chicago metro area with about 500 workers. The Ryuk penetration had shut down all essential operations and manufacturing processes. Most of the client's information backups had been online at the time of the intrusion and were damaged. The client was evaluating paying the ransom demand (exceeding two hundred thousand dollars) and praying for good luck, but in the end brought in Progent.

Progent worked with the customer to quickly understand and prioritize the essential systems that needed to be recovered to make it possible to resume company operations:

• Windows Active Directory
• Exchange Server
• Accounting and Manufacturing Software

In less than two days, Progent was able to restore Active Directory services to its pre-attack state. Progent then helped perform rebuilding and hard drive recovery of mission critical applications. All Exchange Server schema and attributes were intact, which greatly helped the rebuild of Exchange. Progent was able to assemble local OST files (Microsoft Outlook Off-Line Folder Files) on team PCs and laptops in order to recover mail messages. A recent offline backup of the client's accounting/MRP systems made it possible to restore these vital services back servicing users. Although a large amount of work remained to recover totally from the Ryuk virus, critical services were restored quickly:

During the following month important milestones in the restoration process were accomplished in tight cooperation between Progent consultants and the customer:

• Internal web sites were returned to operation without losing any data.
• The MailStore Server with over four million archived messages was spun up and accessible to users.
• CRM/Orders/Invoices/AP/Accounts Receivables (AR)/Inventory Control capabilities were fully restored.
• A new Palo Alto 850 security appliance was deployed.
• 90% of the user desktops were fully operational.

Conclusion
A possible business catastrophe was dodged with top-tier experts, a broad array of technical expertise, and tight teamwork. Although in post mortem the ransomware virus attack detailed here should have been identified and disabled with modern cyber security technology solutions and best practices, user and IT administrator training, and properly executed security procedures for information backup and keeping systems up to date with security patches, the fact is that state-sponsored hackers from Russia, North Korea and elsewhere are relentless and are an ongoing threat. If you do get hit by a crypto-ransomware incident, remember that Progent's team of professionals has substantial experience in ransomware virus blocking, cleanup, and information systems restoration.

To review or download a PDF version of this customer case study, please click:
Progent's Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Additional Ransomware Protection Services Available from Progent
Progent can provide businesses in Brooklyn a variety of online monitoring and security evaluation services designed to help you to reduce your vulnerability to ransomware. These services utilize modern artificial intelligence capability to uncover new variants of ransomware that can escape detection by legacy signature-based anti-virus products.

• ProSight LAN Watch: Server and Desktop Monitoring and Management
  ProSight LAN Watch is Progent's server and desktop monitoring service that incorporates state-of-the-art remote monitoring and management (RMM) technology to keep your IT system operating at peak levels by tracking the health of critical assets that power your business network. When ProSight LAN Watch detects a problem, an alert is sent automatically to your designated IT personnel and your Progent consultant so any potential problems can be resolved before they can impact your network. Learn more details about ProSight LAN Watch server and desktop remote monitoring consulting.

• ProSight LAN Watch with NinjaOne RMM: Unified RMM Solution for Networks, Servers, and Desktops
  ProSight LAN Watch with NinjaOne RMM software offers a unified, cloud-driven solution for monitoring and managing your network, server, and desktop devices by offering an environment for performing common time-consuming jobs. These include health checking, patch management, automated repairs, endpoint deployment, backup and restore, anti-virus defense, remote access, standard and custom scripts, resource inventory, endpoint profile reports, and debugging help. When ProSight LAN Watch with NinjaOne RMM uncovers a serious problem, it transmits an alert to your designated IT staff and your Progent consultant so potential problems can be fixed before they impact productivity. Find out more about ProSight LAN Watch with NinjaOne RMM server and desktop remote monitoring services.

• ProSight WAN Watch: Infrastructure Remote Monitoring and Management
  Progent's ProSight WAN Watch is a network infrastructure management service that makes it easy and inexpensive for smaller businesses to diagram, track, reconfigure and debug their connectivity hardware such as switches, firewalls, and wireless controllers as well as servers, client computers and other devices. Using cutting-edge RMM technology, ProSight WAN Watch ensures that network maps are kept current, captures and displays the configuration of virtually all devices on your network, monitors performance, and sends alerts when problems are discovered. By automating time-consuming network management processes, WAN Watch can cut hours off ordinary tasks like network mapping, expanding your network, finding appliances that need important updates, or isolating performance bottlenecks. Find out more details about ProSight WAN Watch network infrastructure management services.

