Overview of Progent's Ransomware Negotiation Services in Brighton
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an optimum settlement is a complicated exercise that requires a mix of real-word experience, IT knowledge and business savvy. It also demands close co-operation with the cyber-extortion target's IT staff and the insurance carrier, if there is one. Because the number one goal of the ransomware target is operational continuity, it is critical to deploy recovery teams that operate effectively, in parallel, and with intimate collaboration. Progent offers the breadth of technical knowledge and the deep bench of personnel to supplement your IT support team and recover your network environment quickly and economically.
Support provided by Progent's ransomware settlement negotiation team include:
In parallel with the ransom negotiations, Progent's ransomware staff can assist with:
- Establishing the type of ransomware involved in the attack
- making contact with the hacker persona
- Assessing the recovery risk
- Verifying the threat actor's decryption tool
- Deciding on an acceptable settlement with the victim and the cyber insurance provider
- Establishing a settlement amount and schedule with the threat actor
- Checking adherence to anti-money laundering laws
- Overseeing the crypto-currency transfer to the hacker
- Receiving, reviewing, and operating the TA's decryptor mechanism
- If needed, contacting the TA for assistance with the decryptor tool
After the decryption tool has been mastered, Progent can help you to recover computers and services to their original condition. Progent can also assist you to conduct a complete forensics analysis and generate a document to deliver to the cyber insurance provider. This document identifies cybersecurity vulnerabilities that need to be eliminated and recommends actions that should be performed to block future ransomware assaults.
- Isolating infected endpoints to arrest the progress of the attack
- Making digital copies of each infected server and endpoint and data store in order to perform forensics without interfering with recovery
- Adding anti-virus protection to all clean endpoints
- Salvaging data from offline restores or unscathed machines
- Creating a clean recovery environment
- Remapping and reconnecting datastores to match precisely their pre-attack state
Paying Exfiltration Ransoms
Beyond extorting money for a decryption tool, current strains of crypto-ransomware like Ryuk, Sodinokibi, DopplePaymer, and Nephilim often attempt to exfiltrate files. Hackers can then demand a separate payment in exchange for not divulging this information on the dark web. Sadly, there exists no method to guarantee that stolen data have been totally erased by the TA. In fact, in many instances the TA has limited control over data custody. Settling an exfiltration ransom does not eliminate the need for engaging the guidance of privacy lawyers, conducting an investigation into which files were taken, and sending the mandated alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises IT services across the U.S. for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have been awarded advanced certifications in core technology platforms such as Cisco networking, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP, and CRISC. (See Progent's certifications). Progent also has top-tier support in financial management and ERP applications. This scope of expertise allows Progent to identify and integrate the undamaged parts of your IT environment after a ransomware intrusion and reconstruct them rapidly into a viable system. Progent has collaborated with leading insurance providers including Chubb to assist businesses recover from ransomware assaults.
Contact Progent about Ransomware Settlement Expertise in Brighton
To contact with Progent about ransomware settlement expertise in Brighton, call Progent at 800-462-8800 or go to Contact Progent.