Ransomware Hot Line: 800-462-8800
24x7 Online Access to a Top-tier Ransomware Engineer
Ransomware needs time to work its way across a target network. Because of this, ransomware assaults are typically launched on weekends and late at night, when IT personnel are likely to be slower to become aware of a break-in and are less able to mount a rapid and coordinated defense. The more lateral progress ransomware can manage within a target's system, the more time it will require to recover basic IT services and scrambled files and the more information can be exfiltrated to the dark web.
Progent's Ransomware Hot Line is intended to help you to complete the time-critical first phase in responding to a ransomware assault by stopping the bleeding. Progent's remote ransomware engineers can assist businesses to identify and quarantine infected servers and endpoints and guard undamaged resources from being compromised.
If your system has been breached by any strain of ransomware, don't panic. Get help quickly by calling Progent's 24x7 Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Expertise
Current strains of ransomware such as Ryuk, Maze, Netwalker, and Nephilim encrypt online files and attack any accessible backups. Data synchronized to the cloud can also be impacted. For a vulnerable environment, this can make automated restoration almost impossible and basically sets the datacenter back to square one. Threat Actors (TAs), the cybercriminals responsible for ransomware attack, insist on a settlement fee for the decryption tools needed to recover encrypted data. Ransomware attacks also attempt to steal (or "exfiltrate") information and TAs demand an additional settlement in exchange for not publishing this information on the dark web. Even if you can rollback your system to an acceptable point in time, exfiltration can pose a big issue depending on the sensitivity of the downloaded information.
The recovery process subsequent to ransomware penetration has a number of distinct phases, most of which can proceed concurrently if the recovery workgroup has a sufficient number of members with the necessary experience.
- Containment: This time-critical first response involves blocking the sideways progress of ransomware across your network. The more time a ransomware assault is allowed to run unchecked, the longer and more expensive the restoration effort. Because of this, Progent keeps a round-the-clock Ransomware Hotline monitored by seasoned ransomware recovery engineers. Quarantine processes include cutting off infected endpoint devices from the network to block the spread, documenting the environment, and securing entry points.
- System continuity: This covers restoring the network to a basic acceptable degree of functionality with the shortest possible delay. This process is typically at the highest level of urgency for the victims of the ransomware attack, who often perceive it to be a life-or-death issue for their company. This project also demands the broadest array of technical skills that cover domain controllers, DHCP servers, physical and virtual machines, desktops, laptops and mobile phones, databases, productivity and mission-critical applications, network topology, and safe remote access. Progent's recovery experts use state-of-the-art workgroup platforms to coordinate the multi-faceted restoration process. Progent appreciates the importance of working quickly, continuously, and in unison with a client's managers and IT group to prioritize activity and to put essential resources on line again as fast as feasible.
- Data restoration: The effort necessary to recover data damaged by a ransomware attack varies according to the condition of the network, the number of files that are affected, and which recovery techniques are required. Ransomware assaults can take down critical databases which, if not gracefully closed, may need to be rebuilt from the beginning. This can apply to DNS and AD databases. Microsoft Exchange and SQL Server depend on AD, and many manufacturing and other business-critical platforms depend on Microsoft SQL Server. Often some detective work may be required to find clean data. For example, non-encrypted OST files may have survived on staff PCs and laptops that were not connected at the time of the assault. Progent's ProSight Data Protection Services utilize Altaro VM Backup technology to protect against ransomware via Immutable Cloud Storage. This produces tamper-proof data that cannot be modified by any user including administrators.
- Implementing advanced antivirus/ransomware protection: ProSight ASM utilizes SentinelOne's machine learning technology to offer small and medium-sized businesses the advantages of the identical AV technology implemented by some of the world's largest enterprises such as Walmart, Citi, and NASDAQ. By providing real-time malware blocking, detection, mitigation, repair and forensics in a single integrated platform, Progent's ProSight ASM lowers total cost of ownership, simplifies administration, and promotes rapid operational continuity. SentinelOne's next-generation endpoint protection engine built into in Progent's Active Security Monitoring was listed by Gartner Group as the "most visionary Endpoint Protection Platform (EPP)." Progent is a SentinelOne Partner, reseller, and integrator. Read about Progent's ProSight Active Security Monitoring endpoint protection and ransomware defense with SentinelOne technology.
- Negotiating a settlement with the threat actor (TA): Progent has experience negotiating ransom settlements with threat actors. This calls for working closely with the victim and the insurance carrier, if there is one. Services include determining the kind of ransomware involved in the attack; identifying and establishing communications the hacker persona; testing decryption tool; deciding on a settlement amount with the victim and the insurance provider; negotiating a settlement and schedule with the TA; confirming adherence to anti-money laundering sanctions; carrying out the crypto-currency transfer to the hacker; receiving, learning, and using the decryptor tool; troubleshooting decryption problems; building a clean environment; remapping and reconnecting datastores to reflect precisely their pre-encryption state; and recovering machines and services.
- Forensics: This process involves discovering the ransomware assault's progress throughout the targeted network from beginning to end. This history of the way a ransomware assault progressed within the network assists you to evaluate the damage and uncovers shortcomings in rules or processes that need to be rectified to avoid later break-ins. Forensics entails the examination of all logs, registry, Group Policy Object, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and basic Windows systems to check for anomalies. Forensic analysis is commonly given a high priority by the insurance carrier. Since forensics can be time consuming, it is vital that other important activities such as business resumption are pursued in parallel. Progent has a large team of IT and data security professionals with the skills required to carry out the work of containment, operational continuity, and data recovery without interfering with forensics.
Progent's Qualifications
Progent has delivered remote and on-premises network services throughout the United States for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes professionals who have been awarded advanced certifications in core technologies such as Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned industry-recognized certifications including CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also has top-tier support in financial and Enterprise Resource Planning application software. This breadth of skills gives Progent the ability to salvage and consolidate the undamaged parts of your information system after a ransomware attack and rebuild them rapidly into a viable network. Progent has worked with leading insurance carriers including Chubb to help businesses recover from ransomware attacks.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response Services
To see a datasheet about Progent's ransomware endpoint detection and response (EDR) services, click:
Progent's Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware System Recovery Expertise
For ransomware cleanup services, call Progent at 800-462-8800 or go to Contact Progent.