• ProSight Reporting: In-depth Reporting for Ticketing and Network Monitoring Platforms
  ProSight Reporting is a growing suite of real-time and in-depth management reporting tools designed to integrate with the industry's top ticketing and network monitoring applications such as ConnectWise Manage, ConnectWise Automate, Customer Thermometer, Auvik, and SentinelOne. ProSight Reporting incorporates Microsoft Graph and utilizes color coding to surface and contextualize key issues like inconsistent support follow-through or endpoints with missing patches. By identifying ticketing or network health problems concisely and in near-real time, ProSight Reporting improves productivity, lowers management hassle, and saves money. For more information, see ProSight Reporting for ticketing and network monitoring applications.

• ProSight Data Protection Services (DPS): Backup and Recovery Services
  Progent has partnered with advanced backup/restore technology providers to create ProSight Data Protection Services (DPS), a family of subscription-based management offerings that deliver backup-as-a-service. ProSight DPS services manage and track your data backup operations and enable non-disruptive backup and rapid recovery of vital files, apps, system images, and VMs. ProSight DPS lets your business recover from data loss resulting from equipment failures, natural disasters, fire, cyber attacks like ransomware, user error, ill-intentioned employees, or application bugs. Managed backup services in the ProSight Data Protection Services product family include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro 365 Backup), ProSight ECHO Backup using Barracuda dedicated storage, and ProSight MSP360 Cloud and On-prem Backup. Your Progent consultant can help you to identify which of these managed backup services are most appropriate for your network.

• ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
  ProSight Email Guard is Progent's spam filtering service that incorporates the technology of leading data security vendors to deliver centralized management and world-class security for all your inbound and outbound email. The hybrid architecture of Email Guard integrates cloud-based filtering with a local gateway device to offer complete defense against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks, and other email-borne threats. The cloud filter serves as a first line of defense and keeps the vast majority of threats from making it to your security perimeter. This reduces your vulnerability to external threats and saves system bandwidth and storage space. Email Guard's onsite security gateway appliance adds a further layer of analysis for inbound email. For outbound email, the local security gateway offers anti-virus and anti-spam protection, policy-based Data Loss Prevention, and email encryption. The onsite security gateway can also assist Exchange Server to monitor and protect internal email that stays within your corporate firewall. For more details, visit ProSight Email Guard spam filtering and data leakage protection.

• ProSight Duo Two-Factor Authentication: Identity Validation, Endpoint Remediation, and Secure Single Sign-on (SSO)
  Progent's Duo MFA services utilize Cisco's Duo cloud technology to defend against compromised passwords by using two-factor authentication (2FA). Duo supports single-tap identity verification with Apple iOS, Android, and other out-of-band devices. Using Duo 2FA, whenever you log into a secured online account and give your password you are asked to confirm your identity via a device that only you possess and that uses a different network channel. A broad range of devices can be utilized for this second means of authentication such as a smartphone or wearable, a hardware/software token, a landline phone, etc. You may register several verification devices. For more information about ProSight Duo identity authentication services, see Cisco Duo MFA two-factor authentication (2FA) services.

• Outsourced/Co-managed Help Desk: Help Desk Managed Services
  Progent's Help Desk services enable your information technology group to offload Help Desk services to Progent or split responsibilities for support services transparently between your in-house support staff and Progent's extensive roster of certified IT support engineers and subject matter experts. Progent's Co-managed Service Desk offers a seamless supplement to your internal network support organization. Client access to the Help Desk, provision of support, problem escalation, trouble ticket generation and tracking, performance measurement, and management of the service database are cohesive regardless of whether issues are resolved by your internal network support resources, by Progent's team, or both. Find out more about Progent's outsourced/shared Help Desk services.

