Progent's Ransomware Negotiation Consulting in Birmingham
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an optimum settlement is a complex activity that calls for a mix of real-word experience, technical skills and business savvy. It also requires close co-operation with the ransomware victim's IT team and the cyber insurance carrier, if any. Since the number one goal of the ransomware target is fast recovery, it is critical to deploy response groups that operate effectively, concurrently, and with intimate collaboration. Progent has the breadth of technical skills and the depth of personnel to complement your network staff and restore your network quickly and economically.
Services offered by Progent's ransomware settlement negotiation experts include:
In parallel with the ransom negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware used in the attack
- identifying and contacting the hacker persona
- Assessing the likelihood of recovery
- Testing the threat actor's decryption tool
- Agreeing on a settlement with the victim and the cyber insurance carrier
- Establishing a settlement amount and timeline with the hacker
- Checking compliance with anti-money laundering regulations
- Carrying out the crypto-currency payment to the TA
- Receiving, reviewing, and using the threat actor's decryptor utility
- If needed, contacting the TA for assistance with the decryption utility
After the decryption utility has been mastered, Progent can help you to recover machines and software services to their pre-arrack state. Progent can also assist you to conduct a complete forensics analysis and create a report to deliver to the cyber insurance carrier. This document identifies security gaps that need to be corrected and suggests actions to be taken to block subsequent ransomware assaults.
- Quarantining infected endpoints and data stores to prevent further spread of the attack
- Creating replicas of every infected server and endpoint and data store in order to perform forensics in parallel with restoration
- Adding A/V protection to all virus-free endpoints
- Salvaging data from air-gapped restores or uncompromised endpoints
- Building a clean recovery environment
- Mapping and reconnecting drives to reflect precisely their pre-attack state
Paying Exfiltration Ransoms
In addition to demanding money for a decryption tool, modern strains of ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor commonly attempt to steal (or "exfiltrate") information. TAs can then demand an additional settlement in exchange for not posting this data or selling it. Sadly, there exists no method to prove that exfiltrated data have been completely erased by the threat actor. In fact, in numerous instances the threat actor has limited say over data custody. Paying an exfiltration ransom does not free you from the necessity of getting the guidance of privacy lawyers, performing an inventory of data were compromised, and sending the mandated notifications to impacted entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered remote and on-premises network services across the United States for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes consultants who have been awarded advanced certifications in core technologies such as Cisco networking, VMware, and major distributions of Linux. Progent's data security experts have earned internationally recognized certifications including CISA, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning application software. This broad array of skills gives Progent the ability to salvage and consolidate the undamaged parts of your IT environment after a ransomware intrusion and reconstruct them rapidly into an operational network. Progent has collaborated with leading insurance providers including Chubb to help organizations recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Expertise in Birmingham
To get in touch with Progent about ransomware settlement negotiation expertise in Birmingham, call Progent at 800-462-8800 or go to Contact Progent.