Progent's Ransomware Negotiation Consulting in Birmingham
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an acceptable settlement is a complex exercise that requires a combination of real-word experience, technical skills and business savvy. It also demands working closely with the victim's IT team and the insurance carrier, if any. Because the number one goal of the ransomware victim is fast recovery, it is vital to establish recovery teams that work efficiently, concurrently, and in close communication. Progent has the breadth of technical knowledge and the deep bench of experts to supplement your IT support team and restore your network environment quickly and economically.
Support offered by Progent's ransomware settlement negotiation experts include:
In parallel with the ransom negotiations, Progent's ransomware staff can help with:
- Determining the kind of ransomware used in the assault
- identifying and contacting the hacker persona
- Assessing the likelihood of recovery
- Testing the hacker's decryption tool
- Deciding on an acceptable settlement range with the ransomware victim and the cyber insurance provider
- Establishing a settlement and schedule with the hacker
- Confirming compliance with anti-money laundering (AML) sanctions
- Overseeing the crypto-currency payment to the hacker
- Acquiring, learning, and using the threat actor's decryptor tool
- If needed, contacting the hacker for technical assistance with the decryption tool
Once the decryption utility has been learned, Progent can help you to restore computers and services to their original condition. Progent can also help you to perform a complete forensics analysis and create a document to deliver to the insurance carrier. This document identifies security gaps that need to be eliminated and recommends actions that can be performed to block future ransomware assaults.
- Isolating infected endpoints to prevent further spread of the assault
- Making digital copies of each compromised device and data store to allow forensics in parallel with recovery
- Adding A/V protection to all clean endpoints
- Restoring files from offline restores or unscathed machines
- Building a pristine recovery environment
- Mapping and connecting drives to reflect precisely their pre-attack state
Paying Exfiltration Ransoms
Beyond demanding money for a decryption tool, modern variants of crypto-ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Nephilim commonly try to exfiltrate information. TAs can then demand a separate settlement for not publishing this information or selling it. Sadly, there is no method to be certain that stolen files have been completely erased by the threat actor. Actually, in numerous instances the threat actor has little control over where the information ends up. Paying an exfiltration ransom does not free you from the necessity of seeking the guidance of privacy lawyers, performing an investigation into which data were taken, and sending the mandated notifications to impacted entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has delivered remote and onsite IT services throughout the U.S. for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes consultants who have been awarded high-level certifications in core technology platforms including Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial and ERP application software. This breadth of skills allows Progent to salvage and integrate the undamaged parts of your information system after a ransomware intrusion and reconstruct them quickly into an operational system. Progent has worked with top cyber insurance carriers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Negotiation Expertise in Birmingham
To get in touch with Progent about ransomware settlement guidance in Birmingham, call Progent at 800-462-8800 or go to Contact Progent.