Crypto-Ransomware : Your Crippling IT Disaster
Ransomware Recovery ExpertsRansomware has become a modern cyberplague that presents an existential danger for organizations vulnerable to an assault. Different versions of crypto-ransomware like the Reveton, Fusob, Bad Rabbit, SamSam and MongoLock cryptoworms have been circulating for a long time and continue to cause harm. Newer variants of crypto-ransomware like Ryuk, Maze, Sodinokibi, DopplePaymer, Snatch and Nephilim, as well as daily unnamed malware, not only encrypt on-line information but also infect any available system protection mechanisms. Files synched to the cloud can also be corrupted. In a poorly designed environment, it can make automatic recovery useless and effectively sets the entire system back to zero.

Retrieving programs and data after a crypto-ransomware intrusion becomes a sprint against the clock as the targeted business fights to contain the damage, clear the virus, and resume business-critical operations. Since crypto-ransomware takes time to spread throughout a network, attacks are frequently launched on weekends and holidays, when successful attacks typically take more time to discover. This multiplies the difficulty of promptly assembling and coordinating a knowledgeable mitigation team.

Progent makes available a range of solutions for securing enterprises from ransomware attacks. Among these are staff training to help identify and avoid phishing scams, ProSight Active Security Monitoring (ASM) for endpoint detection and response (EDR) using SentinelOne's behavior-based cyberthreat defense to identify and disable day-zero malware attacks. Progent in addition provides the services of seasoned ransomware recovery consultants with the track record and perseverance to rebuild a breached system as soon as possible.

Progent's Ransomware Restoration Support Services
Soon after a ransomware event, paying the ransom in cryptocurrency does not guarantee that cyber hackers will return the keys to decipher any or all of your data. Kaspersky ascertained that 17% of ransomware victims never recovered their data even after having sent off the ransom, resulting in more losses. The risk is also very costly. Ryuk ransoms are typically a few hundred thousand dollars. For larger organizations, the ransom demand can be in the millions. The fallback is to re-install the key parts of your Information Technology environment. Without access to essential data backups, this requires a broad range of IT skills, top notch project management, and the willingness to work non-stop until the recovery project is done.

For two decades, Progent has made available professional IT services for companies throughout the United States and has achieved Microsoft's Partnership certification status in the Datacenter and Cloud Productivity competencies. Progent's group of subject matter experts (SMEs) includes engineers who have attained high-level certifications in foundation technologies such as Microsoft, Cisco, VMware, and major distributions of Linux. Progent's security consultants have earned internationally-recognized industry certifications including CISA, CISSP, CRISC, GIAC, and CMMC 2.0. (Refer to Progent's certifications). Progent also has expertise with accounting and ERP software solutions. This breadth of expertise provides Progent the capability to efficiently ascertain critical systems and re-organize the surviving parts of your computer network environment following a ransomware event and assemble them into a functioning system.

Progent's recovery team has state-of-the-art project management applications to orchestrate the sophisticated restoration process. Progent understands the urgency of working swiftly and in unison with a client's management and IT resources to assign priority to tasks and to get critical services back on line as fast as possible.

Business Case Study: A Successful Ransomware Virus Restoration
A customer contacted Progent after their organization was penetrated by Ryuk ransomware virus. Ryuk is thought to have been created by North Korean state criminal gangs, possibly using algorithms exposed from the U.S. NSA organization. Ryuk attacks specific businesses with little room for disruption and is one of the most profitable instances of crypto-ransomware. High publicized targets include Data Resolution, a California-based information warehousing and cloud computing company, and the Chicago Tribune. Progent's client is a regional manufacturing business based in the Chicago metro area and has about 500 staff members. The Ryuk event had disabled all business operations and manufacturing capabilities. The majority of the client's backups had been directly accessible at the time of the attack and were encrypted. The client was taking steps for paying the ransom (more than two hundred thousand dollars) and wishfully thinking for the best, but ultimately brought in Progent.

"I can't speak enough about the care Progent provided us during the most fearful period of (our) businesses existence. We most likely would have paid the hackers behind this attack if not for the confidence the Progent group gave us. The fact that you were able to get our e-mail system and key servers back sooner than a week was earth shattering. Each expert I spoke to or texted at Progent was totally committed on getting our system up and was working day and night on our behalf."

