Ransomware Hot Line: 800-462-8800
24x7 Remote Access to a Top-tier Ransomware Engineer
Ransomware requires time to work its way through a target network. Because of this, ransomware attacks are commonly unleashed on weekends and at night, when support staff are likely to take longer to recognize a penetration and are least able to mount a rapid and forceful response. The more lateral movement ransomware is able to manage within a target's network, the longer it takes to recover core operations and damaged files and the more information can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is intended to guide you to take the time-critical first phase in mitigating a ransomware assault by containing the malware. Progent's online ransomware experts can help you to identify and isolate breached devices and protect undamaged assets from being compromised.
If your network has been penetrated by any version of ransomware, act fast. Get immediate help by calling Progent's 24x7 Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Services
Modern strains of crypto-ransomware like Ryuk, Maze, Sodinokibi and Netwalker encrypt online data and infiltrate any accessible system restores and backups. Data synched to the cloud can also be corrupted. In a vulnerable environment, this can make automated recovery impossible and effectively knocks the datacenter back to square one. Threat actors (TAs), the cybercriminals behind a ransomware attack, demand a ransom payment for the decryptors needed to recover scrambled data. Ransomware attacks also try to exfiltrate information and TAs demand an additional ransom in exchange for not posting this data on the dark web. Even if you can rollback your system to an acceptable date in time, exfiltration can be a major issue depending on the sensitivity of the stolen data.
The recovery process after a ransomware penetration involves several distinct stages, most of which can proceed in parallel if the recovery team has enough people with the necessary skill sets.
- Containment: This time-critical first step involves arresting the lateral spread of ransomware across your network. The longer a ransomware attack is allowed to run unchecked, the longer and more expensive the recovery process. Recognizing this, Progent maintains a 24x7 Ransomware Hotline staffed by seasoned ransomware recovery engineers. Containment activities include quarantining affected endpoint devices from the network to minimize the spread, documenting the environment, and securing entry points.
- Operational continuity: This involves restoring the network to a minimal acceptable level of functionality with the shortest possible delay. This process is typically the top priority of the victims of the ransomware attack, who often perceive it to be an existential issue. This activity also requires the broadest range of technical skills that cover domain controllers, DHCP servers, physical and virtual servers and endpoints, databases, productivity and line-of-business applications, network architecture, and secure endpoint access. Progent's recovery team uses state-of-the-art project management and collaboration tools to coordinate the complex recovery process. Progent understands the importance of working quickly, tirelessly, and in unison with a customer's management and IT staff to prioritize tasks and to put essential services back on line as fast as possible.
- Data recovery: The effort required to restore data damaged by a ransomware attack depends on the state of the systems, how many files are encrypted, and what methods of recovery are required. Ransomware attacks can destroy critical databases which, if not gracefully shut down, may have to be rebuilt from scratch. This can include DNS and Active Directory (AD) databases. Exchange and SQL Server depend on AD, and many ERP and other business-critical applications depend on SQL Server. Some detective work may be needed to find clean data. For example, non-encrypted OST files (Outlook Email Offline Folder Files) may exist on staff desktop computers and laptops that were not connected during the attack.
- Setting up modern antivirus/ransomware protection: Progent's Active Security Monitoring is a 24x7 service that incorporates AV/ransomware protection technology used by many of the world's largest corporations including Netflix, Visa, and NASDAQ to provide real-time malware filtering, detection, mitigation, rollback recovery and root-cause forensic analysis in one integrated platform.
- Negotiation with the Threat Actor: Progent has experience negotiating ransom settlements with attackers. This requires close co-operation with the victim and the cyber insurance carrier. Activities include determining the type of ransomware used in the attack; identifying and establishing contact with the hacker; verifying decryption capabilities; budgeting a settlement with the victim and insurance carrier; negotiating a settlement and timeline with the TA; confirming compliance with anti-money laundering regulations; handling the crypto-currency payment to the TA; acquiring, learning, and using the decryption tool; debugging failed files; creating a clean environment; and restoring machines and services.
- Forensics: Forensics can be time consuming, requiring the review of all logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to check for variations. Progent makes sure that containment, operational continuity, settlement negotiation, and data recovery activity can be carried on without interfering with forensics or being delayed by forensics.
Progent's Qualifications
Progent has provided professional IT services throughout the United States for two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISM, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them into a functioning system. Progent has worked with top cyber insurance providers including Chubb to help businesses recover from ransomware attacks.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response Services
To read or download a PDF datasheet describing Progent's ransomware endpoint detection and response (EDR) services, click:
Progent's Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware Recovery Solutions
For ransomware recovery expertise, call Progent at 800-993-9400 or go to Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is intended to assist you to complete the time-critical first step in responding to a ransomware assault by containing the malware. Progent's online ransomware expert can assist you to locate and isolate infected devices and guard undamaged resources from being compromised. If your network has been breached by any version of ransomware, don't panic. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800. For details, visit Progent's Ransomware 24x7 Hot Line.