Ransomware Hot Line: 800-462-8800
24x7 Remote Access to a Senior Ransomware Consultant
Ransomware needs time to work its way across a target network. Because of this, ransomware assaults are commonly unleashed on weekends and late at night, when IT staff may be slower to recognize a breach and are less able to organize a rapid and coordinated response. The more lateral movement ransomware is able to make inside a victim's system, the longer it will require to recover core operations and scrambled files and the more data can be exfiltrated to the dark web.
Progent's Ransomware Hot Line is intended to guide organizations to carry out the time-critical first step in mitigating a ransomware assault by putting out the fire. Progent's online ransomware expert can help you to locate and quarantine breached devices and guard undamaged assets from being penetrated.
If your network has been breached by any version of ransomware, don't panic. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Services
Modern strains of crypto-ransomware like Ryuk, Maze, Sodinokibi and Netwalker encrypt online data and infiltrate any accessible system restores and backups. Data synched to the cloud can also be corrupted. In a vulnerable environment, this can make automated recovery impossible and effectively knocks the datacenter back to square one. Threat actors (TAs), the cybercriminals behind a ransomware attack, demand a ransom payment for the decryptors needed to recover scrambled data. Ransomware attacks also try to exfiltrate information and TAs demand an additional ransom in exchange for not posting this data on the dark web. Even if you can rollback your system to an acceptable date in time, exfiltration can be a major issue depending on the sensitivity of the stolen data.
The recovery process after a ransomware penetration involves several distinct stages, most of which can proceed in parallel if the recovery team has enough people with the necessary skill sets.
- Containment: This time-critical first step involves arresting the lateral spread of ransomware across your network. The longer a ransomware attack is allowed to run unchecked, the longer and more expensive the recovery process. Recognizing this, Progent maintains a 24x7 Ransomware Hotline staffed by seasoned ransomware recovery engineers. Containment activities include quarantining affected endpoint devices from the network to minimize the spread, documenting the environment, and securing entry points.
- Operational continuity: This involves restoring the network to a minimal acceptable level of functionality with the shortest possible delay. This process is typically the top priority of the victims of the ransomware attack, who often perceive it to be an existential issue. This activity also requires the broadest range of technical skills that cover domain controllers, DHCP servers, physical and virtual servers and endpoints, databases, productivity and line-of-business applications, network architecture, and secure endpoint access. Progent's recovery team uses state-of-the-art project management and collaboration tools to coordinate the complex recovery process. Progent understands the importance of working quickly, tirelessly, and in unison with a customer's management and IT staff to prioritize tasks and to put essential services back on line as fast as possible.
- Data recovery: The effort required to restore data damaged by a ransomware attack depends on the state of the systems, how many files are encrypted, and what methods of recovery are required. Ransomware attacks can destroy critical databases which, if not gracefully shut down, may have to be rebuilt from scratch. This can include DNS and Active Directory (AD) databases. Exchange and SQL Server depend on AD, and many ERP and other business-critical applications depend on SQL Server. Some detective work may be needed to find clean data. For example, non-encrypted OST files (Outlook Email Offline Folder Files) may exist on staff desktop computers and laptops that were not connected during the attack.
- Setting up modern antivirus/ransomware protection: Progent's Active Security Monitoring is a 24x7 service that incorporates AV/ransomware protection technology used by many of the world's largest corporations including Netflix, Visa, and NASDAQ to provide real-time malware filtering, detection, mitigation, rollback recovery and forensic analysis in one integrated platform.
- Negotiation with the Threat Actor (TA): Progent has experience negotiating ransom settlements with TAs. This requires close co-operation with the victim and the cyber insurance carrier. Activities include determining the type of ransomware used in the attack; identifying and establishing contact with the hacker; verifying decryption capabilities; budgeting a settlement with the victim and insurance carrier; negotiating a settlement and timeline with the TA; confirming compliance with anti-money laundering regulations; handling the crypto-currency payment to the TA; acquiring, learning, and using the decryption tool; debugging failed files; creating a clean environment; and restoring machines and services.
- Forensics: Forensics can be time consuming, requiring the review of all logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to check for variations. Progent makes sure that containment, operational continuity, settlement negotiation, and data recovery activity can be carried on without interfering with forensics or being delayed by forensics.
Progent has provided professional IT services throughout the United States for two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SBEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISM, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them into a functioning system. Progent has worked with top cyber insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent for Ransomware Recovery Solutions
For ransomware recovery expertise, call Progent at 800-993-9400 or go to Contact Progent.