Overview of Progent's Ransomware Negotiation Consulting in Birmingham
Progent has experience negotiating ransomware settlements with hackers. Reaching an acceptable settlement is a complicated activity that requires a mix of field experience, technical knowledge and business acumen. It also demands working closely with the cyber-extortion target's IT staff and the cyber insurance carrier, if there is one. Because the top goal of the ransomware victim is operational continuity, it is critical to establish response teams that work efficiently, in parallel, and in close communication. Progent offers the scope of IT skills and the depth of experts to supplement your IT support team and restore your network environment rapidly and affordably.
Services offered by Progent's ransomware settlement negotiation experts include:
In parallel with the ransom negotiations, Progent's ransomware team can help with:
- Establishing the type of ransomware used in the assault
- Identifying and communicating with the hacker persona
- Evaluating the likelihood of recovery
- Testing the threat actor's decryption tool
- Determining a settlement payment with the victim and the cyber insurance provider
- Negotiating a settlement and schedule with the hacker
- Checking accordance with anti-money laundering laws
- Overseeing the crypto-currency transfer to the hacker
- Acquiring, reviewing, and operating the threat actor's decryptor tool
- If necessary, contacting the threat actor for technical assistance with the decryptor tool
Once the decryption tool has been learned, Progent can assist you to recover computers and services to their original condition. Progent can also help you to perform a forensics investigation and generate a document to deliver to the insurance provider. This report identifies security gaps that need to be eliminated and recommends steps that can be taken to combat subsequent ransomware assaults.
- Quarantining infected endpoints and data stores to arrest the progress of the attack
- Making digital copies of every breached device and data store to allow forensics without interfering with cleanup
- Adding A/V agents to all virus-free endpoints
- Salvaging data from air-gapped restores or uncompromised machines
- Creating a pristine recovery environment
- Remapping and connecting drives to match precisely their pre-attack state
In addition to demanding payment for a decryption utility, modern variants of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Nephilim often try to exfiltrate files. Hackers are then able to require a separate settlement in exchange for not divulging this data or selling it. Unfortunately, there exists no method to guarantee that exfiltrated files have been completely erased by the threat actor. In fact, in numerous instances the threat actor has limited say over who can access the stolen files. Paying an exfiltration ransom does not eliminate the need for getting the guidance of legal counsel, performing an inventory of files were compromised, and sending the required alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided online and onsite IT services across the United States for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have been awarded high-level certifications in core technology platforms including Cisco networking, VMware, and popular Linux distros. Progent's data security consultants have earned internationally recognized certifications such as CISA, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also has guidance in financial and ERP application software. This broad array of expertise allows Progent to identify and consolidate the surviving parts of your network after a ransomware assault and reconstruct them quickly into a viable system. Progent has collaborated with top cyber insurance providers including Chubb to help organizations recover from ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Guidance in Birmingham
To contact with Progent about ransomware settlement expertise in Birmingham, phone Progent at 800-993-9400 or go to Contact Progent.