Ransomware Hot Line: 800-462-8800
24x7 Remote Access to a Top-tier Ransomware Engineer
Ransomware requires time to steal its way across a target network. Because of this, ransomware attacks are typically unleashed on weekends and at night, when support staff may take longer to recognize a penetration and are less able to organize a rapid and forceful response. The more lateral movement ransomware is able to make within a victim's system, the more time it will require to restore basic operations and scrambled files and the more data can be exfiltrated to the dark web.
Progent's Ransomware Hot Line is intended to help organizations to carry out the urgent first phase in responding to a ransomware assault by stopping the bleeding. Progent's online ransomware expert can help businesses to identify and isolate infected servers and endpoints and protect clean assets from being compromised.
If your system has been penetrated by any strain of ransomware, don't panic. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Expertise
Modern variants of crypto-ransomware such as Ryuk, Sodinokibi, Netwalker, and Nephilim encrypt online files and infiltrate any accessible backups. Files synched to the cloud can also be impacted. For a vulnerable network, this can make automated recovery almost impossible and effectively sets the IT system back to square one. Threat Actors, the hackers responsible for ransomware assault, insist on a settlement payment in exchange for the decryptors required to unlock encrypted data. Ransomware attacks also try to steal (or "exfiltrate") information and TAs require an extra ransom for not posting this data or selling it. Even if you can restore your system to a tolerable point in time, exfiltration can be a big issue depending on the sensitivity of the downloaded information.
The recovery process subsequent to ransomware attack involves a number of crucial phases, the majority of which can proceed concurrently if the recovery workgroup has enough members with the required skill sets.
- Quarantine: This urgent first response involves blocking the lateral spread of the attack within your network. The longer a ransomware attack is permitted to run unrestricted, the more complex and more costly the restoration process. Because of this, Progent keeps a 24x7 Ransomware Hotline staffed by veteran ransomware response engineers. Quarantine processes consist of isolating infected endpoint devices from the rest of network to block the contagion, documenting the IT system, and protecting entry points.
- System continuity: This involves restoring the network to a minimal useful level of capability with the shortest possible delay. This process is typically the highest priority for the victims of the ransomware attack, who often perceive it to be a life-or-death issue for their company. This project also demands the widest range of IT abilities that span domain controllers, DHCP servers, physical and virtual machines, PCs, laptops and mobile phones, databases, office and mission-critical applications, network architecture, and protected remote access management. Progent's recovery team uses advanced workgroup tools to organize the complicated restoration effort. Progent appreciates the urgency of working rapidly, tirelessly, and in concert with a client's management and network support staff to prioritize tasks and to get critical services back online as fast as possible.
- Data restoration: The work necessary to recover data impacted by a ransomware attack depends on the condition of the systems, how many files are affected, and which restore techniques are needed. Ransomware assaults can destroy critical databases which, if not properly closed, may have to be reconstructed from scratch. This can apply to DNS and AD databases. Exchange and SQL Server rely on Active Directory, and many financial and other mission-critical platforms are powered by Microsoft SQL Server. Some detective work may be needed to find clean data. For example, non-encrypted Outlook Email Offline Folder Files may exist on staff PCs and notebooks that were off line at the time of the ransomware assault.
- Setting up advanced antivirus/ransomware protection: Progent's Active Security Monitoring gives small and mid-sized businesses the advantages of the identical anti-virus tools implemented by some of the world's largest enterprises including Walmart, Citi, and Salesforce. By providing in-line malware filtering, detection, mitigation, repair and forensics in one integrated platform, Progent's ProSight ASM reduces TCO, simplifies management, and expedites recovery. The next-generation endpoint protection engine built into in Progent's Active Security Monitoring was ranked by Gartner Group as the industry's "most visionary Endpoint Protection Platform (EPP)." Find out about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware recovery.
- Negotiation with the threat actor (TA): Progent is experienced in negotiating ransom settlements with threat actors. This requires working closely with the victim and the insurance carrier, if any. Services include determining the kind of ransomware used in the assault; identifying and making contact with the hacker persona; testing decryption tool; deciding on a settlement amount with the ransomware victim and the insurance provider; negotiating a settlement and timeline with the TA; confirming adherence to anti-money laundering (AML) regulations; carrying out the crypto-currency transfer to the hacker; receiving, reviewing, and using the decryption utility; debugging failed files; creating a pristine environment; remapping and reconnecting drives to reflect exactly their pre-encryption condition; and reprovisioning machines and software services.
- Forensics: This activity involves learning the ransomware attack's progress throughout the targeted network from beginning to end. This audit trail of the way a ransomware assault travelled through the network assists your IT staff to evaluate the damage and uncovers vulnerabilities in rules or work habits that need to be corrected to prevent future breaches. Forensics involves the review of all logs, registry, Group Policy Object (GPO), AD, DNS, routers, firewalls, schedulers, and basic Windows systems to look for changes. Forensics is usually given a top priority by the insurance provider. Because forensic analysis can be time consuming, it is essential that other key recovery processes such as operational resumption are performed in parallel. Progent maintains a large roster of information technology and data security experts with the knowledge and experience required to perform activities for containment, operational continuity, and data recovery without interfering with forensic analysis.
Progent has delivered remote and on-premises IT services across the United States for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have been awarded high-level certifications in foundation technologies including Cisco networking, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISA, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also has guidance in financial management and Enterprise Resource Planning software. This broad array of expertise gives Progent the ability to identify and consolidate the surviving parts of your network following a ransomware assault and rebuild them quickly into an operational system. Progent has worked with leading insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent for Ransomware Cleanup Consulting Services
For ransomware cleanup expertise, call Progent at 800-462-8800 or see Contact Progent.