Progent worked together with the client to rapidly get our arms around and assign priority to the key elements that had to be restored in order to continue company functions:

  • Windows Active Directory
  • Email
  • Accounting/MRP
To begin, Progent followed AV/Malware Processes incident mitigation industry best practices by isolating and disinfecting systems. Progent then initiated the steps of bringing back online Microsoft AD, the core of enterprise systems built on Microsoft Windows Server technology. Exchange email will not work without AD, and the client's MRP applications used Microsoft SQL, which needs Windows AD for access to the databases.

In less than 2 days, Progent was able to re-build Active Directory to its pre-virus state. Progent then accomplished setup and hard drive recovery of essential systems. All Exchange data and configuration information were usable, which greatly helped the rebuild of Exchange. Progent was also able to assemble local OST data files (Outlook Off-Line Folder Files) on team workstations in order to recover email data. A not too old offline backup of the customer's financials/MRP systems made it possible to restore these vital programs back online for users. Although a large amount of work still had to be done to recover completely from the Ryuk event, the most important systems were returned to operations rapidly:

"For the most part, the production manufacturing operation never missed a beat and we did not miss any customer orders."

During the following few weeks key milestones in the restoration project were completed in close collaboration between Progent consultants and the customer:

  • Self-hosted web applications were returned to operation with no loss of data.
  • The MailStore Server containing more than 4 million archived emails was brought on-line and available for users.
  • CRM/Customer Orders/Invoicing/AP/Accounts Receivables (AR)/Inventory capabilities were completely restored.
  • A new Palo Alto Networks 850 security appliance was set up.
  • 90% of the user workstations were being used by staff.
"Much of what happened in the early hours is mostly a haze for me, but my team will not forget the care each and every one of you put in to give us our company back. I've entrusted Progent for at least 10 years, possibly more, and each time Progent has impressed me and delivered as promised. This time was a life saver."

Conclusion
A potential business-killing disaster was dodged with results-oriented professionals, a broad spectrum of subject matter expertise, and close teamwork. Although in hindsight the ransomware virus attack detailed here could have been blocked with modern security systems and NIST Cybersecurity Framework or ISO/IEC 27001 best practices, user and IT administrator training, and well thought out incident response procedures for data backup and keeping systems up to date with security patches, the fact remains that government-sponsored hackers from China, Russia, North Korea and elsewhere are tireless and are not going away. If you do get hit by a crypto-ransomware incursion, remember that Progent's roster of experts has extensive experience in ransomware virus blocking, cleanup, and file restoration.

"So, to Darrin, Matt, Aaron, Dan, Claude, Jesse, Arnaud, Allen and Tony (along with others that were helping), I'm grateful for making it so I could get rested after we made it past the first week. Everyone did an incredible job, and if any of your guys is in the Chicago area, dinner is on me!"

Download the Crypto-Ransomware Remediation Case Study Datasheet
To read or download a PDF version of this ransomware incident report, click:
Progent's Crypto-Ransomware Recovery Case Study Datasheet. (PDF - 282 KB)

Contact Progent for Crypto-Ransomware Cleanup Expertise
For 24/7 crypto-ransomware remediation support services, contact Progent at 800-462-8800 or go to Contact Progent.



An index of content::

  • 24 Hour At Home Workers Spokane Consulting - Collaboration Technology Expertise Spokane County Washington 24 Hour Remote Workers Spokane Consulting - Collaboration Systems Consulting Experts
  • 24/7/365 Rockville Work from Home Employees Infrastructure Consulting Rockville-North Bethesda, MD Rockville Teleworkers Setup Consulting Experts
  • 24x7x365 Lincoln Expertise for IT Support Organizations Lincoln Seward County Consulting Expertise for Network Service Companies near Lincoln - Seamless Short-Term IT Support Augmentation Lancaster County Nebraska

    • Firesight Support Outsourcing
    Cisco Firepower NGIPS Technical Support

    Cisco's Firepower Next Generation Firewalls deliver a significant performance improvement compared to Cisco's previous-generation ASA 5500-X firewalls and offer centralized management and automation of modern security capabilities like application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. Progent's Cisco CCIE-certified firewall experts can assist you to plan and execute an efficient migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower appliances with Cisco's subscription-based security services to create and centrally control network environments that span local offices, data centers, private clouds and public clouds.

  • 64-bit Server Support Outsourcing 64-bit Computing Consulting

    • Application Programming Specialists
    24x7x365 Microsoft and Cisco Certified Expert Custom Software Design Firm

    If you need help creating, improving, or troubleshooting business aplications for Windows, Linux, or the Web, Progent's expert team of programmers, relational database designers, and project managers can help ensure you get the job done on time and within your budget. Progent's seasoned software developers can provide cost-effective and expert online consulting for jobs as small as writing VBA scripts for Excel or as challenging as developing mission-critical RDBMS applications built on Microsoft SQL Server or Oracle.

