Ransomware Remediation

Our Ransomware Remediation Fireteam is ready to virtually jump into action anytime, anywhere. We have a multitude of custom applications and scripts that allows us to remediate much quicker than industry standard (average downtime is 21 days). During recovery we are also deploying proven security settings and configurations to make sure a threat actor is ejected from your network while recovering systems at the same time. We also have at our disposal our datacenter-in-a-box that we can use to host, backup, recover, and rebuild entire systems quickly and efficiently. Our Incident Response Coordinator will be the primary point of contact who will manage/architect the entire engagement from start to finish.

Click here to contact us for additional information, or call 813-463-4775 for immediate 24/7 response.

Ransomware Remediation

Here are some recommended steps if you find yourself in a Ransomware event.

Recommended Steps in a Ransomware Event
  1. Preserve forensic data (do not delete or erase without a backup or copy).
  2. Contact the FBI/CISA to report the cyber crime.
    1. https://us-cert.cisa.gov/forms/report
    2. https://ransomware.ic3.gov/default
  3. Disconnect backup software and determine if backups were encrypted.
    1. Determine best recovery date of files.
    2. DO NOT shut down a device that is known to be in the process of encryption. You may corrupt the Operating System making recovery impossible.
  4. Determine risk :
    1. Was client or staff personal/private information ex-filtrated by the threat actor?
      1. If yes, we highly recommend using a 3rd party negotiator provide negotiation services and to determine proof of life of ex-filtrated data. We can recommend a trusted partner to facilitate your negotiations.
      2. Do not contact the threat actor directly. 3rd party negotiators are skilled professionals who can lower the requested ransom significantly and/or buy time needed to assess the situation.
    2. If any data is deemed unrecoverable but necessary, negotiations with the threat actor for decryption keys will be required.
  5. Identify the ransom variant.
      1. Identifying the variant will help identify the threat actor. It will also help determine if the threat actor has a good history of supplying keys and how communicative/responsive they are to negotiate with.
      2. A ransom note will usually contain clues as to who the threat actor is.
      3. ConnectOn can assist with identifying the variant.
  6. Change all passwords, personal and companywide.
    1. Change the passwords to your corporate and personal banking institutions.
    2. Change the passwords to utilities and any other website that hold sensitive information.
    3. Change the passwords to Social Media, PayPal, Amazon etc. (any site that holds personal or credit information).
  7. Segment your network and create filters between networks if applicable.
  8. Enable MFA (multi factor) on systems and web services where available.
  9. Determine admin access privileges.
    1. Verify administrative access is only available to admins.
    2. Regular users should not be administrators.
  10. Deploy an EDR\XDR tool to monitor and detect anomalous activity.
  11. Engage in Council (we can recommend a breach council specialist) if any threat actor communications are involved and/or if engaging a forensics investigation (we can also recommend a forensics firm).
  12. Determine Patching requirements and patch all endpoints (including firewall/network devices).
  13. Lock down VPN access and traffic if applicable.
    1. Reset VPN passwords, disable VPN access.

Over 120

SUCCESSFUL

Ransomware Remediations

Whether you have 3 Endpoints, 30 Endpoints, or 30,000 Endpoints…
Regardless of if it will take 3 hours, 30 hours, or 300 hours…
Even if you operate only in 1 Country, 3 Countries, or 30 Countries…

You can have the confidence that ConnectOn’s dedicated team won’t stop until the job is completed!

Having dealt with malicious actors requesting an initial ransom ranging from $25,000 to $300,000,000, ConnectOn’s finely tuned proven process can stop these thieves from gaining the financial spoils of their attack.

Once you have fallen victim to Ransomware, your organization is under attack and without the proper tools and services in place upon remediation, the likely-hood of you falling victim again is astronomical!

Our successful remediations are derived from our containment process and methodologies as well as our post-remediation services.

The Rise of Ransomware

2020:
1 Million
ransomware attacks
2021:
1 Million
ransomware attacks

In the first half of 2020, ransomware attacks grew by 715% as cybercriminals began exploiting the COVID-19 pandemic.

About half of businesses worldwide are hit by ransomware each year.

Ransomware attacks are 2.5X more damaging than other cybersecurity incidents.

Expert Ransomware Remediation Services

In today’s interconnected digital landscape, the threat of ransomware looms large, posing a significant risk to businesses of all sizes. As cybercriminals continue to evolve their tactics, it’s crucial for organizations to be equipped with robust ransomware remediation strategies. ConnectOn’s Ransomware Remediation Fireteam stands at the forefront of the battle against ransomware, offering a comprehensive suite of services to protect and recover your vital business data.