Ransomware Hot Line: 800-462-8800
24x7 Remote Help from a Senior Ransomware Consultant
Ransomware needs time to work its way through a network. For this reason, ransomware attacks are typically unleashed on weekends and at night, when IT staff may take longer to recognize a break-in and are less able to organize a rapid and coordinated defense. The more lateral movement ransomware can manage inside a victim's network, the more time it takes to recover core IT services and scrambled files and the more information can be exfiltrated to the dark web.
Progent's Ransomware Hot Line is intended to guide organizations to carry out the urgent first step in mitigating a ransomware attack by stopping the bleeding. Progent's remote ransomware experts can assist businesses in the Durham area to identify and quarantine infected devices and guard undamaged resources from being penetrated.
If your network has been breached by any version of ransomware, don't panic. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Services Offered in Durham
Current strains of crypto-ransomware like Ryuk, Sodinokibi, Netwalker, and Egregor encrypt online files and attack any accessible system restores. Data synched to the cloud can also be impacted. For a poorly defended environment, this can make system restoration almost impossible and effectively knocks the datacenter back to square one. So-called Threat Actors (TAs), the cybercriminals responsible for ransomware attack, insist on a ransom fee in exchange for the decryptors needed to unlock scrambled files. Ransomware assaults also try to steal (or "exfiltrate") files and hackers demand an extra ransom in exchange for not posting this information on the dark web. Even if you can rollback your system to an acceptable point in time, exfiltration can be a major issue according to the nature of the stolen data.
The recovery work after a ransomware incursion has several distinct phases, most of which can proceed in parallel if the recovery team has enough members with the required experience.
- Containment: This urgent first response requires blocking the sideways spread of the attack within your IT system. The longer a ransomware assault is allowed to run unrestricted, the longer and more expensive the recovery effort. Recognizing this, Progent keeps a 24x7 Ransomware Hotline monitored by seasoned ransomware recovery engineers. Quarantine activities include cutting off infected endpoint devices from the network to block the spread, documenting the environment, and protecting entry points.
- System continuity: This involves restoring the network to a basic useful level of functionality with the least delay. This process is usually at the highest level of urgency for the targets of the ransomware assault, who often perceive it to be an existential issue for their company. This activity also requires the widest range of technical abilities that span domain controllers, DHCP servers, physical and virtual machines, PCs, notebooks and mobile phones, databases, office and line-of-business apps, network architecture, and protected remote access. Progent's recovery team uses advanced workgroup platforms to coordinate the multi-faceted recovery process. Progent understands the urgency of working rapidly, tirelessly, and in unison with a client's management and IT staff to prioritize tasks and to put critical resources on line again as quickly as possible.
- Data restoration: The effort required to restore files damaged by a ransomware assault varies according to the state of the network, the number of files that are affected, and what recovery techniques are needed. Ransomware attacks can take down key databases which, if not properly shut down, might need to be reconstructed from the beginning. This can apply to DNS and Active Directory databases. Microsoft Exchange and Microsoft SQL Server rely on AD, and many manufacturing and other mission-critical platforms depend on SQL Server. Often some detective work may be required to locate clean data. For instance, undamaged Outlook Email Offline Folder Files may exist on employees' desktop computers and laptops that were off line during the assault. Progent's ProSight Data Protection Services utilize Altaro VM Backup tools to protect against ransomware via Immutable Cloud Storage. This produces tamper-proof data that cannot be modified by anyone including administrators or root users.
- Setting up modern AV/ransomware protection: Progent's ProSight Active Security Monitoring utilizes SentinelOne's machine learning technology to offer small and mid-sized businesses the benefits of the identical AV technology implemented by some of the world's largest corporations including Walmart, Visa, and Salesforce. By providing in-line malware blocking, identification, mitigation, restoration and analysis in one integrated platform, Progent's ProSight ASM lowers TCO, simplifies management, and expedites resumption of operations. SentinelOne's next-generation endpoint protection (NGEP) built into in ProSight ASM was ranked by Gartner Group as the industry's "most visionary Endpoint Protection Platform (EPP)." Progent is a SentinelOne Partner, dealer, and integrator. Find out about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware recovery with SentinelOne technology.
- Negotiating a settlement with the hacker Progent is experienced in negotiating settlements with threat actors. This requires working closely with the ransomware victim and the cyber insurance carrier, if there is one. Services include determining the type of ransomware used in the attack; identifying and making contact with the hacker persona; verifying decryption capabilities; budgeting a settlement amount with the victim and the cyber insurance provider; establishing a settlement amount and schedule with the hacker; checking adherence to anti-money laundering regulations; carrying out the crypto-currency disbursement to the TA; acquiring, reviewing, and using the decryption utility; debugging failed files; creating a pristine environment; remapping and connecting drives to reflect precisely their pre-attack state; and reprovisioning physical and virtual devices and software services.
- Forensics: This activity is aimed at learning the ransomware assault's storyline across the targeted network from beginning to end. This history of how a ransomware assault travelled through the network assists you to assess the impact and uncovers shortcomings in policies or processes that should be corrected to prevent future break-ins. Forensics entails the examination of all logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to detect changes. Forensic analysis is typically given a high priority by the insurance carrier. Since forensics can be time consuming, it is critical that other key activities like operational resumption are pursued concurrently. Progent maintains a large roster of IT and cybersecurity professionals with the knowledge and experience required to carry out activities for containment, business continuity, and data restoration without disrupting forensics.
Progent's Background
Progent has delivered online and on-premises network services throughout the U.S. for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have earned advanced certifications in core technologies including Cisco infrastructure, VMware, and popular Linux distros. Progent's data security consultants have earned industry-recognized certifications including CISA, CISSP, GIAC, and CMMC 2.0. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP software. This breadth of skills gives Progent the ability to salvage and consolidate the surviving pieces of your information system following a ransomware assault and rebuild them rapidly into a viable network. Progent has worked with top insurance carriers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent for Ransomware Cleanup Consulting Services in Durham
For ransomware system restoration services in the Durham metro area, call Progent at 800-462-8800 or go to Contact Progent.