Ransomware Hot Line: 800-462-8800
24x7 Remote Access to a Senior Ransomware Consultant
Ransomware requires time to steal its way across a target network. For this reason, ransomware attacks are typically launched on weekends and at night, when support staff are likely to be slower to recognize a penetration and are least able to mount a quick and forceful response. The more lateral progress ransomware is able to manage inside a target's network, the more time it takes to restore basic operations and damaged files and the more data can be stolen and posted to the dark web.
Progent's Ransomware Hot Line is intended to guide you to carry out the time-critical first phase in responding to a ransomware attack by putting out the fire. Progent's remote ransomware engineers can help you to locate and isolate breached servers and endpoints and protect undamaged resources from being compromised.
If your network has been breached by any version of ransomware, don't panic. Get immediate help by calling Progent's 24x7 Ransomware Hot Line at 800-462-8800.
Progent's Ransomware Response Services
Current strains of ransomware such as Ryuk, Sodinokibi, Netwalker, and Nephilim encrypt online files and attack any accessible system restores and backups. Files synchronized to the cloud can also be corrupted. For a poorly defended network, this can make automated restoration almost impossible and effectively sets the IT system back to the beginning. Threat Actors, the hackers behind a ransomware assault, demand a ransom payment for the decryption tools required to unlock encrypted data. Ransomware attacks also try to exfiltrate information and hackers demand an extra ransom in exchange for not publishing this data or selling it. Even if you can restore your system to a tolerable date in time, exfiltration can pose a major problem according to the nature of the downloaded data.
The recovery work after a ransomware penetration has a number of crucial phases, most of which can be performed in parallel if the response team has a sufficient number of members with the required experience.
- Containment: This time-critical first response requires arresting the lateral progress of ransomware within your IT system. The longer a ransomware assault is allowed to go unrestricted, the longer and more costly the restoration process. Recognizing this, Progent keeps a round-the-clock Ransomware Hotline staffed by veteran ransomware response engineers. Containment activities consist of isolating affected endpoint devices from the rest of network to block the spread, documenting the IT system, and securing entry points.
- System continuity: This involves bringing back the IT system to a minimal useful degree of functionality with the least delay. This process is typically the top priority for the targets of the ransomware attack, who often see it as a life-or-death issue for their business. This activity also requires the broadest range of technical abilities that span domain controllers, DHCP servers, physical and virtual machines, PCs, notebooks and smart phones, databases, productivity and mission-critical applications, network architecture, and safe remote access. Progent's recovery team uses state-of-the-art workgroup platforms to organize the complex recovery effort. Progent appreciates the urgency of working quickly, tirelessly, and in concert with a client's managers and network support staff to prioritize tasks and to get essential services back online as fast as feasible.
- Data recovery: The work necessary to recover files impacted by a ransomware assault varies according to the state of the network, the number of files that are affected, and which restore techniques are needed. Ransomware assaults can destroy key databases which, if not properly closed, might need to be rebuilt from the beginning. This can apply to DNS and Active Directory databases. Exchange and SQL Server rely on AD, and many financial and other business-critical platforms are powered by SQL Server. Some detective work could be needed to locate clean data. For example, non-encrypted Outlook Email Offline Folder Files may exist on staff desktop computers and laptops that were off line during the attack. Progent's ProSight Data Protection Services utilize Altaro VM Backup tools to defend against ransomware attacks by leveraging Immutable Cloud Storage. This creates tamper-proof data that cannot be erased or modified by any user including administrators.
- Setting up modern antivirus/ransomware protection: Progent's ProSight Active Security Monitoring incorporates SentinelOne's behavioral analysis technology to give small and medium-sized companies the advantages of the identical anti-virus tools used by many of the world's largest enterprises including Netflix, Citi, and NASDAQ. By delivering in-line malware blocking, classification, mitigation, recovery and analysis in one integrated platform, Progent's ASM reduces TCO, streamlines administration, and promotes rapid resumption of operations. SentinelOne's next-generation endpoint protection (NGEP) incorporated in Progent's ASM was listed by Gartner Group as the industry's "most visionary Endpoint Protection Platform (EPP)." Progent is a SentinelOne Partner, reseller, and integrator. Find out about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware recovery with SentinelOne technology.
- Negotiating a settlement with the threat actor (TA): Progent has experience negotiating settlements with hackers. This requires working closely with the victim and the insurance carrier, if there is one. Activities include determining the kind of ransomware involved in the attack; identifying and establishing communications the hacker persona; testing decryption tool; budgeting a settlement with the victim and the cyber insurance provider; establishing a settlement and timeline with the TA; confirming compliance with anti-money laundering regulations; overseeing the crypto-currency payment to the TA; acquiring, reviewing, and using the decryption tool; debugging failed files; creating a pristine environment; mapping and connecting drives to match precisely their pre-encryption state; and recovering machines and services.
- Forensic analysis: This process is aimed at discovering the ransomware attack's storyline across the targeted network from beginning to end. This history of the way a ransomware attack travelled through the network assists you to evaluate the damage and brings to light vulnerabilities in security policies or work habits that should be corrected to avoid future breaches. Forensics entails the examination of all logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, schedulers, and core Windows systems to check for changes. Forensics is commonly given a high priority by the insurance carrier. Since forensic analysis can take time, it is vital that other important recovery processes such as operational continuity are performed in parallel. Progent has an extensive team of information technology and cybersecurity professionals with the knowledge and experience needed to carry out activities for containment, operational resumption, and data recovery without interfering with forensic analysis.
Progent has provided remote and on-premises network services across the U.S. for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have been awarded high-level certifications in foundation technologies such as Cisco networking, VMware, and major Linux distros. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning application software. This scope of skills allows Progent to identify and consolidate the undamaged parts of your network following a ransomware assault and reconstruct them quickly into a viable system. Progent has collaborated with leading cyber insurance providers including Chubb to help organizations recover from ransomware assaults.
Download Datasheet: Progent's Ransomware Endpoint Detection and Response (EDR) Services
To read or download a datasheet about Progent's ransomware endpoint protection and response services, click:
Progent's Progent's Ransomware Endpoint Detection and Response (EDR) Services Datasheet. (PDF - 748 KB)
Contact Progent for Ransomware Cleanup Expertise
For ransomware cleanup consulting services, phone Progent at 800-462-8800 or visit Contact Progent.