Ransomware Hot Line: 800-462-8800
24x7 Online Access to a Senior Ransomware Engineer
Ransomware needs time to steal its way across a network. For this reason, ransomware attacks are commonly launched on weekends and at night, when IT personnel may be slower to recognize a break-in and are least able to mount a rapid and coordinated response. The more lateral movement ransomware can make inside a target's network, the more time it takes to recover core operations and damaged files and the more information can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is intended to guide organizations to take the time-critical first phase in mitigating a ransomware attack by containing the malware. Progent's online ransomware engineers can assist organizations in the Cincinnati metro area to locate and isolate infected servers and endpoints and guard clean assets from being penetrated.
If your network has been penetrated by any version of ransomware, don't panic. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Services Available in Cincinnati
Modern strains of ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor encrypt online data and attack any accessible system restores and backups. Files synched to the cloud can also be impacted. For a vulnerable network, this can make system restoration nearly impossible and effectively sets the IT system back to the beginning. So-called Threat Actors (TAs), the cybercriminals behind a ransomware assault, demand a ransom payment in exchange for the decryptors required to recover encrypted data. Ransomware assaults also try to exfiltrate information and hackers require an extra settlement in exchange for not publishing this data or selling it. Even if you are able to rollback your network to an acceptable date in time, exfiltration can be a major issue according to the nature of the downloaded information.
The recovery process after a ransomware attack has several distinct phases, most of which can be performed in parallel if the response workgroup has enough people with the necessary skill sets.
- Quarantine: This urgent initial response requires blocking the lateral spread of the attack within your IT system. The more time a ransomware assault is allowed to run unrestricted, the longer and more expensive the recovery effort. Recognizing this, Progent maintains a 24x7 Ransomware Hotline monitored by seasoned ransomware recovery engineers. Containment processes include cutting off infected endpoints from the rest of network to minimize the spread, documenting the IT system, and protecting entry points.
- Operational continuity: This involves bringing back the network to a minimal useful level of functionality with the least delay. This process is usually the highest priority for the targets of the ransomware assault, who often see it as an existential issue for their business. This project also demands the widest range of IT abilities that span domain controllers, DHCP servers, physical and virtual servers, PCs, notebooks and smart phones, databases, office and line-of-business apps, network architecture, and safe endpoint access. Progent's ransomware recovery experts use advanced workgroup tools to coordinate the complex recovery effort. Progent appreciates the urgency of working quickly, tirelessly, and in unison with a client's management and network support staff to prioritize activity and to put essential resources back online as fast as feasible.
- Data restoration: The work required to recover data damaged by a ransomware assault depends on the condition of the network, how many files are affected, and which restore methods are needed. Ransomware assaults can take down pivotal databases which, if not gracefully closed, may have to be rebuilt from scratch. This can include DNS and AD databases. Microsoft Exchange and SQL Server rely on AD, and many financial and other business-critical applications depend on SQL Server. Often some detective work could be needed to find undamaged data. For example, undamaged OST files (Outlook Email Offline Folder Files) may exist on staff PCs and notebooks that were off line at the time of the ransomware attack. Progent's ProSight Data Protection Services offer Altaro VM Backup tools to defend against ransomware via Immutable Cloud Storage. This produces tamper-proof backup data that cannot be modified by any user including administrators or root users.
- Deploying modern AV/ransomware defense: Progent's ProSight ASM incorporates SentinelOne's behavioral analysis technology to give small and mid-sized companies the advantages of the same anti-virus technology deployed by some of the world's biggest corporations including Netflix, Citi, and Salesforce. By providing in-line malware filtering, identification, mitigation, restoration and analysis in a single integrated platform, Progent's ProSight ASM reduces total cost of ownership, streamlines management, and expedites recovery. SentinelOne's next-generation endpoint protection (NGEP) incorporated in Progent's ProSight Active Security Monitoring was listed by Gartner Group as the industry's "most visionary Endpoint Protection Platform." Progent is a SentinelOne Partner, reseller, and integrator. Find out about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense with SentinelOne technology.
- Negotiation with the threat actor (TA): Progent is experienced in negotiating ransom settlements with hackers. This calls for close co-operation with the ransomware victim and the cyber insurance provider, if there is one. Activities consist of determining the type of ransomware involved in the attack; identifying and making contact with the hacker persona; testing decryption tool; budgeting a settlement amount with the ransomware victim and the insurance carrier; negotiating a settlement and schedule with the hacker; checking compliance with anti-money laundering sanctions; overseeing the crypto-currency disbursement to the hacker; receiving, reviewing, and operating the decryption tool; troubleshooting failed files; building a pristine environment; mapping and connecting datastores to reflect exactly their pre-encryption condition; and reprovisioning machines and software services.
- Forensic analysis: This activity involves discovering the ransomware assault's progress across the network from start to finish. This audit trail of how a ransomware attack progressed through the network helps your IT staff to evaluate the impact and brings to light weaknesses in policies or work habits that need to be rectified to prevent later break-ins. Forensics involves the review of all logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to check for variations. Forensic analysis is typically assigned a high priority by the cyber insurance provider. Because forensic analysis can be time consuming, it is critical that other important recovery processes such as operational resumption are performed concurrently. Progent maintains an extensive roster of information technology and security experts with the knowledge and experience required to perform activities for containment, business resumption, and data recovery without disrupting forensic analysis.
Progent's Background
Progent has delivered online and on-premises network services throughout the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have been awarded advanced certifications in core technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's data security consultants have earned internationally recognized certifications including CISA, CISSP, GIAC, and CMMC 2.0. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial and ERP software. This breadth of expertise gives Progent the ability to identify and integrate the surviving parts of your IT environment after a ransomware attack and reconstruct them rapidly into an operational network. Progent has collaborated with top cyber insurance carriers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent for Ransomware System Restoration Services in Cincinnati
For ransomware recovery consulting in the Cincinnati area, call Progent at 800-462-8800 or see Contact Progent.