Ransomware Hot Line: 800-462-8800
24x7 Remote Access to a Top-tier Ransomware Engineer
Ransomware requires time to steal its way across a network. Because of this, ransomware attacks are typically unleashed on weekends and at night, when support staff may be slower to become aware of a break-in and are less able to mount a rapid and forceful defense. The more lateral movement ransomware is able to manage inside a victim's network, the longer it takes to recover basic IT services and damaged files and the more data can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is designed to help you to complete the time-critical first phase in mitigating a ransomware assault by putting out the fire. Progent's online ransomware engineers can help businesses to identify and quarantine infected devices and guard undamaged assets from being compromised.
If your system has been breached by any version of ransomware, don't panic. Get help quickly by calling Progent's 24x7 Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Expertise
Current strains of crypto-ransomware like Ryuk, Maze, DopplePaymer, and Nephilim encrypt online data and invade any accessible system restores. Files synchronized to the cloud can also be corrupted. For a vulnerable environment, this can make system restoration almost impossible and basically sets the IT system back to the beginning. Threat Actors (TAs), the cybercriminals responsible for ransomware attack, insist on a ransom payment in exchange for the decryptors needed to unlock scrambled data. Ransomware attacks also try to steal (or "exfiltrate") files and hackers require an extra settlement for not posting this information on the dark web. Even if you can restore your network to an acceptable point in time, exfiltration can pose a big issue depending on the sensitivity of the downloaded information.
The recovery work subsequent to ransomware attack involves a number of distinct phases, the majority of which can proceed in parallel if the recovery team has enough people with the required experience.
- Quarantine: This time-critical initial response requires arresting the sideways spread of the attack across your IT system. The more time a ransomware assault is permitted to go unrestricted, the more complex and more costly the recovery process. Recognizing this, Progent keeps a 24x7 Ransomware Hotline monitored by veteran ransomware recovery engineers. Containment processes include cutting off affected endpoints from the rest of network to restrict the contagion, documenting the environment, and securing entry points.
- System continuity: This involves restoring the network to a basic acceptable level of functionality with the least downtime. This effort is typically the top priority for the targets of the ransomware assault, who often see it as a life-or-death issue for their company. This project also demands the widest array of technical skills that span domain controllers, DHCP servers, physical and virtual servers, PCs, laptops and smart phones, databases, productivity and line-of-business applications, network architecture, and secure endpoint access. Progent's recovery team uses advanced workgroup tools to organize the complex restoration effort. Progent appreciates the importance of working quickly, tirelessly, and in concert with a client's management and IT group to prioritize activity and to get essential resources back online as quickly as feasible.
- Data recovery: The work required to restore files damaged by a ransomware assault depends on the condition of the network, the number of files that are encrypted, and which restore techniques are needed. Ransomware assaults can take down key databases which, if not gracefully shut down, might have to be reconstructed from scratch. This can apply to DNS and Active Directory (AD) databases. Exchange and Microsoft SQL Server rely on Active Directory, and many ERP and other business-critical platforms depend on SQL Server. Some detective work could be needed to locate undamaged data. For instance, non-encrypted OST files (Outlook Email Offline Folder Files) may exist on employees' desktop computers and notebooks that were off line during the ransomware assault. Progent's ProSight Data Protection Services offer Altaro VM Backup tools to protect against ransomware attacks by leveraging Immutable Cloud Storage. This produces tamper-proof backup data that cannot be modified by any user including root users.
- Implementing modern antivirus/ransomware defense: ProSight ASM incorporates SentinelOne's behavioral analysis technology to give small and mid-sized businesses the advantages of the identical anti-virus technology used by some of the world's largest enterprises such as Netflix, Citi, and NASDAQ. By delivering in-line malware filtering, identification, mitigation, repair and analysis in a single integrated platform, Progent's ASM lowers total cost of ownership, streamlines management, and expedites recovery. SentinelOne's next-generation endpoint protection (NGEP) incorporated in ProSight Active Security Monitoring was ranked by Gartner Group as the "most visionary Endpoint Protection Platform." Progent is a SentinelOne Partner, dealer, and integrator. Learn about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense with SentinelOne technology.
- Negotiation with the hacker Progent has experience negotiating ransom settlements with hackers. This calls for working closely with the victim and the insurance carrier, if any. Services consist of establishing the type of ransomware used in the assault; identifying and making contact with the hacker persona; testing decryption tool; deciding on a settlement with the ransomware victim and the cyber insurance provider; establishing a settlement amount and timeline with the hacker; confirming compliance with anti-money laundering (AML) regulations; overseeing the crypto-currency transfer to the TA; acquiring, learning, and operating the decryption tool; debugging decryption problems; creating a pristine environment; mapping and reconnecting datastores to reflect precisely their pre-attack condition; and recovering machines and software services.
- Forensics: This process is aimed at learning the ransomware assault's storyline across the targeted network from beginning to end. This audit trail of how a ransomware attack travelled within the network assists your IT staff to evaluate the impact and brings to light weaknesses in policies or processes that need to be corrected to avoid future break-ins. Forensics involves the examination of all logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to look for changes. Forensics is typically assigned a high priority by the cyber insurance provider. Since forensics can be time consuming, it is critical that other important activities such as operational continuity are performed in parallel. Progent has an extensive team of IT and security professionals with the knowledge and experience required to carry out activities for containment, business continuity, and data restoration without interfering with forensic analysis.
Progent's Background
Progent has delivered online and onsite network services throughout the United States for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have earned advanced certifications in foundation technology platforms including Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications such as CISM, CISSP, and CRISC. (Refer to Progent's certifications). Progent also offers top-tier support in financial management and Enterprise Resource Planning software. This broad array of expertise gives Progent the ability to identify and consolidate the surviving pieces of your information system after a ransomware assault and reconstruct them quickly into a functioning system. Progent has worked with leading insurance carriers including Chubb to help organizations clean up after ransomware attacks.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response Services
To read or download a PDF datasheet describing Progent's ransomware endpoint detection and response services, click:
Progent's Progent's Ransomware Endpoint Detection and Response (EDR) Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware System Recovery Consulting
For ransomware cleanup expertise, call Progent at 800-462-8800 or go to Contact Progent.