Recovering from a ransomware attack requires different disciplines to be executed effectively and efficiently, and the most important factor is having an experienced, and well-coordinated team of experts who utilize proven tools and techniques.
Rapid Response & Recovery Services
With vast experience and continuously refined toolsets and processes, our response and recovery team is uniquely qualified to assist organizations in their ransomware recovery efforts. Our comprehensive process starts with communicating what to expect in the recovery process and providing guidance and support in each step to minimize the damage and downtime incurred.
We not only figure out the best method to recover your information, but we also find out how the breach was made and apply the proper techniques to ensure that it doesn’t happen again.
Our ransomware recovery services include:
- Our Ransomware R.E.S.C.U.E. Kit is a powerful device that helps to rapidly and efficiently recover and rebuild servers and workstations infected by ransomware.
- Support is provided to both insured and uninsured victims.
- Ejecting the threat actor and executing on a proven containment list.
- Complete system overhaul to ensure no remnants of ransomware or threat actor access are present.
- Facilitating the decryption of systems in isolated and networked environments.
- Remediating and blocking of vulnerabilities on endpoints.
- Gathering of forensic information.
- Implementation of critical security layers, like two-factor authentication and network segmentation.
- Assisting in the creation and implementation of a cybersecurity plan to defend against future attacks.
- 24×7 support, 365 days a year!
If you think you may have ransomware or even precursors or early indicators, do not panic, as this often causes mistakes. If you, or your IT professionals, make the wrong move early in the process, any chance of full recovery could be lost. Hesitation, on the other hand, can also be a HUGE mistake. Waiting a few hours or until the next morning has resulted in infections that could have been stopped or limited significantly.
If you are experiencing an attack, please take the following immediate actions:
- Disconnect the infected devices’ Network Interface Cards from the network.
- Disconnect network Internet connectivity (including wireless).
- Separate backups from the network and write protect where possible.
- If you have cloud backups, log in from a location other than your company systems and change the credentials.
- Disconnect switches to prevent continued or the beginning of lateral infections.
- We recommend you DO NOT shut down a device that is known to be in the process of encryption. You may corrupt the OS or other applications and make recovery using the keys impossible.
- DO NOT communicate on the network, company related email, IP phones, Teams, Slack, etc., as the threat actors are often listening to, and/or reading your communications. Additionally, you cannot take back anything said to employees, partners, etc., in writing or verbally.
- DO NOT communicate with the threat actor until you have the support you need. This can create issues and start a timer. Having the right negotiator can have a massive impact on the results, so don’t rush to settle.
- You should consult a lawyer known as breach council before messaging anyone not a decision-making executive or staff/service providers critical to your recovery. Ransomware is as much a legal issue as it is a technical emergency.
- Finally, we recommend you reach out to us from a phone not associated with your firm. We are available 24×7, 365 days a year, and can immediately begin to guide you through the proper response.
You can print out this list HERE.
For more resources on ransomware, visit our Ransomware Rescue page.
Do You Need Help Right Now?
We guarantee we will answer with a live person 24 hours a day.