Progent's Ransomware Negotiation Consulting in Allentown
Progent is experienced in negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complicated activity that calls for a mix of field experience, technical skills and business savvy. It also demands close co-operation with the victim's IT team and the cyber insurance carrier, if there is one. Since the number one priority of the ransomware target is operational continuity, it is vital to deploy response teams that operate effectively, concurrently, and with intimate collaboration. Progent offers the breadth of technical skills and the deep bench of personnel to supplement your IT staff and recover your network rapidly and affordably.
Services provided by Progent's ransomware settlement negotiation experts include:
In parallel with the ransom negotiations, Progent's ransomware team can help with:
- Determining the kind of ransomware involved in the assault
- identifying and contacting the hacker
- Assessing the recovery risk
- Testing the threat actor's decryption tool
- Determining a settlement payment with the ransomware victim and the insurance carrier
- Negotiating a settlement amount and timeline with the TA
- Confirming accordance with anti-money laundering (AML) laws
- Managing the crypto-currency payment to the TA
- Acquiring, learning, and operating the TA's decryptor utility
- If needed, contacting the threat actor for assistance with the decryption tool
Once the decryption utility has been learned, Progent can help you to restore computers and services to their pre-arrack condition. Progent can also assist you to perform a forensics investigation and generate a report to share with the cyber insurance carrier. This document identifies security gaps that must be eliminated and recommends steps that should be performed to counter future ransomware attacks.
- Quarantining affected endpoints to prevent further spread of the attack
- Making digital copies of each breached server and endpoint and data store to allow forensics without interfering with cleanup
- Adding A/V protection to all clean endpoints
- Recovering data from air-gapped restores or unscathed machines
- Creating a pristine environment
- Remapping and reconnecting drives to reflect exactly their pre-encryption state
Settling Exfiltration Ransoms
Beyond extorting money for a decryption tool, modern strains of ransomware such as Ryuk, Sodinokibi, Netwalker, and Nephilim often attempt to exfiltrate information. TAs are then able to demand a separate ransom in exchange for not divulging this data on the dark web. Unfortunately, there is no method to prove that exfiltrated data have been totally erased by the TA. In fact, in numerous cases the threat actor has limited say over data custody. Settling an exfiltration ransom does not free you from the necessity of seeking the advice of legal counsel, performing an inventory of data were compromised, and performing the mandated notifications to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered remote and on-premises IT services throughout the United States for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes professionals who have been awarded advanced certifications in core technologies such as Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications such as CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial management and Enterprise Resource Planning application software. This scope of expertise gives Progent the ability to salvage and integrate the surviving pieces of your information system after a ransomware assault and rebuild them quickly into an operational network. Progent has worked with leading insurance providers like Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Ransomware Settlement Guidance in Allentown
To get in touch with Progent about ransomware settlement negotiation services in Allentown, call Progent at 800-462-8800 or go to Contact Progent.