Progent's Ransomware Negotiation Services in Cambridge
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Negotiating an acceptable settlement is a complicated exercise that requires a mix of real-word experience, IT knowledge and business acumen. It also requires working closely with the cyber-extortion target's IT team and the cyber insurance provider, if there is one. Because the top priority of the ransomware victim is operational continuity, it is critical to deploy recovery teams that work efficiently, concurrently, and with intimate collaboration. Progent offers the scope of technical skills and the deep bench of experts to complement your IT support team and restore your network environment quickly and economically.
Services provided by Progent's ransomware settlement experts include:
In parallel with the settlement negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware used in the assault
- identifying and contacting the hacker
- Evaluating the recovery risk
- Verifying the TA's decryption tool
- Determining a settlement range with the victim and the cyber insurance provider
- Establishing a settlement amount and timeline with the hacker
- Checking compliance with anti-money laundering (AML) regulations
- Carrying out the crypto-currency disbursement to the TA
- Receiving, reviewing, and using the threat actor's decryptor utility
- If necessary, contacting the hacker for technical assistance with the decryption utility
Once the decryption tool has been learned, Progent can assist you to recover machines and software services to their pre-arrack state. Progent can also assist you to perform a forensics investigation and generate a document to deliver to the cyber insurance provider. This document identifies security gaps that need to be eliminated and recommends steps that can be performed to block subsequent ransomware attacks.
- Isolating affected endpoints and data stores to arrest the spread of the attack
- Creating digital copies of each breached server and endpoint and data store to allow forensics without interfering with restoration
- Installing A/V protection to all virus-free endpoints
- Recovering files from air-gapped restores or uncompromised endpoints
- Building a clean environment
- Mapping and connecting drives to reflect precisely their pre-encryption state
Paying Exfiltration Ransoms
In addition to demanding money for a decryption tool, current variants of ransomware like Ryuk, Maze, DopplePaymer, and Egregor often attempt to steal (or "exfiltrate") information. TAs are then able to demand an additional settlement for not publishing this data on the dark web. Unfortunately, there exists no method to guarantee that exfiltrated files have been totally erased by the TA. Actually, in many instances the threat actor has little say over the disposition of the data. Settling an exfiltration ransom does not eliminate the need for seeking the guidance of privacy attorneys, conducting an audit on which files were taken, and sending the mandated alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered online and onsite network services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded high-level certifications in foundation technologies such as Cisco infrastructure, VMware, and major distributions of Linux. Progent's data security experts have earned industry-recognized certifications such as CISM, CISSP, and CRISC. (Refer to Progent's certifications). Progent also offers top-tier support in financial and ERP software. This breadth of skills allows Progent to identify and consolidate the undamaged parts of your IT environment following a ransomware attack and reconstruct them quickly into a functioning system. Progent has worked with leading insurance carriers including Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Guidance in Cambridge
To contact with Progent about ransomware settlement negotiation expertise in Cambridge, call Progent at 800-462-8800 or go to Contact Progent.