Progent's Ransomware Settlement Negotiation Services in Alpharetta
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an optimum settlement is a complex activity that calls for a combination of real-word experience, technical skills and business acumen. It also demands close co-operation with the cyber-extortion target's IT staff and the cyber insurance provider, if there is one. Since the top priority of the ransomware target is operational continuity, it is critical to deploy recovery teams that work effectively, concurrently, and in close communication. Progent has the scope of IT knowledge and the deep bench of personnel to complement your IT staff and restore your network environment rapidly and economically.
Services available from Progent's ransomware settlement negotiation team include:
Concurrent with the ransom negotiations, Progent's ransomware team can assist with:
- Establishing the kind of ransomware used in the attack
- Identifying and communicating with the hacker persona
- Evaluating the likelihood of recovery
- Verifying the TA's decryption capabilities
- Agreeing on a settlement amount with the victim and the insurance carrier
- Negotiating a settlement and timeline with the threat actor
- Verifying compliance with anti-money laundering (AML) regulations
- Overseeing the crypto-currency transfer to the hacker
- Acquiring, learning, and operating the TA's decryptor tool
- If necessary, contacting the threat actor for assistance with the decryptor tool
Once the decryption tool has been mastered, Progent can assist you to recover machines and services to their original state. Progent can also assist you to conduct comprehensive forensics and generate a report to deliver to the cyber insurance provider. This report helps you to understand cybersecurity vulnerabilities that need to be corrected and suggests steps that should be taken to block future ransomware assaults.
- Quarantining affected endpoints to arrest the spread of the assault
- Making replicas of every compromised server and endpoint and data store in order to perform forensics in parallel with cleanup
- Installing A/V agents to all virus-free endpoints
- Restoring files from offline restores or unscathed endpoints
- Building a clean recovery environment
- Mapping and connecting drives to match exactly their pre-encryption condition
Paying Exfiltration Ransoms
Beyond demanding money for a decryption utility, current variants of ransomware like Ryuk, Maze, DopplePaymer, and Nephilim commonly attempt to steal (or "exfiltrate") information. TAs can then demand an extra payment in exchange for not posting this information or selling it. Sadly, there exists no way to prove that exfiltrated data have been totally erased by the hacker. In fact, in many cases the TA has limited control about who can access the stolen files. Paying an exfiltration ransom does not free you from the necessity of seeking the guidance of legal counsel, performing an audit on which data were compromised, and sending the required notifications to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has delivered remote and on-premises IT services throughout the U.S. for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes consultants who have earned high-level certifications in core technologies such as Cisco infrastructure, VMware, and popular Linux distros. Progent's cybersecurity experts have earned prestigious certifications such as CISA, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and ERP software. This breadth of expertise allows Progent to salvage and consolidate the surviving pieces of your information system after a ransomware intrusion and rebuild them rapidly into a viable system. Progent has worked with top insurance providers including Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Settlement Services in Alpharetta
To get in touch with Progent about ransomware settlement guidance in Alpharetta, phone Progent at 800-462-8800 or go to Contact Progent.