Overview of Progent's Ransomware Settlement Negotiation Consulting in Bellevue
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Reaching an optimum settlement is a complex exercise that requires a combination of real-word experience, technical skills and business savvy. It also requires working closely with the victim's IT team and the cyber insurance provider, if any. Because the top priority of the ransomware target is operational continuity, it is critical to establish recovery groups that operate efficiently, in parallel, and with intimate collaboration. Progent offers the breadth of technical knowledge and the deep bench of personnel to complement your network staff and restore your network rapidly and affordably.
Support available from Progent's ransomware negotiation team include:
Concurrent with the ransom negotiations, Progent's ransomware team can help with:
- Establishing the kind of ransomware involved in the assault
- making contact with the hacker
- Assessing the likelihood of recovery
- Validating the hacker's decryption capabilities
- Agreeing on a settlement range with the victim and the cyber insurance provider
- Establishing a settlement amount and timeline with the TA
- Checking adherence to anti-money laundering (AML) sanctions
- Carrying out the crypto-currency payment to the TA
- Acquiring, reviewing, and using the threat actor's decryptor tool
- If necessary, contacting the threat actor for technical assistance with the decryptor tool
After the decryption utility has been learned, Progent can help you to recover physical and virtual devices and software services to their pre-arrack condition. Progent can also assist you to perform comprehensive forensics and generate a report to deliver to the cyber insurance provider. This report helps you to understand security vulnerabilities that need to be corrected and suggests actions that should be performed to block future ransomware attacks.
- Isolating infected endpoints to arrest the progress of the attack
- Creating replicas of every compromised server and endpoint and data store in order to perform forensics in parallel with recovery
- Adding anti-virus protection to all virus-free endpoints
- Recovering files from air-gapped restores or uncompromised endpoints
- Creating a clean recovery environment
- Remapping and reconnecting datastores to reflect exactly their pre-encryption condition
In addition to demanding money for a decryption utility, current strains of ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Nephilim often try to steal (or "exfiltrate") files. TAs can then demand an additional settlement for not posting this information on the dark web. Unfortunately, there is no way to guarantee that stolen files have been totally deleted by the hacker. Actually, in many cases the hacker has limited control about data custody. Settling an exfiltration ransom does not free you from the need for getting the guidance of privacy attorneys, performing an inventory of data were compromised, and performing the mandated alerts to affected entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided remote and onsite network services across the United States for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have been awarded advanced certifications in core technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned industry-recognized certifications such as CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial and Enterprise Resource Planning application software. This scope of expertise gives Progent the ability to salvage and integrate the undamaged parts of your information system following a ransomware attack and reconstruct them quickly into a functioning network. Progent has collaborated with top insurance providers like Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Expertise in Bellevue
To get in touch with Progent about ransomware settlement services in Bellevue, phone Progent at 800-462-8800 or go to Contact Progent.