Ransomware Hot Line: 800-462-8800
24x7 Remote Help from a Top-tier Ransomware Engineer
Ransomware requires time to work its way through a network. Because of this, ransomware assaults are commonly launched on weekends and late at night, when IT staff may take longer to become aware of a break-in and are least able to organize a rapid and forceful response. The more lateral movement ransomware can manage inside a victim's system, the more time it takes to restore basic IT services and damaged files and the more information can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is intended to guide organizations to carry out the time-critical first steps in mitigating a ransomware assault by putting out the fire. Progent's remote ransomware engineers can help businesses to identify and quarantine breached servers and endpoints and guard undamaged resources from being compromised.
If your network has been breached by any strain of ransomware, don't panic. Get immediate help by calling Progent's 24-hour Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Expertise
Current strains of ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor encrypt online files and invade any accessible backups. Data synchronized to the cloud can also be impacted. For a poorly defended environment, this can make automated restoration nearly impossible and effectively knocks the datacenter back to square one. So-called Threat Actors (TAs), the hackers responsible for ransomware assault, insist on a ransom payment for the decryption tools required to unlock encrypted data. Ransomware attacks also try to exfiltrate information and TAs require an extra settlement in exchange for not posting this information or selling it. Even if you are able to restore your system to a tolerable date in time, exfiltration can pose a big issue depending on the sensitivity of the downloaded data.
The restoration work subsequent to ransomware penetration involves a number of crucial stages, most of which can proceed concurrently if the recovery team has a sufficient number of members with the required experience.
- Containment: This urgent first response involves arresting the lateral spread of ransomware across your IT system. The more time a ransomware attack is allowed to go unrestricted, the more complex and more costly the restoration process. Recognizing this, Progent keeps a round-the-clock Ransomware Hotline monitored by veteran ransomware response experts. Containment activities include isolating affected endpoints from the rest of network to minimize the contagion, documenting the environment, and securing entry points.
- System continuity: This covers restoring the IT system to a minimal acceptable level of capability with the shortest possible downtime. This effort is usually at the highest level of urgency for the victims of the ransomware attack, who often see it as an existential issue for their company. This project also requires the widest array of technical skills that span domain controllers, DHCP servers, physical and virtual machines, desktops, laptops and smart phones, databases, office and line-of-business applications, network topology, and safe remote access. Progent's ransomware recovery team uses advanced collaboration platforms to organize the multi-faceted recovery effort. Progent appreciates the importance of working rapidly, continuously, and in unison with a customer's management and IT group to prioritize activity and to get vital resources on line again as quickly as possible.
- Data restoration: The effort required to restore files damaged by a ransomware assault depends on the state of the network, how many files are encrypted, and what restore techniques are needed. Ransomware assaults can destroy critical databases which, if not gracefully closed, might need to be reconstructed from scratch. This can include DNS and AD databases. Exchange and Microsoft SQL Server rely on Active Directory, and many ERP and other business-critical applications depend on Microsoft SQL Server. Often some detective work could be needed to locate clean data. For example, non-encrypted OST files may have survived on staff PCs and notebooks that were off line at the time of the attack. Progent's ProSight Data Protection Services offer Altaro VM Backup technology to defend against ransomware attacks via Immutable Cloud Storage. This produces tamper-proof data that cannot be erased or modified by any user including administrators or root users.
- Implementing modern antivirus/ransomware defense: Progent's Active Security Monitoring incorporates SentinelOne's machine learning technology to offer small and medium-sized companies the benefits of the same anti-virus tools used by some of the world's largest corporations such as Netflix, Citi, and Salesforce. By delivering in-line malware filtering, identification, mitigation, repair and forensics in one integrated platform, ProSight ASM cuts TCO, simplifies management, and expedites operational continuity. SentinelOne's next-generation endpoint protection (NGEP) incorporated in Progent's ProSight ASM was ranked by Gartner Group as the "most visionary Endpoint Protection Platform." Progent is a SentinelOne Partner, reseller, and integrator. Find out about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware recovery with SentinelOne technology.
- Negotiation with the hacker Progent is experienced in negotiating ransom settlements with threat actors. This requires close co-operation with the ransomware victim and the cyber insurance carrier, if there is one. Activities consist of establishing the kind of ransomware used in the attack; identifying and making contact with the hacker persona; verifying decryption tool; deciding on a settlement amount with the victim and the cyber insurance provider; establishing a settlement amount and timeline with the TA; checking compliance with anti-money laundering sanctions; carrying out the crypto-currency transfer to the hacker; acquiring, learning, and operating the decryptor tool; troubleshooting decryption problems; building a clean environment; mapping and connecting drives to match exactly their pre-encryption condition; and recovering computers and software services.
- Forensic analysis: This process involves discovering the ransomware attack's storyline across the targeted network from beginning to end. This audit trail of how a ransomware attack progressed through the network helps you to assess the impact and uncovers weaknesses in rules or processes that need to be corrected to prevent later break-ins. Forensics involves the review of all logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to look for changes. Forensics is usually assigned a high priority by the cyber insurance carrier. Because forensic analysis can be time consuming, it is critical that other important recovery processes like business resumption are pursued concurrently. Progent maintains a large team of IT and data security experts with the skills needed to carry out activities for containment, business continuity, and data recovery without disrupting forensics.
Progent has delivered remote and on-premises network services throughout the United States for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes consultants who have earned advanced certifications in foundation technologies including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security experts have earned industry-recognized certifications including CISM, CISSP, and CRISC. (Refer to Progent's certifications). Progent also has top-tier support in financial and ERP application software. This broad array of expertise gives Progent the ability to salvage and consolidate the surviving parts of your information system after a ransomware intrusion and reconstruct them quickly into a functioning system. Progent has worked with top cyber insurance carriers including Chubb to help businesses clean up after ransomware attacks.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response Services
To see a PDF datasheet about Progent's ransomware endpoint protection and response (EDR) services, click:
Progent's Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware System Recovery Services
For ransomware system recovery consulting, phone Progent at 800-462-8800 or see Contact Progent.