Progent's Ransomware Settlement Negotiation Consulting in Anaheim
Progent is experienced in negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complex activity that calls for a mix of field experience, IT knowledge and business acumen. It also demands working closely with the cyber-extortion target's IT team and the insurance provider, if any. Since the top priority of the ransomware victim is operational continuity, it is vital to establish response teams that operate effectively, concurrently, and with intimate collaboration. Progent offers the scope of technical skills and the depth of personnel to supplement your IT staff and recover your network environment rapidly and affordably.
Services available from Progent's ransomware negotiation team include:
Concurrent with the ransom negotiations, Progent's ransomware staff can assist with:
- Establishing the type of ransomware involved in the assault
- identifying and contacting the hacker persona
- Evaluating the recovery risk
- Testing the TA's decryption tool
- Agreeing on a settlement payment with the ransomware victim and the insurance provider
- Establishing a settlement and schedule with the threat actor
- Verifying compliance with anti-money laundering (AML) regulations
- Carrying out the crypto-currency payment to the TA
- Acquiring, reviewing, and using the TA's decryptor tool
- If needed, contacting the hacker for technical help with the decryptor utility
After the decryption tool has been mastered, Progent can help you to restore machines and services to their pre-arrack state. Progent can also assist you to conduct a complete forensics analysis and create a report to share with the insurance provider. This document helps you to understand security vulnerabilities that need to be eliminated and recommends steps that can be performed to block future ransomware assaults.
- Isolating affected endpoints to prevent further progress of the assault
- Making replicas of every compromised device and data store to allow forensics in parallel with cleanup
- Adding anti-virus agents to all virus-free endpoints
- Restoring data from offline restores or unscathed endpoints
- Creating a pristine environment
- Mapping and reconnecting drives to reflect exactly their pre-encryption state
Settling Exfiltration Ransoms
Beyond extorting payment for a decryption utility, modern variants of crypto-ransomware like Ryuk, Maze, DopplePaymer, and Nephilim often try to steal (or "exfiltrate") files. Hackers are then able to require a separate ransom in exchange for not posting this data or selling it. Sadly, there exists no method to guarantee that exfiltrated files have been totally deleted by the TA. In fact, in numerous cases the threat actor has limited control about who can access the stolen files. Paying an exfiltration ransom does not eliminate the necessity of getting the advice of privacy attorneys, conducting an audit on which files were compromised, and performing the required alerts to affected entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered remote and on-premises IT services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have earned high-level certifications in core technology platforms including Cisco infrastructure, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications such as CISM, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP applications. This scope of skills gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware intrusion and reconstruct them rapidly into a viable network. Progent has worked with top insurance providers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Settlement Guidance in Anaheim
To get in touch with Progent about ransomware settlement guidance in Anaheim, call Progent at 800-462-8800 or go to Contact Progent.