Progent's Ransomware Negotiation Services in Baltimore
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Negotiating an acceptable settlement is a complicated exercise that requires a combination of real-word experience, technical knowledge and business acumen. It also requires close co-operation with the cyber-extortion target's IT team and the insurance carrier, if any. Since the top priority of the ransomware victim is fast recovery, it is critical to deploy recovery teams that operate efficiently, in parallel, and in close communication. Progent offers the scope of IT skills and the deep bench of experts to complement your IT support team and recover your network rapidly and economically.
Support offered by Progent's ransomware negotiation experts include:
Concurrent with the ransom negotiations, Progent's ransomware team can help with:
- Determining the kind of ransomware involved in the attack
- identifying and contacting the hacker
- Assessing the recovery risk
- Testing the TA's decryption capabilities
- Determining a settlement with the victim and the insurance carrier
- Negotiating a settlement amount and timeline with the hacker
- Checking compliance with anti-money laundering sanctions
- Managing the crypto-currency disbursement to the TA
- Acquiring, learning, and operating the TA's decryptor tool
- If necessary, contacting the hacker for assistance with the decryption tool
After the decryption utility has been learned, Progent can assist you to recover physical and virtual devices and software services to their pre-arrack state. Progent can also help you to perform a complete forensics analysis and generate a report to share with the cyber insurance carrier. This document helps you to understand cybersecurity vulnerabilities that need to be fixed and suggests steps that should be performed to block future ransomware attacks.
- Quarantining infected endpoints to prevent further spread of the assault
- Creating replicas of each breached device and data store in order to perform forensics in parallel with cleanup
- Installing A/V protection to all clean endpoints
- Recovering data from air-gapped restores or uncompromised machines
- Creating a clean recovery environment
- Remapping and connecting datastores to match exactly their pre-attack state
Paying Exfiltration Ransoms
In addition to extorting payment for a decryption utility, modern strains of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Egregor often attempt to exfiltrate files. TAs can then require an additional payment for not publishing this information or selling it. Sadly, there is no method to guarantee that exfiltrated files have been completely deleted by the TA. In fact, in numerous cases the TA has little say about where the information ends up. Paying an exfiltration ransom does not free you from the necessity of engaging the advice of privacy attorneys, conducting an investigation into which files were stolen, and performing the necessary alerts to affected entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered online and onsite network services across the United States for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded high-level certifications in core technologies such as Cisco networking, VMware, and major Linux distros. Progent's data security consultants have earned industry-recognized certifications such as CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and ERP software. This scope of skills gives Progent the ability to salvage and integrate the undamaged parts of your IT environment after a ransomware assault and reconstruct them quickly into a functioning system. Progent has worked with leading insurance providers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Settlement Guidance in Baltimore
To get in touch with Progent about ransomware settlement guidance in Baltimore, phone Progent at 800-462-8800 or go to Contact Progent.