Overview of Progent's Ransomware Negotiation Consulting in Aurora
Progent has experience negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complex exercise that calls for a mix of field experience, IT skills and business savvy. It also calls for close co-operation with the cyber-extortion target's IT staff and the cyber insurance carrier, if any. Because the top goal of the ransomware target is fast recovery, it is critical to establish response groups that operate efficiently, in parallel, and in close communication. Progent offers the breadth of IT knowledge and the deep bench of experts to supplement your network staff and restore your network environment quickly and affordably.
Support provided by Progent's ransomware settlement negotiation experts include:
In parallel with the ransom negotiations, Progent's ransomware team can assist with:
- Establishing the type of ransomware used in the assault
- identifying and contacting the hacker persona
- Evaluating the likelihood of recovery
- Validating the threat actor's decryption capabilities
- Deciding on an acceptable settlement range with the ransomware victim and the cyber insurance carrier
- Negotiating a settlement amount and timeline with the hacker
- Verifying accordance with anti-money laundering laws
- Overseeing the crypto-currency disbursement to the hacker
- Receiving, learning, and operating the TA's decryptor mechanism
- If necessary, contacting the hacker for technical help with the decryption tool
After the decryption utility has been mastered, Progent can help you to restore computers and software services to their pre-arrack condition. Progent can also assist you to conduct a complete forensics analysis and generate a report to share with the cyber insurance carrier. This report helps you to understand security vulnerabilities that need to be eliminated and recommends steps that should be performed to combat subsequent ransomware assaults.
- Isolating infected endpoints and data stores to arrest the progress of the assault
- Creating digital copies of every compromised server and endpoint and data store to allow forensics without interfering with recovery
- Adding anti-virus protection to all virus-free endpoints
- Recovering data from air-gapped backups or unscathed endpoints
- Creating a pristine recovery environment
- Mapping and connecting datastores to reflect exactly their pre-encryption state
Beyond demanding money for a decryption utility, current strains of crypto-ransomware like Ryuk, Sodinokibi, Netwalker, and Nephilim often try to exfiltrate files. TAs are then able to demand an additional payment in exchange for not divulging this information or selling it. Sadly, there is no way to guarantee that stolen files have been totally erased by the threat actor. In fact, in many cases the hacker has little say over who can access the stolen files. Settling an exfiltration ransom does not eliminate the need for seeking the advice of privacy lawyers, conducting an investigation into which files were compromised, and performing the necessary notifications to affected entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has delivered remote and onsite network services throughout the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SBEs) includes professionals who have been awarded advanced certifications in foundation technologies including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's cybersecurity consultants have earned industry-recognized certifications such as CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also offers guidance in financial management and Enterprise Resource Planning applications. This scope of skills allows Progent to identify and consolidate the surviving parts of your information system following a ransomware intrusion and rebuild them quickly into a viable system. Progent has collaborated with leading cyber insurance providers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Settlement Expertise in Aurora
To get in touch with Progent about ransomware settlement negotiation guidance in Aurora, phone Progent at 800-462-8800 or go to Contact Progent.