Ransomware Hot Line: 800-462-8800
24x7 Online Help from a Senior Ransomware Consultant
Ransomware needs time to steal its way through a network. For this reason, ransomware assaults are commonly launched on weekends and late at night, when IT personnel are likely to be slower to become aware of a penetration and are less able to organize a rapid and forceful response. The more lateral progress ransomware can manage inside a target's network, the longer it will require to restore basic operations and damaged files and the more data can be exfiltrated to the dark web.
Progent's Ransomware Hot Line is intended to guide you to take the time-critical first steps in mitigating a ransomware assault by putting out the fire. Progent's remote ransomware experts can assist businesses to locate and quarantine infected devices and guard undamaged resources from being compromised.
If your network has been penetrated by any version of ransomware, don't panic. Get help quickly by calling Progent's 24x7 Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Services
Modern variants of ransomware like Ryuk, Sodinokibi, Netwalker, and Egregor encrypt online files and invade any available backups. Data synched to the cloud can also be corrupted. For a vulnerable environment, this can make system restoration nearly impossible and basically throws the IT system back to square one. Threat Actors (TAs), the cybercriminals behind a ransomware attack, demand a ransom payment in exchange for the decryption tools required to recover scrambled files. Ransomware assaults also try to exfiltrate information and hackers demand an extra ransom for not posting this data on the dark web. Even if you can rollback your network to an acceptable date in time, exfiltration can pose a major problem depending on the sensitivity of the stolen data.
The restoration work after a ransomware attack has several distinct phases, most of which can be performed concurrently if the response workgroup has enough people with the necessary experience.
- Containment: This urgent initial step involves blocking the lateral progress of the attack within your network. The longer a ransomware attack is permitted to run unrestricted, the more complex and more costly the restoration process. Recognizing this, Progent maintains a 24x7 Ransomware Hotline monitored by seasoned ransomware response experts. Quarantine activities consist of cutting off infected endpoint devices from the rest of network to block the contagion, documenting the environment, and securing entry points.
- Operational continuity: This covers restoring the network to a basic useful degree of functionality with the shortest possible downtime. This effort is usually the highest priority for the victims of the ransomware attack, who often see it as an existential issue for their company. This project also requires the widest range of technical skills that cover domain controllers, DHCP servers, physical and virtual machines, desktops, notebooks and smart phones, databases, office and line-of-business applications, network topology, and protected endpoint access management. Progent's recovery team uses state-of-the-art workgroup tools to coordinate the complex restoration effort. Progent appreciates the importance of working rapidly, continuously, and in concert with a customer's management and IT staff to prioritize tasks and to get critical resources back online as quickly as possible.
- Data recovery: The effort necessary to recover data damaged by a ransomware attack depends on the condition of the network, the number of files that are encrypted, and which recovery methods are required. Ransomware attacks can destroy pivotal databases which, if not carefully shut down, might need to be rebuilt from scratch. This can apply to DNS and AD databases. Exchange and SQL Server depend on Active Directory, and many ERP and other mission-critical applications depend on Microsoft SQL Server. Often some detective work may be required to find undamaged data. For example, non-encrypted OST files may have survived on employees' PCs and laptops that were off line at the time of the assault. Progent's ProSight Data Protection Services utilize Altaro VM Backup tools to defend against ransomware by leveraging Immutable Cloud Storage. This creates tamper-proof backup data that cannot be erased or modified by any user including administrators.
- Setting up modern AV/ransomware protection: Progent's ProSight ASM incorporates SentinelOne's machine learning technology to offer small and mid-sized businesses the advantages of the identical anti-virus technology used by some of the world's largest enterprises such as Netflix, Visa, and Salesforce. By providing real-time malware blocking, detection, mitigation, restoration and analysis in a single integrated platform, ProSight ASM reduces TCO, simplifies management, and promotes rapid operational continuity. SentinelOne's next-generation endpoint protection engine built into in Progent's ASM was listed by Gartner Group as the industry's "most visionary Endpoint Protection Platform." Progent is a SentinelOne Partner, reseller, and integrator. Learn about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense with SentinelOne technology.
- Negotiation with the threat actor (TA): Progent has experience negotiating ransom settlements with hackers. This requires working closely with the victim and the insurance carrier, if any. Services consist of establishing the kind of ransomware involved in the attack; identifying and establishing communications the hacker persona; verifying decryption capabilities; budgeting a settlement amount with the ransomware victim and the insurance provider; establishing a settlement and timeline with the hacker; confirming compliance with anti-money laundering sanctions; carrying out the crypto-currency disbursement to the hacker; acquiring, learning, and operating the decryption utility; debugging decryption problems; creating a pristine environment; remapping and connecting datastores to match exactly their pre-encryption condition; and restoring machines and services.
- Forensic analysis: This process involves learning the ransomware attack's storyline throughout the targeted network from start to finish. This audit trail of how a ransomware assault travelled within the network assists you to evaluate the impact and brings to light vulnerabilities in security policies or work habits that need to be rectified to avoid future break-ins. Forensics entails the examination of all logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to look for changes. Forensics is usually assigned a high priority by the cyber insurance provider. Since forensics can take time, it is vital that other important activities like business resumption are executed concurrently. Progent has an extensive team of information technology and cybersecurity experts with the skills needed to carry out activities for containment, operational resumption, and data restoration without disrupting forensics.
Progent's Qualifications
Progent has provided remote and onsite IT services throughout the United States for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have been awarded high-level certifications in core technologies such as Cisco infrastructure, VMware, and popular Linux distros. Progent's data security consultants have earned industry-recognized certifications such as CISA, CISSP, and CRISC. (See Progent's certifications). Progent also offers guidance in financial management and Enterprise Resource Planning application software. This breadth of skills allows Progent to salvage and integrate the surviving pieces of your network after a ransomware intrusion and reconstruct them rapidly into a viable network. Progent has worked with leading cyber insurance carriers including Chubb to help organizations recover from ransomware assaults.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response (EDR) Services
For a PDF datasheet about Progent's ransomware endpoint detection and response (EDR) services, click:
Progent's Progent's Ransomware Endpoint Detection and Response (EDR) Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware System Recovery Consulting
For ransomware system recovery consulting, call Progent at 800-462-8800 or visit Contact Progent.