Ransomware Hot Line: 800-462-8800
24x7 Online Access to a Senior Ransomware Consultant
Ransomware needs time to steal its way through a target network. For this reason, ransomware attacks are typically unleashed on weekends and late at night, when support staff are likely to take longer to recognize a breach and are least able to mount a rapid and coordinated defense. The more lateral movement ransomware is able to make inside a victim's network, the longer it takes to recover core operations and scrambled files and the more data can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is designed to guide organizations to take the urgent first phase in responding to a ransomware attack by putting out the fire. Progent's remote ransomware engineer can assist organizations in the Durham metro area to identify and isolate infected devices and protect clean resources from being penetrated.
If your network has been penetrated by any version of ransomware, don't panic. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Expertise Offered in Durham
Modern strains of crypto-ransomware like Ryuk, Sodinokibi, Netwalker, and Egregor encrypt online data and infiltrate any available system restores and backups. Files synchronized to the cloud can also be corrupted. For a vulnerable environment, this can make system restoration almost impossible and basically sets the datacenter back to the beginning. So-called Threat Actors (TAs), the hackers behind a ransomware attack, insist on a ransom payment for the decryptors needed to unlock encrypted files. Ransomware attacks also try to exfiltrate information and hackers demand an additional payment in exchange for not publishing this data or selling it. Even if you are able to rollback your system to an acceptable date in time, exfiltration can pose a big issue according to the nature of the downloaded information.
The recovery process subsequent to ransomware attack has a number of distinct stages, the majority of which can proceed in parallel if the response team has enough members with the necessary skill sets.
- Containment: This urgent initial response requires arresting the sideways spread of the attack across your IT system. The longer a ransomware attack is permitted to run unchecked, the more complex and more costly the restoration effort. Recognizing this, Progent maintains a 24x7 Ransomware Hotline monitored by seasoned ransomware recovery experts. Containment processes consist of cutting off infected endpoints from the rest of network to block the contagion, documenting the IT system, and securing entry points.
- Operational continuity: This involves bringing back the network to a minimal acceptable level of functionality with the least delay. This process is usually at the highest level of urgency for the targets of the ransomware assault, who often perceive it to be an existential issue for their company. This activity also requires the widest range of technical skills that span domain controllers, DHCP servers, physical and virtual machines, desktops, laptops and mobile phones, databases, productivity and line-of-business apps, network topology, and secure endpoint access. Progent's recovery experts use advanced collaboration platforms to organize the multi-faceted recovery effort. Progent appreciates the urgency of working rapidly, tirelessly, and in unison with a customer's managers and network support staff to prioritize activity and to get critical resources back online as quickly as feasible.
- Data restoration: The effort required to recover files impacted by a ransomware assault depends on the state of the network, the number of files that are encrypted, and which restore methods are required. Ransomware attacks can destroy critical databases which, if not gracefully shut down, might have to be reconstructed from the beginning. This can include DNS and Active Directory (AD) databases. Exchange and SQL Server rely on AD, and many manufacturing and other business-critical applications are powered by Microsoft SQL Server. Some detective work could be needed to locate undamaged data. For example, undamaged OST files (Outlook Email Offline Folder Files) may have survived on employees' PCs and laptops that were off line at the time of the ransomware assault.
- Implementing modern AV/ransomware protection: Progent's Active Security Monitoring gives small and mid-sized businesses the benefits of the identical anti-virus technology deployed by many of the world's largest corporations including Netflix, Visa, and NASDAQ. By delivering in-line malware filtering, classification, mitigation, recovery and forensics in one integrated platform, Progent's Active Security Monitoring cuts TCO, simplifies management, and promotes rapid recovery. The next-generation endpoint protection (NGEP) incorporated in Progent's ASM was ranked by Gartner Group as the industry's "most visionary Endpoint Protection Platform." Read about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware defense.
- Negotiation with the threat actor (TA): Progent has experience negotiating ransom settlements with hackers. This calls for close co-operation with the ransomware victim and the cyber insurance provider, if any. Activities include establishing the kind of ransomware involved in the assault; identifying and establishing communications the hacker persona; verifying decryption tool; budgeting a settlement with the ransomware victim and the cyber insurance carrier; establishing a settlement and schedule with the hacker; checking compliance with anti-money laundering (AML) sanctions; carrying out the crypto-currency disbursement to the hacker; receiving, reviewing, and using the decryption utility; debugging failed files; building a clean environment; mapping and reconnecting datastores to match precisely their pre-encryption condition; and recovering machines and services.
- Forensic analysis: This activity involves uncovering the ransomware assault's progress across the targeted network from beginning to end. This history of how a ransomware attack progressed within the network helps your IT staff to evaluate the impact and brings to light weaknesses in security policies or work habits that should be corrected to prevent later breaches. Forensics entails the examination of all logs, registry, Group Policy Object, AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to detect anomalies. Forensic analysis is commonly given a high priority by the cyber insurance carrier. Because forensic analysis can take time, it is critical that other key recovery processes like operational continuity are executed in parallel. Progent has a large roster of information technology and security experts with the skills required to perform the work of containment, business continuity, and data restoration without disrupting forensics.
Progent has provided remote and on-premises IT services across the U.S. for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have earned high-level certifications in foundation technologies including Cisco networking, VMware virtualization, and major Linux distros. Progent's data security experts have earned industry-recognized certifications including CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also offers guidance in financial management and Enterprise Resource Planning software. This broad array of expertise allows Progent to identify and integrate the undamaged pieces of your IT environment after a ransomware assault and reconstruct them quickly into a functioning network. Progent has worked with leading insurance providers including Chubb to assist organizations clean up after ransomware attacks.
Contact Progent for Ransomware System Recovery Consulting Services in Durham
For ransomware recovery expertise in the Durham metro area, phone Progent at 800-462-8800 or see Contact Progent.