Overview of Progent's Ransomware Settlement Negotiation Services in Brighton
Progent is experienced in negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complicated activity that requires a mix of field experience, IT knowledge and business acumen. It also requires working closely with the ransomware victim's IT team and the insurance carrier, if there is one. Because the top goal of the ransomware victim is fast recovery, it is critical to deploy response teams that operate effectively, concurrently, and with intimate collaboration. Progent offers the breadth of technical skills and the depth of experts to complement your IT support team and restore your network rapidly and affordably.
Services provided by Progent's ransomware negotiation team include:
Concurrent with the settlement negotiations, Progent's ransomware team can assist with:
- Determining the type of ransomware used in the attack
- making contact with the hacker persona
- Assessing the recovery risk
- Verifying the TA's decryption capabilities
- Deciding on an acceptable settlement with the ransomware victim and the insurance provider
- Establishing a settlement and schedule with the hacker
- Confirming compliance with anti-money laundering laws
- Overseeing the crypto-currency transfer to the TA
- Receiving, reviewing, and using the hacker's decryptor mechanism
- If needed, contacting the hacker for assistance with the decryptor tool
After the decryption tool has been learned, Progent can help you to recover machines and software services to their original state. Progent can also help you to conduct a complete forensics analysis and create a document to deliver to the cyber insurance provider. This document identifies security gaps that need to be fixed and suggests steps to be taken to block subsequent ransomware attacks.
- Quarantining infected endpoints and data stores to prevent further progress of the assault
- Making digital copies of every compromised server and endpoint and data store in order to perform forensics without interfering with recovery
- Adding A/V protection to all virus-free endpoints
- Salvaging data from offline restores or unscathed machines
- Building a pristine environment
- Remapping and connecting drives to match exactly their pre-attack state
In addition to demanding payment for a decryption utility, modern strains of ransomware like Ryuk, Sodinokibi, Netwalker, and Egregor often attempt to exfiltrate files. TAs can then demand an extra settlement for not publishing this data on the dark web. Unfortunately, there is no method to be certain that exfiltrated files have been completely erased by the TA. In fact, in numerous instances the TA has limited say over data custody. Settling an exfiltration ransom does not eliminate the need for getting the advice of privacy attorneys, performing an inventory of files were compromised, and sending the mandated alerts to affected entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises IT services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SBEs) includes professionals who have been awarded high-level certifications in foundation technology platforms such as Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's cybersecurity experts have earned industry-recognized certifications such as CISA, CISSP, and CRISC. (Refer to Progent's certifications). Progent also offers guidance in financial and Enterprise Resource Planning application software. This broad array of expertise allows Progent to salvage and consolidate the undamaged pieces of your information system after a ransomware assault and rebuild them quickly into a functioning network. Progent has worked with leading cyber insurance providers like Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Settlement Expertise in Brighton
To get in touch with Progent about ransomware settlement expertise in Brighton, phone Progent at 800-462-8800 or go to Contact Progent.