Overview of Progent's Ransomware Settlement Negotiation Consulting in Barra da Tijuca
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complicated activity that calls for a combination of field experience, IT knowledge and business acumen. It also demands working closely with the victim's IT staff and the cyber insurance provider, if any. Since the number one goal of the ransomware target is fast recovery, it is vital to deploy response groups that work effectively, concurrently, and with intimate collaboration. Progent has the breadth of technical skills and the deep bench of personnel to supplement your network support team and recover your network quickly and economically.
Support available from Progent's ransomware negotiation experts include:
Concurrent with the ransom negotiations, Progent's ransomware staff can assist with:
- Determining the kind of ransomware used in the assault
- identifying and contacting the hacker
- Evaluating the likelihood of recovery
- Validating the threat actor's decryption tool
- Deciding on an acceptable settlement amount with the victim and the cyber insurance carrier
- Negotiating a settlement and timeline with the threat actor
- Confirming adherence to anti-money laundering sanctions
- Carrying out the crypto-currency transfer to the hacker
- Acquiring, learning, and using the threat actor's decryptor utility
- If needed, contacting the hacker for technical assistance with the decryption tool
After the decryption utility has been learned, Progent can assist you to recover physical and virtual devices and software services to their original state. Progent can also help you to conduct a forensics investigation and generate a report to share with the cyber insurance carrier. This document identifies security gaps that need to be eliminated and suggests steps that should be taken to combat future ransomware attacks.
- Isolating infected endpoints and data stores to prevent further progress of the assault
- Creating replicas of each compromised server and endpoint and data store in order to perform forensics in parallel with cleanup
- Adding anti-virus agents to all clean endpoints
- Recovering data from air-gapped restores or uncompromised machines
- Building a pristine environment
- Remapping and connecting drives to match precisely their pre-encryption condition
Beyond demanding payment for a decryption utility, modern strains of crypto-ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Nephilim commonly try to exfiltrate information. Hackers can then demand an additional ransom in exchange for not divulging this data or selling it. Unfortunately, there is no method to prove that exfiltrated files have been completely erased by the threat actor. In fact, in many cases the TA has limited say over who can access the stolen files. Settling an exfiltration ransom does not eliminate the need for getting the guidance of privacy lawyers, conducting an audit on which data were compromised, and carrying out the necessary alerts to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered remote and on-premises network services across the U.S. for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes professionals who have earned high-level certifications in core technology platforms including Cisco networking, VMware, and major distributions of Linux. Progent's data security consultants have earned prestigious certifications such as CISA, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning application software. This broad array of skills gives Progent the ability to identify and integrate the surviving parts of your network following a ransomware attack and rebuild them rapidly into a viable system. Progent has worked with leading cyber insurance providers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Guidance in Barra da Tijuca
To contact with Progent about ransomware settlement negotiation services in Barra da Tijuca, phone Progent at 800-462-8800 or go to Contact Progent.