Progent's Ransomware Settlement Negotiation Consulting in Birmingham
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Negotiating an optimum settlement is a complicated activity that calls for a combination of real-word experience, technical skills and business savvy. It also requires close co-operation with the ransomware victim's IT team and the cyber insurance provider, if any. Since the number one priority of the ransomware target is operational continuity, it is critical to establish recovery teams that operate effectively, concurrently, and in close communication. Progent has the breadth of technical skills and the depth of experts to supplement your network staff and restore your network quickly and affordably.
Support available from Progent's ransomware negotiation experts include:
Concurrent with the settlement negotiations, Progent's ransomware staff can help with:
- Determining the type of ransomware used in the attack
- identifying and contacting the hacker
- Assessing the recovery risk
- Testing the TA's decryption capabilities
- Agreeing on a settlement payment with the victim and the cyber insurance carrier
- Establishing a settlement amount and timeline with the threat actor
- Verifying compliance with anti-money laundering regulations
- Managing the crypto-currency transfer to the TA
- Acquiring, reviewing, and using the hacker's decryption tool
- If needed, contacting the hacker for assistance with the decryption utility
After the decryption tool has been mastered, Progent can assist you to restore machines and services to their original condition. Progent can also assist you to perform comprehensive forensics and generate a report to deliver to the cyber insurance carrier. This document helps you to understand security gaps that must be eliminated and suggests steps to be performed to counter subsequent ransomware attacks.
- Quarantining affected endpoints to prevent further spread of the attack
- Making digital copies of each breached server and endpoint and data store to allow forensics in parallel with cleanup
- Installing A/V protection to all virus-free endpoints
- Restoring files from air-gapped restores or uncompromised machines
- Building a clean recovery environment
- Remapping and reconnecting datastores to match precisely their pre-encryption condition
Settling Exfiltration Ransoms
In addition to demanding money for a decryption tool, current strains of ransomware like Ryuk, Maze, Netwalker, and Egregor often attempt to steal (or "exfiltrate") files. Hackers can then require a separate settlement for not posting this information or selling it. Sadly, there exists no method to be certain that stolen data have been totally erased by the hacker. In fact, in numerous cases the threat actor has little say about who can access the stolen files. Paying an exfiltration ransom does not free you from the necessity of getting the advice of legal counsel, performing an audit on which data were taken, and carrying out the mandated notifications to impacted entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has provided online and onsite IT services throughout the United States for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes consultants who have earned high-level certifications in core technologies such as Cisco infrastructure, VMware, and major Linux distros. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and ERP applications. This breadth of skills gives Progent the ability to salvage and consolidate the undamaged pieces of your information system after a ransomware intrusion and rebuild them rapidly into a functioning system. Progent has collaborated with leading cyber insurance carriers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Negotiation Guidance in Birmingham
To get in touch with Progent about crypto-ransomware settlement services in Birmingham, call Progent at 800-462-8800 or go to Contact Progent.