Progent's Ransomware Negotiation Consulting in Alpharetta
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Reaching an optimum settlement is a complicated exercise that requires a mix of real-word experience, IT knowledge and business acumen. It also calls for close co-operation with the ransomware victim's IT team and the cyber insurance provider, if there is one. Because the number one priority of the ransomware victim is fast recovery, it is critical to deploy recovery teams that operate effectively, concurrently, and with intimate collaboration. Progent has the scope of IT knowledge and the depth of experts to complement your IT staff and restore your network environment rapidly and economically.
Support offered by Progent's ransomware settlement team include:
In parallel with the ransom negotiations, Progent's ransomware team can assist with:
- Determining the kind of ransomware involved in the attack
- making contact with the hacker
- Evaluating the likelihood of recovery
- Verifying the TA's decryption capabilities
- Budgeting a settlement payment with the victim and the insurance carrier
- Negotiating a settlement amount and schedule with the TA
- Verifying adherence to anti-money laundering (AML) laws
- Managing the crypto-currency transfer to the hacker
- Acquiring, reviewing, and operating the hacker's decryption utility
- If needed, contacting the threat actor for technical assistance with the decryption utility
After the decryption tool has been mastered, Progent can assist you to recover physical and virtual devices and services to their pre-arrack state. Progent can also assist you to conduct a full forensic review and create a document to deliver to the cyber insurance carrier. This report helps you to understand security vulnerabilities that need to be corrected and recommends steps to be performed to block subsequent ransomware assaults.
- Isolating infected endpoints and data stores to arrest the progress of the attack
- Creating digital copies of every compromised server and endpoint and data store to allow forensics in parallel with recovery
- Installing anti-virus protection to all clean endpoints
- Salvaging files from air-gapped restores or uncompromised endpoints
- Building a clean environment
- Remapping and reconnecting drives to reflect precisely their pre-encryption condition
Settling Exfiltration Ransoms
In addition to extorting money for a decryption tool, modern variants of ransomware like Ryuk, Maze, DopplePaymer, and Nephilim often attempt to steal (or "exfiltrate") information. Hackers are then able to require an additional payment in exchange for not posting this information or selling it. Sadly, there is no way to prove that stolen files have been totally deleted by the hacker. In fact, in many cases the threat actor has little say about the disposition of the data. Settling an exfiltration ransom does not free you from the necessity of getting the advice of privacy attorneys, performing an inventory of data were compromised, and sending the required alerts to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered online and on-premises IT services across the United States for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes consultants who have earned high-level certifications in core technologies including Cisco networking, VMware virtualization, and major Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial management and Enterprise Resource Planning application software. This scope of expertise allows Progent to salvage and integrate the surviving pieces of your information system after a ransomware attack and rebuild them rapidly into an operational system. Progent has collaborated with leading insurance carriers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services in Alpharetta
To contact with Progent about ransomware settlement expertise in Alpharetta, phone Progent at 800-462-8800 or go to Contact Progent.