Ransomware Hot Line: 800-462-8800
24x7 Online Help from a Senior Ransomware Engineer
Ransomware needs time to steal its way through a network. For this reason, ransomware attacks are commonly launched on weekends and late at night, when IT personnel are likely to be slower to become aware of a break-in and are least able to mount a rapid and coordinated response. The more lateral progress ransomware is able to manage within a victim's system, the more time it will require to recover core IT services and damaged files and the more information can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is intended to help you to take the time-critical first step in responding to a ransomware attack by stopping the bleeding. Progent's remote ransomware experts can assist organizations in the Durham area to identify and quarantine infected servers and endpoints and guard clean assets from being penetrated.
If your network has been breached by any strain of ransomware, don't panic. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Expertise Offered in Durham
Modern strains of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Egregor encrypt online data and infiltrate any accessible system restores and backups. Files synched to the cloud can also be corrupted. For a vulnerable environment, this can make system recovery nearly impossible and effectively throws the IT system back to square one. So-called Threat Actors, the hackers behind a ransomware assault, insist on a settlement payment in exchange for the decryption tools required to recover scrambled data. Ransomware attacks also attempt to steal (or "exfiltrate") files and hackers demand an additional settlement in exchange for not posting this data on the dark web. Even if you can rollback your system to a tolerable point in time, exfiltration can pose a major issue depending on the sensitivity of the downloaded information.
The recovery work after a ransomware penetration has a number of crucial stages, most of which can proceed in parallel if the response team has enough members with the necessary experience.
- Containment: This time-critical first response requires arresting the lateral spread of ransomware within your IT system. The longer a ransomware assault is permitted to go unchecked, the more complex and more costly the recovery effort. Recognizing this, Progent maintains a 24x7 Ransomware Hotline monitored by seasoned ransomware recovery engineers. Quarantine processes include cutting off affected endpoints from the network to restrict the contagion, documenting the IT system, and protecting entry points.
- Operational continuity: This covers restoring the network to a minimal acceptable degree of functionality with the shortest possible delay. This effort is usually the top priority for the targets of the ransomware assault, who often perceive it to be a life-or-death issue for their company. This activity also demands the broadest range of technical abilities that span domain controllers, DHCP servers, physical and virtual servers, desktops, notebooks and smart phones, databases, productivity and mission-critical applications, network topology, and secure remote access. Progent's ransomware recovery experts use advanced workgroup platforms to coordinate the complex recovery effort. Progent appreciates the urgency of working rapidly, continuously, and in unison with a customer's management and network support staff to prioritize tasks and to put vital resources on line again as fast as possible.
- Data restoration: The work necessary to recover files damaged by a ransomware assault depends on the state of the network, how many files are encrypted, and what recovery techniques are needed. Ransomware attacks can destroy critical databases which, if not carefully shut down, might have to be rebuilt from scratch. This can include DNS and Active Directory (AD) databases. Exchange and Microsoft SQL Server rely on AD, and many financial and other business-critical applications depend on SQL Server. Often some detective work may be required to find clean data. For instance, undamaged OST files (Outlook Email Offline Folder Files) may have survived on employees' PCs and notebooks that were off line at the time of the ransomware attack.
- Deploying modern AV/ransomware protection: Progent's Active Security Monitoring incorporates SentinelOne's behavioral analysis technology to offer small and mid-sized businesses the benefits of the same AV tools implemented by many of the world's largest corporations including Netflix, Visa, and NASDAQ. By providing real-time malware filtering, identification, containment, restoration and analysis in a single integrated platform, ProSight Active Security Monitoring lowers total cost of ownership, simplifies administration, and promotes rapid operational continuity. SentinelOne's next-generation endpoint protection engine incorporated in Progent's ProSight ASM was ranked by Gartner Group as the "most visionary Endpoint Protection Platform." Progent is a SentinelOne Partner, dealer, and integrator. Read about Progent's ProSight Active Security Monitoring endpoint protection and ransomware defense with SentinelOne technology.
- Negotiating a settlement with the hacker Progent is experienced in negotiating ransom settlements with threat actors. This requires close co-operation with the victim and the cyber insurance carrier, if any. Services include determining the kind of ransomware used in the attack; identifying and making contact with the hacker; verifying decryption tool; deciding on a settlement with the victim and the insurance carrier; negotiating a settlement and schedule with the TA; checking adherence to anti-money laundering (AML) regulations; carrying out the crypto-currency transfer to the TA; receiving, learning, and operating the decryption utility; troubleshooting decryption problems; building a clean environment; mapping and connecting drives to reflect precisely their pre-encryption condition; and reprovisioning computers and services.
- Forensics: This process is aimed at learning the ransomware attack's storyline across the network from beginning to end. This audit trail of the way a ransomware attack travelled through the network helps your IT staff to evaluate the damage and uncovers shortcomings in policies or work habits that should be rectified to prevent future break-ins. Forensics involves the review of all logs, registry, Group Policy Object (GPO), Active Directory, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for anomalies. Forensics is commonly assigned a high priority by the insurance provider. Since forensic analysis can be time consuming, it is essential that other important activities such as business continuity are executed in parallel. Progent has an extensive roster of information technology and data security experts with the knowledge and experience needed to carry out activities for containment, business resumption, and data recovery without disrupting forensics.
Progent has provided remote and onsite network services throughout the U.S. for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes professionals who have earned advanced certifications in core technologies such as Cisco infrastructure, VMware, and popular Linux distros. Progent's cybersecurity consultants have earned prestigious certifications such as CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial and ERP application software. This breadth of expertise allows Progent to salvage and integrate the undamaged pieces of your IT environment after a ransomware assault and rebuild them rapidly into an operational network. Progent has collaborated with leading insurance carriers including Chubb to help businesses recover from ransomware attacks.
Contact Progent for Ransomware System Recovery Expertise in Durham
For ransomware recovery consulting in the Durham area, phone Progent at 800-462-8800 or visit Contact Progent.