• Active Protection Against Ransomware: AI-based Ransomware Identification and Remediation
  Progent's Active Defense Against Ransomware is an endpoint protection (EPP) managed service that utilizes cutting edge behavior-based machine learning tools to guard endpoints as well as servers and VMs against modern malware attacks like ransomware and email phishing, which routinely evade legacy signature-based anti-virus tools. Progent Active Security Monitoring services safeguard local and cloud resources and provides a single platform to automate the complete malware attack lifecycle including protection, infiltration detection, mitigation, cleanup, and post-attack forensics. Key capabilities include single-click rollback using Windows VSS and automatic network-wide immunization against new attacks. Read more about Progent's ransomware protection and recovery services.

• ProSight IT Asset Management: Network Documentation Management
  ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to create, maintain, find and protect information related to your IT infrastructure, processes, applications, and services. You can instantly locate passwords or IP addresses and be warned about upcoming expirations of SSL certificates ,domains or warranties. By cleaning up and managing your network documentation, you can eliminate up to 50% of time wasted searching for critical information about your IT network. ProSight IT Asset Management includes a common location for holding and sharing all documents related to managing your business network like recommended procedures and self-service instructions. ProSight IT Asset Management also supports advanced automation for gathering and associating IT information. Whether you're planning enhancements, doing maintenance, or reacting to a crisis, ProSight IT Asset Management delivers the data you require the instant you need it. Find out more about ProSight IT Asset Management service.

• Progent's Patch Management: Patch Management Services
  Progent's managed services for patch management offer businesses of any size a versatile and affordable alternative for assessing, testing, scheduling, applying, and documenting updates to your ever-evolving information network. In addition to optimizing the protection and functionality of your computer environment, Progent's software/firmware update management services permit your IT staff to concentrate on line-of-business projects and tasks that derive the highest business value from your information network. Learn more about Progent's patch management services.

• ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
  With Progent's ProSight Virtual Hosting service, a small business can have its key servers and apps hosted in a protected Tier III data center on a fast virtual host set up and managed by Progent's IT support experts. With Progent's ProSight Virtual Hosting model, the client retains ownership of the data, the OS software, and the apps. Since the system is virtualized, it can be ported immediately to a different hosting environment without a lengthy and technically risky reinstallation procedure. With ProSight Virtual Hosting, your business is not tied a single hosting provider. Learn more about ProSight Virtual Hosting services.

• ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
  ProSight Active Security Monitoring is an endpoint protection (EPP) solution that utilizes SentinelOne's next generation behavior-based machine learning tools to guard physical and virtual endpoints against modern malware attacks such as ransomware and file-less exploits, which routinely escape legacy signature-based AV products. ProSight Active Security Monitoring protects on-premises and cloud-based resources and offers a single platform to manage the entire threat progression including protection, detection, mitigation, cleanup, and post-attack forensics. Key capabilities include single-click rollback with Windows Volume Shadow Copy Service and real-time network-wide immunization against newly discovered threats. Progent is a SentinelOne Partner, reseller, and integrator. Find out more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware defense.

• ProSight Enhanced Security Protection (ESP): Endpoint Protection and Exchange Filtering
  Progent's ProSight Enhanced Security Protection services offer ultra-affordable multi-layer security for physical servers and VMs, desktops, smartphones, and Exchange email. ProSight ESP utilizes contextual security and modern behavior analysis for continuously monitoring and reacting to cyber threats from all attack vectors. ProSight ESP provides firewall protection, intrusion alerts, endpoint control, and web filtering through cutting-edge technologies packaged within a single agent accessible from a single control. Progent's security and virtualization consultants can assist you to plan and configure a ProSight ESP environment that meets your company's specific requirements and that helps you achieve and demonstrate compliance with legal and industry information protection regulations. Progent will assist you specify and configure security policies that ProSight ESP will enforce, and Progent will monitor your IT environment and react to alarms that call for urgent attention. Progent's consultants can also assist you to install and test a backup and restore system such as ProSight Data Protection Services so you can get back in business quickly from a potentially disastrous cyber attack such as ransomware. Find out more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint protection and Exchange email filtering.