Ransomware Hot Line: 800-462-8800
24x7 Online Access to a Senior Ransomware Engineer
Ransomware requires time to steal its way through a network. For this reason, ransomware assaults are commonly unleashed on weekends and at night, when support personnel are likely to be slower to recognize a penetration and are least able to organize a quick and forceful response. The more lateral movement ransomware is able to manage within a victim's system, the longer it will require to restore core IT services and scrambled files and the more data can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is designed to help you to carry out the urgent first step in mitigating a ransomware assault by containing the malware. Progent's remote ransomware engineers can assist businesses in the Atlanta metro area to identify and quarantine breached servers and endpoints and guard clean assets from being penetrated.
If your system has been breached by any version of ransomware, act fast. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Services Available in Atlanta
Modern variants of ransomware such as Ryuk, Maze, DopplePaymer, and Nephilim encrypt online files and attack any available backups. Data synched to the cloud can also be impacted. For a poorly defended network, this can make system restoration nearly impossible and basically knocks the datacenter back to square one. So-called Threat Actors, the cybercriminals responsible for ransomware assault, demand a ransom fee in exchange for the decryption tools needed to recover encrypted files. Ransomware assaults also attempt to exfiltrate information and hackers demand an extra settlement for not posting this information on the dark web. Even if you are able to restore your system to a tolerable point in time, exfiltration can pose a big issue according to the nature of the stolen data.
The recovery work subsequent to ransomware attack has several crucial phases, the majority of which can proceed in parallel if the recovery workgroup has enough members with the necessary skill sets.
- Containment: This time-critical first response requires blocking the lateral spread of ransomware within your network. The more time a ransomware attack is allowed to run unchecked, the more complex and more costly the recovery effort. Recognizing this, Progent keeps a round-the-clock Ransomware Hotline staffed by veteran ransomware recovery engineers. Containment activities consist of isolating infected endpoints from the rest of network to minimize the spread, documenting the IT system, and protecting entry points.
- System continuity: This involves bringing back the network to a basic useful level of capability with the shortest possible delay. This process is typically at the highest level of urgency for the targets of the ransomware attack, who often perceive it to be an existential issue for their company. This activity also demands the broadest array of technical skills that cover domain controllers, DHCP servers, physical and virtual machines, PCs, laptops and smart phones, databases, office and mission-critical apps, network architecture, and protected endpoint access. Progent's recovery team uses advanced workgroup tools to organize the complex recovery effort. Progent appreciates the urgency of working quickly, tirelessly, and in concert with a customer's managers and network support staff to prioritize tasks and to put vital resources on line again as quickly as possible.
- Data restoration: The work required to recover data impacted by a ransomware attack varies according to the condition of the network, how many files are encrypted, and which restore methods are needed. Ransomware assaults can destroy pivotal databases which, if not carefully shut down, might have to be reconstructed from scratch. This can apply to DNS and AD databases. Microsoft Exchange and SQL Server rely on AD, and many financial and other mission-critical platforms are powered by SQL Server. Some detective work could be needed to find undamaged data. For example, non-encrypted OST files may exist on staff desktop computers and notebooks that were off line during the attack.
- Implementing advanced AV/ransomware defense: Progent's Active Security Monitoring utilizes SentinelOne's behavioral analysis technology to give small and mid-sized companies the benefits of the same anti-virus tools deployed by some of the world's biggest corporations including Walmart, Visa, and Salesforce. By providing in-line malware blocking, detection, containment, restoration and forensics in one integrated platform, Progent's ProSight ASM reduces TCO, simplifies management, and expedites resumption of operations. SentinelOne's next-generation endpoint protection (NGEP) incorporated in Progent's ProSight Active Security Monitoring was ranked by Gartner Group as the "most visionary Endpoint Protection Platform (EPP)." Progent is a SentinelOne Partner, reseller, and integrator. Read about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware defense with SentinelOne technology.
- Negotiating a settlement with the threat actor (TA): Progent has experience negotiating settlements with threat actors. This requires close co-operation with the ransomware victim and the cyber insurance carrier, if any. Activities consist of establishing the type of ransomware involved in the attack; identifying and establishing communications the hacker persona; verifying decryption tool; budgeting a settlement amount with the ransomware victim and the cyber insurance carrier; establishing a settlement amount and timeline with the hacker; confirming compliance with anti-money laundering (AML) regulations; carrying out the crypto-currency payment to the hacker; acquiring, learning, and using the decryptor tool; debugging decryption problems; building a clean environment; remapping and reconnecting drives to match exactly their pre-attack state; and recovering machines and services.
- Forensics: This activity involves discovering the ransomware assault's storyline throughout the network from start to finish. This audit trail of the way a ransomware assault progressed through the network assists your IT staff to evaluate the impact and brings to light shortcomings in security policies or work habits that need to be corrected to prevent later breaches. Forensics involves the examination of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for variations. Forensics is commonly given a high priority by the insurance provider. Because forensics can take time, it is vital that other key recovery processes like operational continuity are pursued concurrently. Progent maintains a large roster of IT and cybersecurity professionals with the knowledge and experience required to perform the work of containment, operational resumption, and data recovery without interfering with forensics.
Progent's Qualifications
Progent has delivered remote and on-premises IT services throughout the United States for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes professionals who have earned advanced certifications in foundation technology platforms including Cisco infrastructure, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned industry-recognized certifications such as CISM, CISSP-ISSAP, and GIAC. (Refer to Progent's certifications). Progent also offers top-tier support in financial and ERP application software. This broad array of expertise allows Progent to salvage and integrate the surviving pieces of your network after a ransomware assault and reconstruct them quickly into an operational network. Progent has collaborated with top cyber insurance carriers like Chubb to help organizations recover from ransomware assaults.
Contact Progent for Ransomware System Recovery Services in Atlanta
For ransomware recovery expertise in the Atlanta metro area, call Progent at 800-462-8800 or see Contact Progent.