Ransomware Hot Line: 800-462-8800
24x7 Online Help from a Senior Ransomware Consultant
Ransomware needs time to steal its way across a network. For this reason, ransomware attacks are typically launched on weekends and late at night, when IT personnel may be slower to recognize a break-in and are least able to mount a quick and forceful defense. The more lateral movement ransomware can achieve within a victim's network, the more time it takes to recover basic IT services and scrambled files and the more information can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is intended to guide you to complete the time-critical first phase in mitigating a ransomware assault by putting out the fire. Progent's remote ransomware engineers can assist businesses in the Calgary area to locate and isolate infected servers and endpoints and protect clean resources from being compromised.
If your network has been penetrated by any strain of ransomware, don't panic. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Expertise Available in Calgary
Current strains of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Egregor encrypt online files and attack any available backups. Files synchronized to the cloud can also be corrupted. For a poorly defended network, this can make system restoration nearly impossible and effectively sets the datacenter back to square one. Threat Actors, the hackers responsible for ransomware assault, insist on a settlement payment for the decryption tools needed to unlock scrambled files. Ransomware assaults also try to steal (or "exfiltrate") information and TAs require an additional settlement in exchange for not posting this information on the dark web. Even if you can restore your network to a tolerable point in time, exfiltration can be a major problem according to the nature of the stolen information.
The restoration process subsequent to ransomware penetration has a number of distinct phases, most of which can be performed in parallel if the recovery team has a sufficient number of members with the necessary experience.
- Containment: This time-critical first step involves arresting the sideways spread of the attack across your network. The longer a ransomware attack is allowed to go unchecked, the longer and more costly the restoration effort. Because of this, Progent maintains a round-the-clock Ransomware Hotline monitored by veteran ransomware recovery engineers. Containment activities include isolating affected endpoints from the rest of network to restrict the contagion, documenting the IT system, and securing entry points.
- System continuity: This involves bringing back the network to a minimal useful level of capability with the least downtime. This process is usually the top priority for the targets of the ransomware assault, who often see it as a life-or-death issue for their business. This activity also requires the widest range of technical skills that cover domain controllers, DHCP servers, physical and virtual servers, desktops, notebooks and smart phones, databases, productivity and line-of-business applications, network architecture, and safe endpoint access management. Progent's ransomware recovery team uses state-of-the-art workgroup tools to coordinate the multi-faceted recovery process. Progent understands the importance of working quickly, tirelessly, and in unison with a client's management and IT group to prioritize tasks and to get critical services back online as quickly as possible.
- Data restoration: The work necessary to recover data damaged by a ransomware assault depends on the condition of the systems, the number of files that are encrypted, and what restore techniques are required. Ransomware assaults can destroy critical databases which, if not gracefully shut down, might have to be rebuilt from scratch. This can apply to DNS and AD databases. Exchange and SQL Server rely on Active Directory, and many manufacturing and other mission-critical applications depend on SQL Server. Often some detective work may be required to find undamaged data. For instance, undamaged OST files (Outlook Email Offline Folder Files) may have survived on employees' PCs and laptops that were not connected during the ransomware assault.
- Implementing advanced AV/ransomware protection: Progent's ProSight ASM utilizes SentinelOne's machine learning technology to offer small and mid-sized companies the benefits of the same AV tools implemented by many of the world's largest corporations including Walmart, Visa, and NASDAQ. By delivering in-line malware blocking, detection, containment, recovery and forensics in one integrated platform, Progent's ProSight Active Security Monitoring cuts TCO, simplifies management, and promotes rapid resumption of operations. SentinelOne's next-generation endpoint protection (NGEP) incorporated in Progent's ASM was listed by Gartner Group as the "most visionary Endpoint Protection Platform." Progent is a certified SentinelOne Partner. Find out about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware recovery with SentinelOne technology.
- Negotiation with the threat actor (TA): Progent is experienced in negotiating ransom settlements with hackers. This requires close co-operation with the ransomware victim and the insurance carrier, if there is one. Services consist of establishing the kind of ransomware used in the attack; identifying and establishing communications the hacker persona; verifying decryption tool; budgeting a settlement with the victim and the cyber insurance carrier; negotiating a settlement and schedule with the TA; checking adherence to anti-money laundering sanctions; carrying out the crypto-currency transfer to the TA; receiving, reviewing, and operating the decryption utility; debugging failed files; creating a pristine environment; remapping and connecting datastores to reflect exactly their pre-attack state; and restoring physical and virtual devices and software services.
- Forensics: This process is aimed at learning the ransomware attack's progress throughout the network from start to finish. This audit trail of the way a ransomware assault progressed within the network helps you to assess the impact and brings to light vulnerabilities in rules or processes that should be rectified to avoid later break-ins. Forensics entails the review of all logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, schedulers, and core Windows systems to check for changes. Forensic analysis is usually assigned a high priority by the cyber insurance carrier. Since forensic analysis can take time, it is essential that other key recovery processes such as operational resumption are executed in parallel. Progent maintains an extensive roster of IT and data security professionals with the knowledge and experience needed to perform the work of containment, business resumption, and data recovery without interfering with forensics.
Progent has provided online and on-premises network services across the United States for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have been awarded advanced certifications in core technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications such as CISA, CISSP, and GIAC. (Refer to Progent's certifications). Progent also offers guidance in financial and ERP software. This breadth of expertise allows Progent to salvage and consolidate the undamaged parts of your network after a ransomware attack and reconstruct them rapidly into a functioning system. Progent has collaborated with leading cyber insurance carriers including Chubb to help organizations recover from ransomware assaults.
Contact Progent for Ransomware Recovery Expertise in Calgary
For ransomware cleanup services in the Calgary area, call Progent at 800-462-8800 or visit Contact Progent.