Ransomware Hot Line: 800-462-8800
24x7 Remote Access to a Top-tier Ransomware Engineer
Ransomware requires time to steal its way across a target network. Because of this, ransomware attacks are typically launched on weekends and at night, when support personnel may be slower to become aware of a breach and are less able to mount a quick and coordinated defense. The more lateral movement ransomware can manage inside a target's network, the longer it will require to recover basic IT services and scrambled files and the more information can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is intended to help organizations to complete the urgent first steps in responding to a ransomware assault by putting out the fire. Progent's remote ransomware experts can assist businesses to identify and quarantine breached servers and endpoints and guard undamaged assets from being penetrated.
If your network has been penetrated by any version of ransomware, act fast. Get help quickly by calling Progent's 24-hour Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Expertise
Current variants of ransomware such as Ryuk, Maze, Netwalker, and Nephilim encrypt online data and invade any available backups. Data synched to the cloud can also be corrupted. For a poorly defended environment, this can make system restoration almost impossible and effectively throws the IT system back to square one. So-called Threat Actors (TAs), the cybercriminals behind a ransomware attack, insist on a ransom fee for the decryption tools required to recover scrambled files. Ransomware assaults also attempt to exfiltrate information and hackers demand an extra settlement in exchange for not publishing this information or selling it. Even if you are able to restore your network to an acceptable date in time, exfiltration can pose a major problem according to the sensitivity of the stolen data.
The restoration work after a ransomware attack has several distinct stages, most of which can be performed in parallel if the response team has a sufficient number of members with the required skill sets.
- Containment: This time-critical initial response requires arresting the lateral spread of the attack within your IT system. The more time a ransomware attack is allowed to go unchecked, the more complex and more expensive the recovery effort. Because of this, Progent keeps a 24x7 Ransomware Hotline staffed by seasoned ransomware response engineers. Containment activities include isolating affected endpoint devices from the rest of network to restrict the contagion, documenting the environment, and protecting entry points.
- Operational continuity: This involves restoring the network to a minimal acceptable level of functionality with the shortest possible downtime. This process is typically the top priority for the victims of the ransomware assault, who often perceive it to be a life-or-death issue for their business. This activity also demands the broadest range of technical skills that cover domain controllers, DHCP servers, physical and virtual machines, PCs, laptops and mobile phones, databases, productivity and mission-critical applications, network architecture, and secure endpoint access. Progent's ransomware recovery team uses state-of-the-art workgroup platforms to organize the complex restoration effort. Progent appreciates the urgency of working rapidly, tirelessly, and in concert with a customer's management and network support group to prioritize activity and to get vital resources back online as fast as possible.
- Data restoration: The effort required to restore files impacted by a ransomware assault depends on the state of the systems, how many files are affected, and what restore methods are needed. Ransomware assaults can destroy key databases which, if not properly shut down, may need to be reconstructed from the beginning. This can include DNS and AD databases. Microsoft Exchange and Microsoft SQL Server depend on Active Directory, and many ERP and other business-critical platforms depend on SQL Server. Often some detective work could be required to locate undamaged data. For example, undamaged OST files (Outlook Email Offline Folder Files) may exist on employees' desktop computers and notebooks that were not connected at the time of the ransomware assault. Progent's ProSight Data Protection Services utilize Altaro VM Backup technology to protect against ransomware attacks via Immutable Cloud Storage. This produces tamper-proof backup data that cannot be modified by anyone including administrators or root users.
- Implementing advanced antivirus/ransomware protection: ProSight ASM utilizes SentinelOne's behavioral analysis technology to offer small and mid-sized businesses the benefits of the same anti-virus tools used by many of the world's largest enterprises such as Netflix, Visa, and NASDAQ. By providing in-line malware blocking, classification, mitigation, recovery and forensics in a single integrated platform, Progent's ProSight ASM reduces TCO, simplifies management, and expedites resumption of operations. SentinelOne's next-generation endpoint protection (NGEP) built into in Progent's ASM was ranked by Gartner Group as the industry's "most visionary Endpoint Protection Platform." Progent is a SentinelOne Partner, reseller, and integrator. Read about Progent's ProSight Active Security Monitoring endpoint protection and ransomware defense with SentinelOne technology.
- Negotiating a settlement with the threat actor (TA): Progent has experience negotiating ransom settlements with threat actors. This calls for working closely with the victim and the insurance provider, if there is one. Activities include determining the kind of ransomware involved in the attack; identifying and establishing communications the hacker; testing decryption tool; budgeting a settlement with the victim and the insurance carrier; establishing a settlement and timeline with the hacker; checking compliance with anti-money laundering (AML) sanctions; overseeing the crypto-currency payment to the TA; receiving, reviewing, and operating the decryptor utility; troubleshooting failed files; creating a clean environment; remapping and reconnecting drives to reflect precisely their pre-attack condition; and restoring physical and virtual devices and services.
- Forensics: This activity is aimed at uncovering the ransomware assault's progress across the network from start to finish. This history of the way a ransomware attack travelled through the network assists your IT staff to evaluate the damage and highlights gaps in rules or processes that should be rectified to avoid later breaches. Forensics entails the review of all logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and basic Windows systems to check for anomalies. Forensics is typically assigned a high priority by the cyber insurance carrier. Since forensic analysis can be time consuming, it is critical that other important recovery processes like operational continuity are executed in parallel. Progent maintains an extensive roster of IT and security professionals with the knowledge and experience needed to carry out activities for containment, business resumption, and data restoration without interfering with forensic analysis.
Progent's Qualifications
Progent has delivered online and onsite network services throughout the U.S. for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes professionals who have earned advanced certifications in core technology platforms including Cisco networking, VMware, and major distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial management and Enterprise Resource Planning applications. This broad array of skills allows Progent to identify and integrate the undamaged pieces of your IT environment following a ransomware assault and reconstruct them rapidly into a functioning network. Progent has worked with top insurance providers like Chubb to assist organizations clean up after ransomware attacks.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response Services
For a datasheet about Progent's ransomware endpoint detection and response (EDR) services, click:
Progent's Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware Cleanup Consulting Services
For ransomware recovery expertise, phone Progent at 800-462-8800 or go to Contact Progent.