Ransomware Hot Line: 800-462-8800
24x7 Online Help from a Senior Ransomware Engineer
Ransomware requires time to steal its way across a network. Because of this, ransomware assaults are typically unleashed on weekends and late at night, when IT staff may take longer to recognize a breach and are least able to organize a quick and coordinated defense. The more lateral movement ransomware is able to make within a victim's network, the more time it takes to recover core operations and damaged files and the more data can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is designed to assist you to complete the time-critical first step in mitigating a ransomware attack by putting out the fire. Progent's online ransomware engineers can assist organizations in the Atlanta metro area to identify and quarantine breached devices and guard undamaged assets from being compromised.
If your network has been penetrated by any version of ransomware, don't panic. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Services Available in Atlanta
Modern variants of crypto-ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor encrypt online files and infiltrate any available system restores. Data synched to the cloud can also be corrupted. For a poorly defended environment, this can make system restoration nearly impossible and basically throws the IT system back to square one. Threat Actors (TAs), the cybercriminals behind a ransomware attack, demand a settlement fee for the decryption tools needed to unlock scrambled files. Ransomware attacks also attempt to exfiltrate information and TAs require an extra ransom in exchange for not publishing this data on the dark web. Even if you can restore your system to a tolerable date in time, exfiltration can pose a big problem depending on the sensitivity of the downloaded information.
The restoration work subsequent to ransomware penetration involves several distinct phases, most of which can proceed concurrently if the response team has enough members with the required skill sets.
- Containment: This urgent first step involves arresting the sideways spread of the attack across your network. The longer a ransomware assault is permitted to run unrestricted, the more complex and more costly the recovery process. Because of this, Progent keeps a 24x7 Ransomware Hotline monitored by veteran ransomware recovery engineers. Quarantine processes consist of cutting off infected endpoints from the network to minimize the spread, documenting the IT system, and securing entry points.
- System continuity: This covers restoring the network to a basic acceptable degree of capability with the shortest possible downtime. This process is usually at the highest level of urgency for the victims of the ransomware assault, who often see it as a life-or-death issue for their company. This project also demands the widest array of technical abilities that span domain controllers, DHCP servers, physical and virtual machines, desktops, laptops and smart phones, databases, productivity and line-of-business apps, network topology, and safe endpoint access management. Progent's ransomware recovery team uses advanced collaboration tools to coordinate the complex recovery process. Progent appreciates the importance of working rapidly, tirelessly, and in concert with a customer's managers and network support staff to prioritize activity and to put essential resources back online as quickly as feasible.
- Data recovery: The effort necessary to recover data damaged by a ransomware assault depends on the state of the systems, the number of files that are affected, and what recovery techniques are needed. Ransomware assaults can take down critical databases which, if not properly closed, might have to be rebuilt from scratch. This can apply to DNS and AD databases. Microsoft Exchange and SQL Server depend on AD, and many financial and other business-critical platforms depend on SQL Server. Often some detective work may be needed to find clean data. For example, non-encrypted Outlook Email Offline Folder Files may exist on staff desktop computers and laptops that were not connected at the time of the ransomware attack. Progent's Altaro VM Backup experts can assist you to utilize immutability for cloud object storage, allowing tamper-proof data while under the defined policy so that backup data cannot be erased or modified by anyone including administrators. This adds an extra level of security and restoration ability in the event of a ransomware breach.
- Deploying advanced antivirus/ransomware protection: Progent's ProSight ASM incorporates SentinelOne's behavioral analysis technology to offer small and medium-sized businesses the benefits of the same anti-virus tools deployed by many of the world's largest enterprises including Netflix, Visa, and NASDAQ. By delivering real-time malware filtering, identification, containment, recovery and forensics in one integrated platform, Progent's Active Security Monitoring reduces TCO, streamlines management, and promotes rapid resumption of operations. SentinelOne's next-generation endpoint protection (NGEP) incorporated in ProSight Active Security Monitoring was listed by Gartner Group as the "most visionary Endpoint Protection Platform." Progent is a SentinelOne Partner, dealer, and integrator. Read about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware defense with SentinelOne technology.
- Negotiating a settlement with the threat actor (TA): Progent has experience negotiating ransom settlements with threat actors. This calls for working closely with the ransomware victim and the insurance provider, if any. Services consist of determining the kind of ransomware used in the assault; identifying and establishing communications the hacker; verifying decryption tool; deciding on a settlement with the victim and the cyber insurance carrier; establishing a settlement amount and timeline with the TA; checking compliance with anti-money laundering (AML) regulations; carrying out the crypto-currency payment to the TA; receiving, reviewing, and using the decryption utility; debugging failed files; building a pristine environment; remapping and connecting drives to match exactly their pre-encryption condition; and recovering physical and virtual devices and services.
- Forensics: This activity is aimed at learning the ransomware attack's storyline throughout the network from start to finish. This history of how a ransomware attack progressed through the network assists your IT staff to assess the damage and highlights weaknesses in security policies or work habits that need to be rectified to avoid later breaches. Forensics entails the review of all logs, registry, Group Policy Object (GPO), Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to detect variations. Forensic analysis is typically given a top priority by the insurance provider. Because forensics can be time consuming, it is vital that other key activities such as operational continuity are performed in parallel. Progent maintains an extensive roster of information technology and security professionals with the skills required to perform the work of containment, operational resumption, and data recovery without disrupting forensics.
Progent has delivered remote and on-premises IT services throughout the U.S. for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have earned advanced certifications in core technology platforms such as Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's data security experts have earned industry-recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial and ERP application software. This broad array of skills gives Progent the ability to salvage and integrate the undamaged parts of your IT environment following a ransomware intrusion and reconstruct them rapidly into a functioning network. Progent has worked with top insurance providers including Chubb to assist businesses recover from ransomware attacks.
Contact Progent for Ransomware Recovery Services in Atlanta
For ransomware cleanup expertise in the Atlanta area, phone Progent at 800-462-8800 or see Contact Progent.