Overview of Progent's Ransomware Settlement Negotiation Services in Anchorage
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an optimum settlement is a complex activity that requires a combination of real-word experience, technical knowledge and business acumen. It also demands working closely with the victim's IT staff and the cyber insurance carrier, if there is one. Since the top goal of the ransomware victim is operational continuity, it is critical to deploy recovery groups that work effectively, in parallel, and with intimate collaboration. Progent offers the breadth of technical skills and the deep bench of personnel to supplement your IT support team and restore your network environment quickly and economically.
Services provided by Progent's ransomware settlement negotiation team include:
In parallel with the settlement negotiations, Progent's ransomware staff can assist with:
- Determining the type of ransomware used in the assault
- making contact with the hacker
- Evaluating the likelihood of recovery
- Validating the threat actor's decryption tool
- Budgeting a settlement with the victim and the cyber insurance carrier
- Establishing a settlement and timeline with the TA
- Checking adherence to anti-money laundering sanctions
- Carrying out the crypto-currency payment to the hacker
- Receiving, reviewing, and operating the hacker's decryption tool
- If necessary, contacting the threat actor for technical help with the decryption tool
After the decryption tool has been mastered, Progent can help you to restore physical and virtual devices and services to their pre-arrack condition. Progent can also help you to conduct a full forensic review and generate a report to deliver to the cyber insurance provider. This document helps you to understand security gaps that must be fixed and recommends steps to be taken to combat subsequent ransomware assaults.
- Quarantining affected endpoints and data stores to arrest the spread of the attack
- Making replicas of each breached device and data store to allow forensics without interfering with recovery
- Installing A/V agents to all virus-free endpoints
- Recovering data from offline restores or unscathed machines
- Building a clean environment
- Mapping and reconnecting datastores to match precisely their pre-attack condition
Paying Exfiltration Ransoms
Beyond demanding payment for a decryption tool, current strains of ransomware like Ryuk, Maze, Netwalker, and Nephilim commonly try to steal (or "exfiltrate") information. Hackers are then able to require an extra ransom in exchange for not divulging this information or selling it. Unfortunately, there exists no method to be certain that exfiltrated data have been completely deleted by the threat actor. In fact, in numerous instances the TA has little say over where the information ends up. Settling an exfiltration ransom does not free you from the need for getting the guidance of privacy lawyers, performing an investigation into which data were stolen, and carrying out the required notifications to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided online and onsite IT services throughout the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's data security experts have earned prestigious certifications including CISA, CISSP, and GIAC. (Refer to Progent's certifications). Progent also has guidance in financial and ERP software. This broad array of expertise allows Progent to identify and integrate the undamaged parts of your IT environment after a ransomware attack and reconstruct them quickly into an operational system. Progent has worked with leading cyber insurance carriers like Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Services in Anchorage
To get in touch with Progent about ransomware settlement negotiation guidance in Anchorage, call Progent at 800-462-8800 or go to Contact Progent.