Progent's Ransomware Settlement Negotiation Consulting in Alexandria
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complex exercise that requires a combination of real-word experience, technical skills and business savvy. It also calls for close co-operation with the victim's IT staff and the insurance carrier, if there is one. Since the top goal of the ransomware victim is operational continuity, it is vital to establish response groups that work efficiently, in parallel, and in close communication. Progent offers the scope of IT knowledge and the depth of experts to complement your IT support team and restore your network rapidly and economically.
Services provided by Progent's ransomware negotiation team include:
In parallel with the ransom negotiations, Progent's ransomware staff can assist with:
- Determining the type of ransomware involved in the attack
- making contact with the hacker persona
- Evaluating the recovery risk
- Testing the TA's decryption capabilities
- Agreeing on a settlement with the ransomware victim and the cyber insurance provider
- Negotiating a settlement and timeline with the hacker
- Verifying adherence to anti-money laundering (AML) regulations
- Managing the crypto-currency transfer to the hacker
- Acquiring, learning, and operating the threat actor's decryption tool
- If necessary, contacting the TA for technical assistance with the decryptor utility
After the decryption tool has been mastered, Progent can help you to recover machines and services to their original condition. Progent can also help you to conduct a full forensic review and create a report to share with the cyber insurance provider. This report identifies cybersecurity gaps that must be fixed and suggests steps that can be performed to counter subsequent ransomware assaults.
- Isolating infected endpoints and data stores to prevent further spread of the attack
- Making replicas of each infected server and endpoint and data store in order to perform forensics without interfering with recovery
- Installing A/V agents to all clean endpoints
- Salvaging files from offline restores or uncompromised endpoints
- Creating a clean environment
- Remapping and connecting drives to match precisely their pre-attack condition
Paying Exfiltration Ransoms
Beyond demanding payment for a decryption tool, modern variants of ransomware such as Ryuk, Maze, Netwalker, and Egregor often attempt to steal (or "exfiltrate") files. Hackers are then able to require an extra payment for not divulging this data on the dark web. Sadly, there exists no way to be certain that exfiltrated files have been completely deleted by the threat actor. In fact, in numerous cases the threat actor has limited say about who can access the stolen files. Paying an exfiltration ransom does not free you from the necessity of getting the advice of privacy lawyers, performing an investigation into which data were stolen, and sending the necessary alerts to impacted entities. Generally, paying an exfiltration ransom is a waste.
Progent has provided online and onsite IT services throughout the U.S. for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of SBEs includes professionals who have been awarded advanced certifications in core technologies including Cisco networking, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications including CISA, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP applications. This scope of skills allows Progent to identify and integrate the surviving pieces of your IT environment following a ransomware attack and reconstruct them rapidly into a viable system. Progent has collaborated with top insurance providers including Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Expertise in Alexandria
To contact with Progent about crypto-ransomware settlement expertise in Alexandria, phone Progent at 800-993-9400 or go to Contact Progent.