Ransomware Hot Line: 800-462-8800
24x7 Remote Access to a Senior Ransomware Engineer
Ransomware requires time to steal its way through a target network. Because of this, ransomware attacks are commonly unleashed on weekends and at night, when IT staff may be slower to become aware of a break-in and are least able to organize a rapid and forceful defense. The more lateral movement ransomware can make within a victim's system, the longer it takes to restore core operations and scrambled files and the more information can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is intended to assist you to take the urgent first step in mitigating a ransomware assault by putting out the fire. Progent's online ransomware experts can help businesses in the Durham area to locate and quarantine breached devices and protect clean assets from being penetrated.
If your system has been penetrated by any version of ransomware, act fast. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Services Offered in Durham
Current strains of ransomware like Ryuk, Maze, DopplePaymer, and Nephilim encrypt online files and invade any accessible system restores and backups. Data synchronized to the cloud can also be corrupted. For a poorly defended network, this can make automated recovery almost impossible and basically throws the datacenter back to square one. Threat Actors (TAs), the hackers behind a ransomware assault, demand a ransom fee for the decryption tools required to unlock scrambled data. Ransomware attacks also try to exfiltrate information and hackers demand an extra settlement in exchange for not posting this data on the dark web. Even if you are able to restore your network to a tolerable date in time, exfiltration can be a major problem depending on the sensitivity of the stolen information.
The recovery work after a ransomware penetration has several distinct stages, most of which can proceed in parallel if the recovery team has enough members with the necessary experience.
- Quarantine: This time-critical first response involves arresting the sideways spread of the attack across your network. The more time a ransomware assault is permitted to go unchecked, the more complex and more expensive the restoration effort. Recognizing this, Progent keeps a 24x7 Ransomware Hotline staffed by veteran ransomware response engineers. Quarantine processes include cutting off infected endpoints from the network to restrict the contagion, documenting the environment, and securing entry points.
- System continuity: This involves restoring the IT system to a minimal useful level of functionality with the least downtime. This process is usually at the highest level of urgency for the victims of the ransomware attack, who often see it as an existential issue for their business. This project also demands the broadest array of technical skills that cover domain controllers, DHCP servers, physical and virtual servers, desktops, notebooks and smart phones, databases, office and mission-critical applications, network architecture, and protected remote access management. Progent's ransomware recovery team uses advanced workgroup platforms to coordinate the complex restoration process. Progent appreciates the importance of working quickly, continuously, and in unison with a customer's managers and IT staff to prioritize tasks and to put essential services on line again as fast as feasible.
- Data restoration: The work necessary to restore files impacted by a ransomware assault varies according to the state of the systems, the number of files that are affected, and which restore methods are required. Ransomware attacks can take down pivotal databases which, if not gracefully closed, may have to be rebuilt from the beginning. This can apply to DNS and Active Directory (AD) databases. Microsoft Exchange and Microsoft SQL Server depend on Active Directory, and many manufacturing and other business-critical applications are powered by SQL Server. Often some detective work could be needed to find clean data. For example, undamaged OST files (Outlook Email Offline Folder Files) may have survived on staff PCs and laptops that were off line at the time of the ransomware attack. Progent's Altaro VM Backup consultants can assist you to deploy immutable backup for cloud object storage, allowing tamper-proof data while under the defined policy so that backup data cannot be erased or modified by any user including root users. This provides an extra level of security and restoration ability in the event of a ransomware breach.
- Setting up modern AV/ransomware protection: ProSight ASM utilizes SentinelOne's behavioral analysis technology to offer small and mid-sized businesses the benefits of the identical anti-virus technology implemented by many of the world's biggest enterprises including Netflix, Citi, and Salesforce. By delivering in-line malware filtering, identification, mitigation, repair and analysis in one integrated platform, Progent's ProSight ASM cuts TCO, simplifies administration, and expedites recovery. SentinelOne's next-generation endpoint protection engine incorporated in Progent's ProSight Active Security Monitoring was ranked by Gartner Group as the "most visionary Endpoint Protection Platform." Progent is a SentinelOne Partner, dealer, and integrator. Read about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware recovery with SentinelOne technology.
- Negotiation with the hacker Progent is experienced in negotiating settlements with threat actors. This calls for working closely with the ransomware victim and the cyber insurance provider, if any. Services include establishing the type of ransomware used in the assault; identifying and making contact with the hacker persona; verifying decryption tool; budgeting a settlement with the ransomware victim and the insurance provider; negotiating a settlement and timeline with the hacker; checking compliance with anti-money laundering (AML) regulations; overseeing the crypto-currency transfer to the hacker; receiving, learning, and using the decryption tool; troubleshooting decryption problems; building a pristine environment; mapping and reconnecting drives to reflect exactly their pre-encryption condition; and recovering machines and software services.
- Forensic analysis: This activity involves learning the ransomware attack's progress throughout the network from start to finish. This audit trail of the way a ransomware attack progressed within the network helps your IT staff to evaluate the impact and uncovers shortcomings in policies or work habits that should be corrected to avoid later breaches. Forensics involves the review of all logs, registry, Group Policy Object, Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to check for anomalies. Forensics is commonly given a high priority by the cyber insurance provider. Because forensics can take time, it is vital that other important activities such as operational resumption are performed concurrently. Progent has a large roster of IT and cybersecurity experts with the skills needed to perform activities for containment, business resumption, and data restoration without disrupting forensic analysis.
Progent has provided online and on-premises IT services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes consultants who have been awarded advanced certifications in core technologies including Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning application software. This breadth of skills gives Progent the ability to identify and integrate the undamaged pieces of your IT environment following a ransomware attack and rebuild them quickly into an operational network. Progent has collaborated with top insurance carriers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent for Ransomware System Recovery Expertise in Durham
For ransomware cleanup consulting in the Durham metro area, call Progent at 800-462-8800 or see Contact Progent.