  • Addison-Farmers Branch Computer Service Companies Support Firm Addison, Texas
  • Albany, United States Work at Home Employees Albany Consulting - Setup Consultants Albany-Schenectady, NY, America Albany Remote Workforce Infrastructure Guidance

    • Expert Microsoft Certified Specialist Exchange 2016 Mailbox migration
    Exchange Server 2016 Upgrade Network Consultant

    Progent can assist your business in all phases of your upgrade to Exchange 2016 including designing high availability system topology for a local, Microsoft cloud connected or hybrid environment; CAL licensing compliance for Exchange Server and Windows Server 2012 R2; moving mailboxes; Hyper-V design; determining storage capacity required for your VMs, databases and logs; setting up hardware load balancing for high-availability client access services; designing, setting up and testing Exchange and Windows Servers and DAG groups; integration with SharePoint Server or SharePoint Online; preparing your firewall; creating SSL certs; performing client remediation with Office desktop or Microsoft 365; and setting up Outlook on the web.

  • Albuquerque Lockbit Ransomware Business Recovery Kirtland Air Force Base 24-Hour Albuquerque Hermes Ransomware Rollback Albuquerque
  • At Home Workforce Guarulhos Consultants - VoIP Solutions Assistance 24 Hour Guarulhos Work from Home Employees IP Voice Solutions Consultants Guarulhos, SP
  • ransomware virus recovery Consultant
  • Baton Rouge Work at Home Employees Help Desk Augmentation Assistance Baton Rouge Louisiana 24x7x365 Remote Workforce Baton Rouge Consulting Experts - Help Desk Call Center Outsourcing Guidance Baton Rouge Louisiana
  • Boise DopplePaymer Ransomware Cleanup Boise Boise Snatch Crypto-Ransomware Operational Recovery
  • Charleston, West Virginia Internet Networking Consultants West Virginia Network Companies
  • Checkpoint Security Consultancies Toronto Ransomware Defense Technology Consulting Services

    • Microsoft Hyper-V 3.0 Remote Support
    After Hours Microsoft Hyper-V 3.0 Server Virtualization Consulting

    Microsoft Windows Server 2012 R2 Hyper-V improves virtualization in critical areas such as multitenancy, flexible infrastructure, cloud support, expandability and throughput, and high availability. Progent's Microsoft-certified consulting experts can assist your business to benefit from Hyper-V to install and maintain virtual servers to cut IT expenses and improve availability.

  • Cisco Computer Support Computer Network Firms Cisco
  • ransomware cleanup and recovery Consultants
  • Clearwater St Petersburg Cisco Networking Consultants Clearwater, FL Top Cisco Software Recovery
  • ransomware cryptoworm recovery Professionals
  • Cleveland, OH Cleveland Ransomware Attack Rollback Cleveland Egregor Ransomware Data-Recovery Cleveland Public Square
  • Conti ransomware recovery Consultancy
  • Colorado Springs Fort Carson Top Contractor SQL Server Microsoft SQL 2008 Service Colorado Springs Fort Carson
  • Computer Consulting MS Office Communications Server Office Communications Server 2007 Consultant Services
  • Dynamics GP-Software Vender near me in San Diego - Recovery Experts San Diego Carlsbad San Marcos San Diego Dynamics GP-Software Upgrades Help

    • Horizon3.ai NodeZero PEN Testing Forensics Services
    Horizon3.ai NodeZero Certified Penetration Testing Security Organizations

    Progent's certified cybersecurity consultants can run NodeZero-powered threat assessments to verify your security defense systems and policies are properly set up and effective.

  • Emergency Santa Rosa Crypto-Ransomware Remediation Santa Rosa, CA, United States Santa Rosa Spora Ransomware Remediation Santa Rosa, CA
  • Exchange 2016 Migration Support Services Exchange 2016 Migration Technical Consultant
  • Fresno California Fresno Staffing Support Services IT Staff Temps for Network Service Groups Fresno California
  • Hartford Migrations 24-Hour Hartford Information Technology Integrators
  • Hialeah Crypto-Ransomware Sodinokibi Preparedness Audit Hialeah Florida Hialeah Ransomware Conti protection and ransomware recovery

    • Services Lync Server 2013 topology
    Consultant Services Lync Server 2013 high availability

