Progent's Ransomware Negotiation Consulting in Birmingham
Progent is experienced in negotiating ransomware settlements with threat actors. Reaching an optimum settlement is a complicated activity that requires a mix of field experience, technical knowledge and business savvy. It also requires close co-operation with the cyber-extortion target's IT staff and the cyber insurance carrier, if any. Because the number one goal of the ransomware target is fast recovery, it is critical to establish recovery groups that operate effectively, concurrently, and with intimate collaboration. Progent has the scope of IT skills and the deep bench of personnel to complement your network staff and recover your network quickly and economically.
Support offered by Progent's ransomware settlement team include:
Concurrent with the settlement negotiations, Progent's ransomware team can assist with:
- Establishing the type of ransomware involved in the attack
- making contact with the hacker persona
- Evaluating the recovery risk
- Verifying the hacker's decryption capabilities
- Deciding on an acceptable settlement payment with the victim and the insurance provider
- Negotiating a settlement and timeline with the threat actor
- Confirming accordance with anti-money laundering (AML) sanctions
- Managing the crypto-currency payment to the TA
- Receiving, learning, and operating the TA's decryptor mechanism
- If necessary, contacting the TA for technical help with the decryption utility
Once the decryption utility has been mastered, Progent can help you to recover physical and virtual devices and software services to their original state. Progent can also assist you to perform a full forensic review and create a document to share with the cyber insurance provider. This document helps you to understand security gaps that need to be corrected and recommends actions that can be taken to counter subsequent ransomware assaults.
- Isolating infected endpoints to arrest the spread of the attack
- Making replicas of every infected server and endpoint and data store in order to perform forensics without interfering with recovery
- Adding A/V agents to all virus-free endpoints
- Restoring data from air-gapped backups or unscathed machines
- Creating a clean recovery environment
- Mapping and connecting drives to reflect precisely their pre-encryption state
Paying Exfiltration Ransoms
Beyond demanding payment for a decryption tool, current variants of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Egregor commonly try to exfiltrate files. Hackers are then able to require an additional settlement for not publishing this information or selling it. Unfortunately, there exists no way to guarantee that exfiltrated data have been completely deleted by the threat actor. In fact, in many cases the hacker has little say about the disposition of the data. Settling an exfiltration ransom does not eliminate the necessity of engaging the guidance of privacy attorneys, performing an inventory of data were stolen, and sending the necessary alerts to impacted entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has delivered remote and on-premises IT services throughout the U.S. for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes consultants who have earned high-level certifications in core technology platforms such as Cisco networking, VMware virtualization, and major Linux distros. Progent's data security consultants have earned internationally recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial and ERP software. This broad array of expertise allows Progent to identify and integrate the surviving parts of your information system after a ransomware attack and rebuild them rapidly into a viable system. Progent has worked with top cyber insurance carriers like Chubb to assist businesses recover from ransomware assaults.
Contact Progent about Ransomware Settlement Negotiation Guidance in Birmingham
To contact with Progent about ransomware settlement guidance in Birmingham, phone Progent at 800-462-8800 or go to Contact Progent.