Ransomware Prevention and Recovery Expertise

Ransomware Hot Line: 800-462-8800

24x7 Online Access to a Top-tier Ransomware Engineer
Ransomware needs time to steal its way across a target network. For this reason, ransomware attacks are typically unleashed on weekends and late at night, when support staff may take longer to become aware of a break-in and are less able to mount a rapid and forceful defense. The more lateral progress ransomware is able to manage within a victim's system, the longer it takes to recover core IT services and damaged files and the more data can be stolen and posted to the dark web.

Progent's Ransomware Hot Line is designed to assist organizations to carry out the time-critical first steps in mitigating a ransomware assault by containing the malware. Progent's remote ransomware engineers can help businesses to identify and isolate breached devices and protect undamaged resources from being compromised.

If your network has been breached by any strain of ransomware, don't panic. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800.

Progent's Ransomware Recovery Services
Current variants of ransomware like Ryuk, Sodinokibi, DopplePaymer, and Egregor encrypt online files and invade any accessible backups. Data synched to the cloud can also be corrupted. For a poorly defended network, this can make system restoration nearly impossible and effectively knocks the datacenter back to the beginning. So-called Threat Actors (TAs), the hackers responsible for ransomware attack, insist on a ransom fee for the decryption tools needed to unlock encrypted data. Ransomware attacks also try to steal (or "exfiltrate") files and TAs require an extra payment in exchange for not posting this information on the dark web. Even if you can restore your system to a tolerable point in time, exfiltration can be a big issue depending on the nature of the downloaded information.

The restoration work subsequent to ransomware attack has several crucial phases, most of which can be performed in parallel if the response workgroup has enough members with the necessary experience.

• Containment: This time-critical initial response requires arresting the sideways spread of the attack within your network. The more time a ransomware attack is permitted to go unchecked, the longer and more costly the recovery process. Recognizing this, Progent maintains a 24x7 Ransomware Hotline monitored by seasoned ransomware response experts. Quarantine activities include isolating infected endpoint devices from the rest of network to restrict the spread, documenting the IT system, and protecting entry points.
• Operational continuity: This involves restoring the IT system to a basic acceptable degree of functionality with the least downtime. This effort is typically the top priority for the victims of the ransomware attack, who often perceive it to be a life-or-death issue for their company. This project also demands the broadest range of technical abilities that cover domain controllers, DHCP servers, physical and virtual servers, PCs, laptops and smart phones, databases, productivity and line-of-business applications, network architecture, and secure remote access. Progent's ransomware recovery experts use state-of-the-art workgroup tools to coordinate the complex restoration effort. Progent appreciates the urgency of working quickly, continuously, and in concert with a customer's management and IT staff to prioritize tasks and to get essential resources on line again as quickly as possible.
• Data recovery: The effort necessary to restore files impacted by a ransomware attack depends on the condition of the network, the number of files that are affected, and what restore methods are needed. Ransomware attacks can destroy critical databases which, if not carefully closed, might have to be reconstructed from the beginning. This can include DNS and AD databases. Exchange and Microsoft SQL Server rely on Active Directory, and many manufacturing and other mission-critical platforms depend on Microsoft SQL Server. Some detective work could be needed to locate clean data. For instance, non-encrypted OST files (Outlook Email Offline Folder Files) may exist on employees' PCs and laptops that were off line during the ransomware attack.
• Deploying modern antivirus/ransomware protection: ProSight ASM utilizes SentinelOne's machine learning technology to give small and mid-sized companies the benefits of the same anti-virus tools used by many of the world's largest enterprises such as Netflix, Citi, and Salesforce. By providing in-line malware blocking, identification, containment, restoration and forensics in a single integrated platform, Progent's ProSight ASM reduces TCO, streamlines management, and expedites operational continuity. SentinelOne's next-generation endpoint protection engine built into in ProSight Active Security Monitoring was ranked by Gartner Group as the "most visionary Endpoint Protection Platform." Progent is a SentinelOne Partner, dealer, and integrator. Learn about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense with SentinelOne technology.
• Negotiating a settlement with the threat actor (TA): Progent has experience negotiating ransom settlements with threat actors. This requires working closely with the ransomware victim and the insurance carrier, if any. Activities consist of establishing the type of ransomware involved in the attack; identifying and establishing communications the hacker persona; verifying decryption tool; deciding on a settlement with the ransomware victim and the cyber insurance carrier; establishing a settlement and schedule with the TA; confirming compliance with anti-money laundering sanctions; carrying out the crypto-currency payment to the hacker; acquiring, reviewing, and using the decryptor tool; troubleshooting decryption problems; creating a pristine environment; mapping and connecting datastores to reflect precisely their pre-encryption state; and restoring physical and virtual devices and services.
• Forensics: This activity involves learning the ransomware attack's storyline throughout the targeted network from beginning to end. This audit trail of the way a ransomware assault travelled through the network helps you to assess the impact and brings to light shortcomings in security policies or work habits that need to be corrected to avoid future break-ins. Forensics entails the examination of all logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, schedulers, and core Windows systems to look for changes. Forensics is typically given a high priority by the cyber insurance provider. Because forensics can be time consuming, it is vital that other key activities like business continuity are executed in parallel. Progent has an extensive roster of information technology and data security experts with the skills needed to perform activities for containment, business resumption, and data recovery without disrupting forensic analysis.

Download Datasheet: Progent's Ransomware Endpoint Detection and Response Services
To read or download a PDF datasheet describing Progent's ransomware endpoint protection and response (EDR) services, click:
Progent's Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)

Contact Progent for Ransomware Cleanup Consulting Services
For ransomware recovery expertise, phone Progent at 800-462-8800 or go to Contact Progent.