    Lync 2010 provides IM, Real Presence, voice/video conferencing, desktop collaboration, as well as VoIP and PSTN voice communication. Microsoft Lync Server 2010 can enhance the functionality of Microsoft Exchange, SharePoint and Office desktop or cloud-based Microsoft 365 and simplify management via integration with Windows AD. Lync 2010 can also cut expenses by doing away with Voice-over-IP hardware and subscription services, PBX systems, or legacy video conferencing technology. Progent's certified IM and Presence consultants offer remote and on-premises support services to help your company to manage and repair your current Lync Server 2010 environment or evaluate the advantages of upgrading from Lync Server 2010 to Skype for Business, which is Microsoft's renamed and revamped release of the product. Progent can also help your organization to plan and carry out an efficient Skype for Business upgrade.

  • Home Based Virtual Office CISA Engineer Maricopa County Arizona MCSE Support Part Time Jobs Scottsdale Arizona

    • Cisco Firepower AMP Computer Consulting
    Cisco ASA Firepower Network Consultant

    Cisco's Firepower NGFWs Firewalls deliver a major performance improvement over Cisco's previous-generation ASA 5500-X security appliances and offer centralized management of modern cybersecurity capabilities like application visibility and control, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection, DDoS mitigation, and sandboxing. Progent's Cisco CCIE-certified firewall experts can assist your organization to design and carry out an efficient upgrade to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower firewalls with Cisco's security services to build and centrally manage IT ecosystems that span branch offices, data centers, private clouds and public clouds.

  • ransomware cryptoworm recovery Professionals
  • IT Consultant Duo Two-factor Authentication Duo Two-factor Authentication Computer Consultants
  • IT Consulting Exchange 2016 Migration Planning Technology Consulting Services Exchange 2016 Migration Planning

    • Dynamics GP/Great Plains Features Professional
    Microsoft Financial Software Integration

    Microsoft Dynamics GP allows you to grow and manage your business better by offering easy availability of decision-driving data and a rapid return on investment. Microsoft Dynamics GP offers important business benefits such as its ability to expand the reach of your organization, manage your accounting, automate financial operations, unify procedures across your company, improve inventory control, increase order accuracy, grow sales and shorten turnaround time, and maximize cash flow. Progent can show you how to configure and manage a robust, secure server and communications infrastructure to support Great Plains, and can offer experienced Dynamics GP consultants to help you derive the full advantages of your Dynamics GP software.

  • Immediate Work at Home Employees Naples Expertise - Data Protection Systems Consulting Experts Naples-Bonita Springs, Florida, United States Remote Workers Consulting Services - Naples - Backup Solutions Consulting Services
  • Irving Dynamics GP-Software Upgrade Experts Irving, United States Microsoft Dynamics GP Partner in Irving - SQL Server Consultants Dallas County Texas

    • Exchange 2003 Upgrade Remote Consulting
    Microsoft Certified Expert Exchange 2003 Upgrade Setup and Support

    Progent's expert support team can help you define and implement an efficient in-place Exchange Server 2003 migration plan that avoids network downtime, reduces long-term service demands, and makes your Exchange 2003 Server easy to administer. For complicated multi-server or multi-site upgrades, Progent has the background to complete your project quickly and economically. Progent's Exchange Server 2003 help, repair, and design services include expertise with the integration of third-party enhancements of Exchange Server 2003 that are in keeping with your business goals.

  • Largest Microsoft SharePoint Server Network Consultants Brooklyn Open Now SharePoint 2013 Technical Consultant Brooklyn, New York

    • CRISC Cybersecurity IT Consultants
    Risk Response Computer Engineer

    Progent's disaster recovery support and business continuity engineers can help you create a disaster recovery strategy to prepare for an IT system disaster. Progent can show you how to develop a complete disaster recovery plan that incorporates periodic disaster recovery evaluations and testing. Progent's Microsoft and Cisco-certified consultants can also help you build an affordable, fault-tolerant network solution that takes into account reliability issues involving a wide array of infrastructure technologies and procedures.

  • Lincoln, Nebraska Problem Resolution Small Business Network Consulting Companies Lincoln-Lancaster County

    • 24-7 Meraki MR18 Access Point Professional
    Meraki WiFi Management Technology Consulting

    Progent's Cisco-Meraki Wi-Fi access point consultants can help your organization to plan, configure, administer and troubleshoot Cisco's Meraki-based Wi-Fi networks for deployments ranging from a branch office to a campus or a multi-site enterprise. Progent can also help you to incorporate other Cisco appliances for unified management.

