Overview of Progent's Ransomware Negotiation Consulting in Brighton
Progent has experience negotiating ransomware settlements with hackers. Negotiating an optimum settlement is a complicated activity that requires a combination of field experience, IT skills and business savvy. It also demands working closely with the victim's IT team and the insurance carrier, if there is one. Since the number one priority of the ransomware target is operational continuity, it is critical to establish response teams that work effectively, concurrently, and in close communication. Progent offers the scope of IT knowledge and the deep bench of personnel to complement your IT support team and restore your network rapidly and affordably.
Support offered by Progent's ransomware settlement negotiation team include:
Concurrent with the ransom negotiations, Progent's ransomware staff can help with:
- Determining the type of ransomware involved in the attack
- making contact with the hacker persona
- Evaluating the recovery risk
- Testing the threat actor's decryption tool
- Budgeting a settlement payment with the ransomware victim and the insurance carrier
- Negotiating a settlement amount and schedule with the hacker
- Checking adherence to anti-money laundering (AML) sanctions
- Overseeing the crypto-currency payment to the TA
- Receiving, learning, and using the TA's decryptor utility
- If necessary, contacting the hacker for technical help with the decryptor utility
After the decryption tool has been learned, Progent can help you to restore machines and services to their original state. Progent can also assist you to perform a complete forensics analysis and create a document to share with the cyber insurance provider. This report identifies cybersecurity gaps that must be eliminated and suggests actions to be performed to combat subsequent ransomware assaults.
- Isolating infected endpoints and data stores to arrest the spread of the assault
- Making digital copies of every compromised device and data store in order to perform forensics in parallel with recovery
- Adding anti-virus agents to all virus-free endpoints
- Salvaging files from air-gapped restores or unscathed endpoints
- Building a clean recovery environment
- Mapping and connecting datastores to match exactly their pre-encryption state
In addition to extorting payment for a decryption utility, current variants of crypto-ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Egregor often attempt to steal (or "exfiltrate") files. TAs are then able to demand an additional settlement in exchange for not publishing this data or selling it. Sadly, there exists no way to guarantee that exfiltrated data have been totally deleted by the TA. In fact, in many instances the TA has limited say about data custody. Settling an exfiltration ransom does not free you from the necessity of engaging the advice of privacy attorneys, conducting an inventory of data were compromised, and carrying out the necessary alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided remote and onsite IT services across the United States for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of SBEs includes professionals who have earned high-level certifications in core technologies including Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's data security consultants have earned prestigious certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP application software. This breadth of skills gives Progent the ability to salvage and integrate the undamaged parts of your network following a ransomware assault and reconstruct them rapidly into a viable network. Progent has worked with leading insurance carriers like Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services in Brighton
To get in touch with Progent about ransomware settlement negotiation services in Brighton, phone Progent at 800-462-8800 or go to Contact Progent.