Overview of Progent's Ransomware Settlement Negotiation Consulting in Bristol
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an optimum settlement is a complex exercise that requires a mix of field experience, technical skills and business savvy. It also calls for working closely with the ransomware victim's IT team and the insurance carrier, if any. Since the number one priority of the ransomware victim is fast recovery, it is critical to deploy recovery groups that work efficiently, concurrently, and with intimate collaboration. Progent offers the breadth of technical knowledge and the deep bench of personnel to complement your network support team and recover your network environment rapidly and economically.
Services provided by Progent's ransomware negotiation experts include:
In parallel with the ransom negotiations, Progent's ransomware staff can assist with:
- Establishing the type of ransomware involved in the attack
- making contact with the hacker
- Evaluating the recovery risk
- Testing the threat actor's decryption tool
- Determining a settlement range with the victim and the cyber insurance provider
- Establishing a settlement and schedule with the hacker
- Confirming compliance with anti-money laundering sanctions
- Overseeing the crypto-currency disbursement to the hacker
- Acquiring, reviewing, and using the hacker's decryptor utility
- If necessary, contacting the TA for technical help with the decryption tool
After the decryption tool has been learned, Progent can assist you to restore computers and software services to their original state. Progent can also assist you to conduct comprehensive forensics and generate a report to share with the cyber insurance carrier. This report helps you to understand cybersecurity gaps that must be eliminated and suggests steps that should be performed to block subsequent ransomware assaults.
- Quarantining infected endpoints to arrest the progress of the assault
- Making replicas of every infected server and endpoint and data store to allow forensics without interfering with cleanup
- Adding A/V protection to all virus-free endpoints
- Recovering files from air-gapped backups or uncompromised machines
- Creating a pristine recovery environment
- Mapping and connecting datastores to match precisely their pre-attack condition
In addition to extorting payment for a decryption tool, current strains of ransomware like Ryuk, Sodinokibi, DopplePaymer, and Nephilim commonly try to exfiltrate files. Hackers are then able to demand an additional ransom in exchange for not publishing this data on the dark web. Sadly, there exists no way to prove that exfiltrated files have been totally deleted by the TA. In fact, in numerous instances the TA has little control over where the information ends up. Settling an exfiltration ransom does not eliminate the need for getting the advice of privacy attorneys, conducting an audit on which files were taken, and performing the required alerts to affected entities. In almost all cases, paying an exfiltration ransom is a waste.
Progent has provided online and on-premises IT services throughout the U.S. for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes professionals who have been awarded high-level certifications in foundation technologies including Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned industry-recognized certifications including CISM, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and ERP applications. This breadth of expertise allows Progent to salvage and consolidate the surviving pieces of your network following a ransomware intrusion and reconstruct them rapidly into an operational system. Progent has worked with leading insurance carriers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Guidance in Bristol
To contact with Progent about ransomware settlement services in Bristol, call Progent at 800-462-8800 or go to Contact Progent.