  • Los Altos Software Consulting Sunnyvale Software Recovery
  • Mobile County Alabama Mobile Remote Workers Backup Technology Guidance Mobile Alabama Telecommuters Consulting Services nearby Mobile - Backup Solutions Assistance
  • Network Consulting Experts Small Business Network Collin County Texas, U.S.A. Solution Providers Urgent Network McKinney, Collin County
  • Professional Maze ransomware recovery
  • New Orleans Louisiana Exchange Configuration Exchange Remote Support Services Louisiana
  • Ottawa Teleworkers Backup/Restore Solutions Expertise Ottawa Ontario Ottawa At Home Workers Backup/Restore Systems Consulting Services
  • RIM BlackBerry Consulting Group Hialeah, Miami-Dade County BlackBerry Enterprise Server Solutions Provider Miami-Dade County
  • Riverside Avaddon Crypto-Ransomware Mitigation Riverside, USA Riverside Netwalker Crypto-Ransomware Rollback Riverside
  • SQL Server 2012 Information Technology Consultants Baton Rouge, LA Microsoft SQL Server Information Technology Consultants Port of Baton Rouge
  • SQL Server 2019 and Exchange Computer Engineer Technical Support Services SQL Server 2019 and Hyper-V
  • Sao Jose dos Campos Work at Home Employees Consulting and Support Services in São José dos Campos - Endpoint Management Systems Consulting São José dos Campos At Home Workforce Management Tools Consultants
  • Security Consulting Napa Information Technology Support Napa County

    • IT Consultants SentinelOne Virus Recovery Experts
    SentinelOne Virus Rollback Professionals

    Progent is a reseller and integrator for SentinelOne's Singularity product line, a subscription-based, cloud-first threat management solution that incorporates AI software and expert services to deliver comprehensive endpoint detection and response (EDR).

  • Services SentinelOne Endpoint Protection SentinelOne XDR Consultants
  • Sonoma CA Microsoft Exchange Assessment Cisco CCIE Software Consulting
  • São José dos Campos São José dos Campos Crypto-Ransomware Conti protection and ransomware recovery São José dos Campos, Estado de São Paulo São José dos Campos Ransomware Nephilim Readiness Evaluation
  • Telecommuters Expertise near me in Allentown - IP Voice Technology Consulting Services Allentown Pennsylvania Allentown Telecommuters VoIP Systems Consulting Services Allentown, PA
  • Telecommuters Manhattan Beach Consulting Services - Management Tools Guidance Manhattan Beach-Gardena Manhattan Beach, CA 24 Hour Remote Workforce Manhattan Beach Consulting Services - Management Tools Assistance
  • Tucson Urgent Crypto Repair Help Tucson International Airport TUS Immediate Tucson Crypto Remediation Tucson International Airport TUS

    • Microsoft PowerPoint for Mac Technology Consulting
    Technology Consulting VBA for Mac

    Microsoft Mac Office allows Mac users to receive the benefits of the world's most popular office productivity programs. Progent's Apple-certified Mac experts can help you configure Mac Office on a mixed-platform environment combining Apple OS X and Windows computers so that Macintosh users can access the latest capabilities of Microsoft Word, Excel, PowerPoint and Entourage in order to share data and network resources with colleagues who use Windows. Progent's consultants have experience with both Mac and Windows platforms and can support networks that mix Mac with Microsoft Windows systems with extensive resource sharing, or networks which intentionally restrict sharing between Apple Mac and Windows systems.

  • Uniondale, New York 24 Hour Remote Workforce Uniondale Consulting Services - Management Systems Consulting and Support Services Top Rated Uniondale Telecommuters Management Solutions Consulting Services Uniondale, New York
  • Vitória Hermes Crypto-Ransomware Settlement Consulting Vitoria, Espírito Santo Vitória Phobos Ransomware Settlement Guidance

    • .NET Blazor Integration
    .NET F# Reporting

    Progent's software experts have worked for two decades with .NET tools and the Visual Studio development environment and can build or enhance .NET applications rapidly and at low cost.

  • Specialists Ryuk ransomware cleanup
  • Windows 2000 Server Specialist Network Engineer Windows 2000 Server
  • Work At Home Job Network Engineer Palo Alto, America Palo Alto, Santa Clara County Top Microsoft MCITP Engineer Subcontractor
    •
    © 2002-2025 Progent Corporation. All rights reserved.