Ransomware Hot Line: 800-462-8800
24x7 Online Access to a Top-tier Ransomware Engineer
Ransomware needs time to work its way across a network. Because of this, ransomware assaults are commonly unleashed on weekends and at night, when IT personnel are likely to be slower to become aware of a penetration and are least able to mount a quick and coordinated response. The more lateral progress ransomware can manage within a target's system, the longer it will require to recover core operations and damaged files and the more information can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is designed to help you to complete the urgent first steps in mitigating a ransomware attack by stopping the bleeding. Progent's online ransomware engineers can assist you to identify and isolate breached servers and endpoints and protect clean resources from being penetrated.
If your network has been breached by any strain of ransomware, act fast. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Services
Modern strains of ransomware like Ryuk, Maze, DopplePaymer, and Nephilim encrypt online files and attack any accessible system restores and backups. Files synched to the cloud can also be corrupted. For a poorly defended environment, this can make system recovery nearly impossible and basically sets the datacenter back to the beginning. Threat Actors (TAs), the cybercriminals responsible for ransomware assault, insist on a ransom payment in exchange for the decryption tools required to unlock encrypted files. Ransomware attacks also attempt to exfiltrate information and hackers demand an additional payment for not publishing this data or selling it. Even if you can restore your system to a tolerable point in time, exfiltration can be a big problem depending on the sensitivity of the stolen data.
The recovery process subsequent to ransomware penetration involves a number of distinct stages, most of which can be performed in parallel if the response workgroup has enough people with the required experience.
- Containment: This urgent first response involves arresting the lateral spread of ransomware across your network. The more time a ransomware attack is permitted to run unrestricted, the longer and more expensive the recovery effort. Recognizing this, Progent maintains a round-the-clock Ransomware Hotline monitored by seasoned ransomware recovery engineers. Containment processes include isolating infected endpoints from the rest of network to block the contagion, documenting the IT system, and protecting entry points.
- Operational continuity: This involves restoring the IT system to a minimal useful level of functionality with the least delay. This process is usually at the highest level of urgency for the targets of the ransomware attack, who often see it as a life-or-death issue for their business. This activity also demands the broadest array of technical abilities that cover domain controllers, DHCP servers, physical and virtual servers, desktops, notebooks and smart phones, databases, productivity and line-of-business apps, network architecture, and safe endpoint access. Progent's recovery team uses advanced workgroup tools to organize the complex restoration process. Progent appreciates the urgency of working rapidly, continuously, and in unison with a client's managers and IT group to prioritize tasks and to get vital resources back online as fast as possible.
- Data recovery: The effort required to restore files damaged by a ransomware attack varies according to the condition of the network, how many files are encrypted, and which restore techniques are needed. Ransomware attacks can take down key databases which, if not gracefully shut down, might need to be rebuilt from scratch. This can apply to DNS and AD databases. Microsoft Exchange and Microsoft SQL Server rely on AD, and many manufacturing and other mission-critical platforms are powered by SQL Server. Some detective work could be required to find clean data. For example, non-encrypted Outlook Email Offline Folder Files may have survived on employees' desktop computers and notebooks that were not connected during the attack.
- Implementing modern antivirus/ransomware defense: ProSight ASM incorporates SentinelOne's machine learning technology to offer small and medium-sized businesses the advantages of the same anti-virus tools used by many of the world's largest enterprises including Walmart, Citi, and Salesforce. By delivering in-line malware filtering, detection, mitigation, restoration and analysis in one integrated platform, Progent's ProSight Active Security Monitoring lowers TCO, streamlines administration, and expedites resumption of operations. SentinelOne's next-generation endpoint protection engine built into in ProSight Active Security Monitoring was listed by Gartner Group as the "most visionary Endpoint Protection Platform." Progent is a SentinelOne Partner, reseller, and integrator. Learn about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware recovery with SentinelOne technology.
- Negotiation with the hacker Progent is experienced in negotiating settlements with threat actors. This calls for close co-operation with the ransomware victim and the insurance provider, if any. Services include determining the type of ransomware involved in the assault; identifying and establishing communications the hacker persona; verifying decryption capabilities; deciding on a settlement amount with the victim and the cyber insurance provider; negotiating a settlement and timeline with the hacker; confirming compliance with anti-money laundering (AML) sanctions; overseeing the crypto-currency transfer to the TA; receiving, learning, and using the decryptor utility; troubleshooting decryption problems; building a pristine environment; remapping and reconnecting drives to reflect precisely their pre-encryption state; and restoring computers and services.
- Forensics: This process involves discovering the ransomware attack's progress throughout the network from beginning to end. This audit trail of how a ransomware assault travelled through the network assists you to evaluate the damage and brings to light weaknesses in rules or processes that need to be rectified to avoid later break-ins. Forensics entails the review of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to detect anomalies. Forensic analysis is usually assigned a high priority by the insurance provider. Since forensics can take time, it is essential that other key activities such as business resumption are pursued concurrently. Progent maintains a large roster of information technology and security experts with the skills needed to carry out activities for containment, business continuity, and data recovery without disrupting forensic analysis.
Progent's Qualifications
Progent has delivered remote and onsite IT services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes professionals who have earned high-level certifications in core technology platforms such as Cisco networking, VMware, and popular distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial management and ERP application software. This broad array of expertise allows Progent to identify and integrate the surviving pieces of your IT environment after a ransomware attack and rebuild them rapidly into a viable system. Progent has collaborated with top cyber insurance carriers like Chubb to help businesses recover from ransomware assaults.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response (EDR) Services
To see a datasheet describing Progent's ransomware endpoint protection and response (EDR) services, click:
Progent's Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware Cleanup Consulting
For ransomware system recovery expertise, call Progent at 800-462-8800 or visit Contact Progent.