Ransomware Hot Line: 800-462-8800
24x7 Online Help from a Top-tier Ransomware Engineer
Ransomware requires time to work its way across a target network. Because of this, ransomware assaults are typically launched on weekends and late at night, when support personnel may be slower to become aware of a penetration and are least able to mount a rapid and coordinated defense. The more lateral progress ransomware is able to manage inside a target's network, the more time it will require to recover basic operations and scrambled files and the more information can be exfiltrated to the dark web.
Progent's Ransomware Hot Line is designed to assist you to complete the time-critical first phase in mitigating a ransomware assault by stopping the bleeding. Progent's remote ransomware engineers can help businesses to locate and quarantine infected servers and endpoints and guard undamaged assets from being compromised.
If your network has been breached by any version of ransomware, act fast. Get immediate help by calling Progent's 24x7 Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Expertise
Current variants of ransomware such as Ryuk, Maze, Netwalker, and Egregor encrypt online files and infiltrate any accessible backups. Data synchronized to the cloud can also be impacted. For a vulnerable network, this can make system restoration nearly impossible and basically sets the datacenter back to the beginning. So-called Threat Actors (TAs), the cybercriminals responsible for ransomware attack, demand a ransom fee in exchange for the decryptors required to recover encrypted files. Ransomware attacks also try to exfiltrate information and hackers require an extra settlement for not publishing this information or selling it. Even if you are able to restore your system to an acceptable point in time, exfiltration can pose a big problem depending on the sensitivity of the downloaded data.
The restoration process after a ransomware attack involves several distinct stages, the majority of which can be performed in parallel if the response team has enough members with the required skill sets.
- Containment: This urgent first response involves blocking the sideways spread of the attack across your IT system. The more time a ransomware attack is allowed to go unrestricted, the longer and more expensive the recovery effort. Recognizing this, Progent maintains a 24x7 Ransomware Hotline monitored by veteran ransomware response engineers. Containment activities consist of cutting off affected endpoint devices from the rest of network to restrict the contagion, documenting the IT system, and protecting entry points.
- System continuity: This involves bringing back the network to a minimal acceptable level of functionality with the shortest possible delay. This effort is typically the highest priority for the victims of the ransomware attack, who often see it as an existential issue for their company. This project also demands the broadest array of technical skills that cover domain controllers, DHCP servers, physical and virtual machines, PCs, laptops and mobile phones, databases, productivity and mission-critical apps, network architecture, and safe remote access. Progent's recovery team uses advanced workgroup platforms to coordinate the complex recovery effort. Progent appreciates the importance of working rapidly, tirelessly, and in concert with a client's management and IT group to prioritize tasks and to put critical services on line again as quickly as feasible.
- Data restoration: The work required to restore files impacted by a ransomware attack varies according to the condition of the systems, the number of files that are affected, and what recovery techniques are required. Ransomware assaults can take down pivotal databases which, if not properly shut down, might need to be reconstructed from scratch. This can include DNS and Active Directory databases. Exchange and SQL Server depend on AD, and many manufacturing and other business-critical platforms depend on SQL Server. Often some detective work may be required to find clean data. For instance, non-encrypted OST files (Outlook Email Offline Folder Files) may exist on employees' PCs and notebooks that were not connected during the attack. Progent's ProSight Data Protection Services offer Altaro VM Backup tools to protect against ransomware attacks via Immutable Cloud Storage. This produces tamper-proof backup data that cannot be modified by anyone including root users.
- Deploying advanced antivirus/ransomware protection: Progent's ProSight Active Security Monitoring incorporates SentinelOne's machine learning technology to offer small and medium-sized companies the benefits of the identical AV technology used by many of the world's largest corporations including Walmart, Citi, and Salesforce. By delivering real-time malware blocking, identification, mitigation, repair and forensics in a single integrated platform, ProSight Active Security Monitoring cuts TCO, streamlines administration, and promotes rapid resumption of operations. SentinelOne's next-generation endpoint protection (NGEP) built into in Progent's ASM was ranked by Gartner Group as the industry's "most visionary Endpoint Protection Platform (EPP)." Progent is a SentinelOne Partner, reseller, and integrator. Learn about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware defense with SentinelOne technology.
- Negotiating a settlement with the hacker Progent is experienced in negotiating ransom settlements with hackers. This calls for working closely with the victim and the insurance carrier, if there is one. Services consist of determining the type of ransomware involved in the assault; identifying and making contact with the hacker; verifying decryption tool; budgeting a settlement amount with the victim and the insurance carrier; establishing a settlement and schedule with the TA; checking compliance with anti-money laundering (AML) sanctions; overseeing the crypto-currency payment to the TA; acquiring, learning, and using the decryptor tool; troubleshooting decryption problems; building a clean environment; mapping and reconnecting datastores to match precisely their pre-attack state; and restoring physical and virtual devices and services.
- Forensics: This process is aimed at uncovering the ransomware assault's progress across the network from start to finish. This audit trail of how a ransomware assault progressed within the network helps your IT staff to evaluate the impact and highlights shortcomings in security policies or processes that need to be rectified to prevent later break-ins. Forensics entails the examination of all logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to look for changes. Forensic analysis is typically given a high priority by the cyber insurance provider. Because forensic analysis can take time, it is critical that other key recovery processes such as operational continuity are executed concurrently. Progent has a large roster of IT and security professionals with the knowledge and experience needed to carry out the work of containment, business continuity, and data recovery without interfering with forensics.
Progent has delivered online and onsite IT services across the United States for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have earned high-level certifications in foundation technology platforms including Cisco networking, VMware, and popular distributions of Linux. Progent's data security experts have earned industry-recognized certifications such as CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also offers top-tier support in financial management and Enterprise Resource Planning software. This breadth of skills gives Progent the ability to identify and integrate the undamaged pieces of your information system after a ransomware attack and rebuild them rapidly into an operational system. Progent has collaborated with top cyber insurance providers including Chubb to assist organizations clean up after ransomware attacks.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response (EDR) Services
For a datasheet about Progent's ransomware endpoint protection and response services, click:
Progent's Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware Recovery Consulting Services
For ransomware system recovery consulting services, call Progent at 800-462-8800 or see Contact Progent.