Ransomware Hot Line: 800-462-8800
24x7 Online Access to a Senior Ransomware Engineer
Ransomware needs time to steal its way through a network. For this reason, ransomware assaults are commonly launched on weekends and late at night, when support personnel may be slower to recognize a breach and are less able to mount a rapid and forceful response. The more lateral movement ransomware is able to achieve inside a victim's system, the more time it takes to recover core operations and scrambled files and the more information can be exfiltrated to the dark web.
Progent's Ransomware Hot Line is intended to assist organizations to carry out the time-critical first step in mitigating a ransomware attack by stopping the bleeding. Progent's remote ransomware engineer can help organizations in the Baltimore area to locate and quarantine breached servers and endpoints and guard clean resources from being compromised.
If your network has been breached by any strain of ransomware, don't panic. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Expertise Available in Baltimore
Current strains of crypto-ransomware like Ryuk, Sodinokibi, Netwalker, and Nephilim encrypt online files and infiltrate any accessible system restores. Files synchronized to the cloud can also be corrupted. For a poorly defended environment, this can make system restoration almost impossible and effectively throws the datacenter back to square one. So-called Threat Actors (TAs), the cybercriminals behind a ransomware assault, insist on a settlement payment in exchange for the decryption tools required to unlock encrypted files. Ransomware assaults also attempt to exfiltrate files and TAs require an additional settlement in exchange for not publishing this data on the dark web. Even if you can restore your network to a tolerable date in time, exfiltration can be a big problem depending on the nature of the downloaded information.
The restoration process subsequent to ransomware penetration has a number of distinct phases, most of which can proceed concurrently if the response workgroup has enough members with the required skill sets.
- Quarantine: This time-critical first step involves arresting the lateral spread of ransomware within your network. The longer a ransomware assault is permitted to run unchecked, the more complex and more expensive the restoration process. Recognizing this, Progent keeps a 24x7 Ransomware Hotline monitored by seasoned ransomware response engineers. Containment activities consist of isolating infected endpoint devices from the network to restrict the contagion, documenting the environment, and protecting entry points.
- Operational continuity: This involves bringing back the network to a minimal acceptable level of capability with the shortest possible downtime. This process is usually the highest priority for the victims of the ransomware attack, who often see it as an existential issue for their company. This activity also demands the widest range of IT abilities that cover domain controllers, DHCP servers, physical and virtual machines, desktops, laptops and smart phones, databases, office and mission-critical apps, network topology, and safe remote access management. Progent's ransomware recovery team uses advanced collaboration tools to organize the multi-faceted restoration effort. Progent appreciates the importance of working rapidly, tirelessly, and in concert with a client's managers and IT staff to prioritize activity and to put essential resources back online as fast as possible.
- Data restoration: The work required to recover files impacted by a ransomware attack depends on the condition of the systems, how many files are encrypted, and what restore techniques are required. Ransomware assaults can destroy pivotal databases which, if not properly shut down, may need to be reconstructed from the beginning. This can include DNS and Active Directory (AD) databases. Exchange and SQL Server depend on Active Directory, and many financial and other business-critical applications depend on SQL Server. Often some detective work could be needed to locate clean data. For example, non-encrypted Outlook Email Offline Folder Files may exist on staff desktop computers and laptops that were not connected during the attack.
- Implementing modern AV/ransomware protection: Progent's ProSight Active Security Monitoring offers small and medium-sized businesses the advantages of the identical AV tools used by many of the world's largest corporations such as Netflix, Citi, and Salesforce. By delivering in-line malware filtering, identification, containment, restoration and forensics in one integrated platform, Progent's Active Security Monitoring cuts TCO, streamlines management, and expedites operational continuity. The next-generation endpoint protection (NGEP) built into in ProSight Active Security Monitoring was listed by Gartner Group as the "most visionary Endpoint Protection Platform." Find out about Progent's ProSight Active Security Monitoring endpoint protection and ransomware defense.
- Negotiation with the threat actor (TA): Progent has experience negotiating settlements with threat actors. This requires close co-operation with the victim and the insurance carrier, if there is one. Activities consist of establishing the type of ransomware involved in the assault; identifying and making contact with the hacker persona; testing decryption capabilities; deciding on a settlement amount with the victim and the cyber insurance carrier; negotiating a settlement and schedule with the TA; checking compliance with anti-money laundering (AML) sanctions; carrying out the crypto-currency disbursement to the TA; receiving, learning, and operating the decryption utility; debugging failed files; building a pristine environment; remapping and connecting datastores to reflect precisely their pre-attack state; and recovering machines and services.
- Forensics: This process involves uncovering the ransomware assault's storyline across the network from beginning to end. This history of how a ransomware assault travelled through the network helps your IT staff to assess the impact and brings to light shortcomings in policies or work habits that should be rectified to prevent future breaches. Forensics entails the examination of all logs, registry, Group Policy Object, Active Directory (AD), DNS, routers, firewalls, schedulers, and core Windows systems to look for anomalies. Forensic analysis is usually given a top priority by the cyber insurance carrier. Since forensics can take time, it is essential that other important recovery processes like business continuity are performed concurrently. Progent maintains a large team of information technology and security experts with the knowledge and experience needed to perform the work of containment, operational resumption, and data recovery without disrupting forensic analysis.
Progent has delivered remote and on-premises network services throughout the United States for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have been awarded advanced certifications in core technology platforms such as Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications such as CISM, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial and Enterprise Resource Planning applications. This broad array of skills gives Progent the ability to salvage and integrate the surviving pieces of your IT environment after a ransomware attack and rebuild them rapidly into an operational network. Progent has worked with leading insurance providers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent for Ransomware Cleanup Consulting in Baltimore
For ransomware system recovery consulting services in the Baltimore metro area, phone Progent at 800-462-8800 or see Contact Progent.