Ransomware Hot Line: 800-462-8800
24x7 Remote Access to a Top-tier Ransomware Consultant
Ransomware needs time to work its way through a network. For this reason, ransomware assaults are typically launched on weekends and at night, when IT staff may take longer to recognize a penetration and are least able to organize a quick and coordinated response. The more lateral progress ransomware is able to make inside a victim's system, the longer it takes to recover basic IT services and damaged files and the more data can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is intended to assist organizations to complete the time-critical first phase in responding to a ransomware attack by containing the malware. Progent's online ransomware experts can help businesses to locate and isolate infected servers and endpoints and guard undamaged resources from being compromised.
If your network has been breached by any version of ransomware, don't panic. Get help quickly by calling Progent's 24x7 Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Recovery Services
Modern variants of crypto-ransomware such as Ryuk, Maze, Netwalker, and Egregor encrypt online data and invade any available backups. Data synched to the cloud can also be corrupted. For a vulnerable environment, this can make automated recovery almost impossible and effectively throws the datacenter back to square one. So-called Threat Actors (TAs), the hackers behind a ransomware attack, demand a ransom payment in exchange for the decryptors required to unlock encrypted files. Ransomware attacks also attempt to exfiltrate files and hackers require an extra ransom for not publishing this data or selling it. Even if you are able to rollback your network to an acceptable point in time, exfiltration can be a big problem depending on the sensitivity of the downloaded data.
The recovery process after a ransomware penetration involves several distinct stages, most of which can be performed concurrently if the recovery workgroup has a sufficient number of members with the necessary experience.
- Quarantine: This urgent initial step requires arresting the sideways progress of the attack across your network. The more time a ransomware attack is permitted to go unrestricted, the more complex and more costly the recovery process. Because of this, Progent keeps a 24x7 Ransomware Hotline monitored by veteran ransomware recovery engineers. Containment activities consist of cutting off infected endpoints from the rest of network to restrict the spread, documenting the IT system, and securing entry points.
- System continuity: This covers bringing back the network to a basic useful level of functionality with the shortest possible delay. This effort is typically the highest priority for the targets of the ransomware assault, who often see it as a life-or-death issue for their business. This activity also requires the broadest array of technical abilities that cover domain controllers, DHCP servers, physical and virtual servers, PCs, notebooks and mobile phones, databases, productivity and line-of-business applications, network architecture, and protected remote access. Progent's recovery team uses advanced collaboration tools to organize the complicated recovery process. Progent appreciates the urgency of working rapidly, continuously, and in unison with a client's managers and IT staff to prioritize tasks and to put vital services on line again as fast as possible.
- Data recovery: The work necessary to recover data impacted by a ransomware assault varies according to the state of the network, the number of files that are affected, and which restore techniques are required. Ransomware attacks can destroy pivotal databases which, if not gracefully shut down, might need to be rebuilt from scratch. This can apply to DNS and AD databases. Microsoft Exchange and Microsoft SQL Server rely on Active Directory, and many ERP and other mission-critical applications are powered by SQL Server. Often some detective work could be required to find clean data. For example, non-encrypted OST files may exist on staff PCs and laptops that were off line during the ransomware attack. Progent's ProSight Data Protection Services utilize Altaro VM Backup tools to defend against ransomware via Immutable Cloud Storage. This creates tamper-proof backup data that cannot be erased or modified by any user including administrators or root users.
- Deploying advanced antivirus/ransomware protection: Progent's Active Security Monitoring utilizes SentinelOne's machine learning technology to give small and medium-sized companies the benefits of the identical AV technology used by some of the world's largest enterprises including Walmart, Visa, and NASDAQ. By delivering real-time malware blocking, detection, containment, recovery and forensics in one integrated platform, ProSight ASM reduces TCO, streamlines management, and expedites recovery. SentinelOne's next-generation endpoint protection (NGEP) incorporated in ProSight Active Security Monitoring was listed by Gartner Group as the "most visionary Endpoint Protection Platform (EPP)." Progent is a SentinelOne Partner, dealer, and integrator. Learn about Progent's ProSight Active Security Monitoring endpoint protection and ransomware defense with SentinelOne technology.
- Negotiation with the hacker Progent has experience negotiating settlements with hackers. This requires close co-operation with the victim and the cyber insurance provider, if any. Services include establishing the type of ransomware involved in the attack; identifying and establishing communications the hacker persona; testing decryption capabilities; deciding on a settlement with the victim and the insurance provider; establishing a settlement amount and timeline with the hacker; confirming adherence to anti-money laundering regulations; overseeing the crypto-currency transfer to the hacker; receiving, reviewing, and using the decryptor utility; debugging failed files; creating a pristine environment; remapping and connecting datastores to reflect exactly their pre-encryption state; and recovering physical and virtual devices and services.
- Forensic analysis: This process is aimed at uncovering the ransomware attack's progress across the network from start to finish. This history of how a ransomware assault progressed through the network helps you to evaluate the impact and brings to light weaknesses in rules or work habits that need to be rectified to prevent later break-ins. Forensics involves the examination of all logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to check for anomalies. Forensics is typically assigned a top priority by the insurance provider. Because forensic analysis can take time, it is essential that other key recovery processes like business resumption are executed in parallel. Progent maintains an extensive team of information technology and data security experts with the knowledge and experience required to carry out the work of containment, business continuity, and data restoration without interfering with forensic analysis.
Progent's Qualifications
Progent has provided online and on-premises IT services throughout the U.S. for more than two decades and has been awarded Microsoft's Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes consultants who have been awarded high-level certifications in core technologies including Cisco networking, VMware virtualization, and major distributions of Linux. Progent's data security experts have earned industry-recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning application software. This breadth of expertise gives Progent the ability to identify and consolidate the undamaged parts of your information system following a ransomware assault and rebuild them quickly into a viable system. Progent has collaborated with top cyber insurance providers including Chubb to assist organizations clean up after ransomware attacks.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response (EDR) Services
To see a datasheet describing Progent's ransomware endpoint detection and response services, click:
Progent's Progent's Ransomware Endpoint Detection and Response Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware System Restoration Services
For ransomware system recovery services, call Progent at 800-462-8800 or see Contact Progent.