Ransomware Hot Line: 800-462-8800
24x7 Online Access to a Senior Ransomware Consultant
Ransomware requires time to steal its way across a target network. For this reason, ransomware assaults are commonly unleashed on weekends and late at night, when IT personnel may take longer to recognize a breach and are least able to mount a rapid and coordinated defense. The more lateral progress ransomware is able to make within a target's network, the longer it will require to recover basic operations and damaged files and the more data can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is intended to help organizations to complete the urgent first steps in responding to a ransomware attack by putting out the fire. Progent's online ransomware experts can assist you to identify and isolate breached servers and endpoints and protect clean resources from being compromised.
If your system has been breached by any version of ransomware, don't panic. Get help quickly by calling Progent's 24-hour Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Services
Modern strains of crypto-ransomware like Ryuk, Maze, Sodinokibi and Netwalker encrypt online data and infiltrate any accessible system restores and backups. Data synched to the cloud can also be corrupted. In a vulnerable environment, this can make automated recovery impossible and effectively knocks the datacenter back to square one. Threat actors (TAs), the cybercriminals behind a ransomware attack, demand a ransom payment for the decryptors needed to recover scrambled data. Ransomware attacks also try to exfiltrate information and TAs demand an additional ransom in exchange for not posting this data on the dark web. Even if you can rollback your system to an acceptable date in time, exfiltration can be a major issue depending on the sensitivity of the stolen data.
The recovery process after a ransomware penetration involves several distinct stages, most of which can proceed in parallel if the recovery team has enough people with the necessary skill sets.
- Containment: This time-critical first step involves arresting the lateral spread of ransomware across your network. The longer a ransomware attack is allowed to run unchecked, the longer and more expensive the recovery process. Recognizing this, Progent maintains a 24x7 Ransomware Hotline staffed by seasoned ransomware recovery engineers. Containment activities include quarantining affected endpoint devices from the network to minimize the spread, documenting the environment, and securing entry points.
- Operational continuity: This involves restoring the network to a minimal acceptable level of functionality with the shortest possible delay. This process is typically the top priority of the victims of the ransomware attack, who often perceive it to be an existential issue. This activity also requires the broadest range of technical skills that cover domain controllers, DHCP servers, physical and virtual servers and endpoints, databases, productivity and line-of-business applications, network architecture, and secure endpoint access. Progent's recovery team uses state-of-the-art project management and collaboration tools to coordinate the complex recovery process. Progent understands the importance of working quickly, tirelessly, and in unison with a customer's management and IT staff to prioritize tasks and to put essential services back on line as fast as possible.
- Data recovery: The effort required to restore data damaged by a ransomware attack depends on the state of the systems, how many files are encrypted, and what methods of recovery are required. Ransomware attacks can destroy critical databases which, if not gracefully shut down, may have to be rebuilt from scratch. This can include DNS and Active Directory (AD) databases. Exchange and SQL Server depend on AD, and many ERP and other business-critical applications depend on SQL Server. Some detective work may be needed to find clean data. For example, non-encrypted OST files (Outlook Email Offline Folder Files) may exist on staff desktop computers and laptops that were not connected during the attack.
- Setting up modern antivirus/ransomware protection: Progent's Active Security Monitoring is a 24x7 service that incorporates AV/ransomware protection technology used by many of the world's largest corporations including Netflix, Visa, and NASDAQ to provide real-time malware filtering, detection, mitigation, rollback recovery and root-cause forensic analysis in one integrated platform.
- Negotiation with the Threat Actor (TA): Progent has experience negotiating ransom settlements with TAs. This requires close co-operation with the victim and the cyber insurance carrier. Activities include determining the type of ransomware used in the attack; identifying and establishing contact with the hacker; verifying decryption capabilities; budgeting a settlement with the victim and insurance carrier; negotiating a settlement and timeline with the TA; confirming compliance with anti-money laundering regulations; handling the crypto-currency payment to the TA; acquiring, learning, and using the decryption tool; debugging failed files; creating a clean environment; and restoring machines and services.
- Forensics: Forensics can be time consuming, requiring the review of all logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to check for variations. Progent makes sure that containment, operational continuity, settlement negotiation, and data recovery activity can be carried on without interfering with forensics or being delayed by forensics.
Progent has provided professional IT services throughout the United States for two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISM, CISSP-ISSAP, CRISC, and GIAC. (See Progent's certifications). Progent also has expertise in financial management and ERP application software. This breadth of expertise gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them into a functioning system. Progent has worked with top cyber insurance providers including Chubb to help businesses recover from ransomware attacks.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response Services
To read or download a PDF datasheet describing Progent's ransomware endpoint detection and response (EDR) services, click:
Progent's Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware Recovery Solutions
For ransomware recovery expertise, call Progent at 800-993-9400 or go to Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is intended to guide organizations to carry out the urgent first step in responding to a ransomware assault by stopping the bleeding. Progent's online ransomware engineer can assist businesses to identify and isolate infected servers and endpoints and protect clean resources from being compromised. If your system has been penetrated by any version of ransomware, act fast. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800. For more information, see Progent's Ransomware 24x7 Hot Line.