Overview of Progent's Ransomware Negotiation Services in Cambridge
Progent has experience negotiating ransomware settlements with hackers. Negotiating an acceptable settlement is a complicated activity that calls for a combination of field experience, technical knowledge and business acumen. It also demands close co-operation with the cyber-extortion target's IT staff and the cyber insurance provider, if there is one. Because the number one goal of the ransomware target is operational continuity, it is vital to establish recovery teams that work effectively, in parallel, and with intimate collaboration. Progent offers the breadth of IT knowledge and the depth of personnel to complement your IT support team and restore your network environment quickly and economically.
Services offered by Progent's ransomware negotiation team include:
Concurrent with the settlement negotiations, Progent's ransomware staff can help with:
- Establishing the kind of ransomware involved in the attack
- Identifying and communicating with the hacker persona
- Evaluating the recovery risk
- Validating the hacker's decryption capabilities
- Deciding on an acceptable settlement range with the ransomware victim and the insurance provider
- Negotiating a settlement amount and schedule with the threat actor
- Confirming compliance with anti-money laundering regulations
- Overseeing the crypto-currency disbursement to the TA
- Receiving, reviewing, and using the threat actor's decryption mechanism
- If needed, contacting the hacker for assistance with the decryption tool
Once the decryption tool has been learned, Progent can assist you to restore computers and services to their pre-arrack state. Progent can also assist you to perform a full forensic review and generate a report to deliver to the cyber insurance provider. This report identifies cybersecurity gaps that must be eliminated and suggests steps that can be performed to counter future ransomware attacks.
- Isolating affected endpoints to prevent further progress of the attack
- Creating digital copies of every breached device and data store in order to perform forensics without interfering with restoration
- Adding anti-virus agents to all clean endpoints
- Salvaging files from air-gapped backups or unscathed endpoints
- Creating a clean environment
- Mapping and connecting drives to match precisely their pre-encryption state
Paying Exfiltration Ransoms
In addition to demanding money for a decryption tool, current strains of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Egregor commonly attempt to exfiltrate information. Hackers can then demand an additional ransom for not posting this information or selling it. Sadly, there is no way to prove that exfiltrated files have been totally deleted by the hacker. In fact, in many cases the hacker has limited say about who can access the stolen files. Paying an exfiltration ransom does not free you from the necessity of seeking the advice of privacy lawyers, performing an investigation into which files were taken, and performing the mandated notifications to impacted entities. In almost all cases, paying an exfiltration ransom is a waste.
Progent has provided online and on-premises network services across the U.S. for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SBEs includes consultants who have earned high-level certifications in foundation technologies including Cisco infrastructure, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial and Enterprise Resource Planning application software. This breadth of skills allows Progent to identify and integrate the undamaged pieces of your IT environment following a ransomware assault and reconstruct them quickly into a functioning system. Progent has worked with top insurance carriers like Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Ransomware Settlement Guidance in Cambridge
To get in touch with Progent about crypto-ransomware settlement negotiation expertise in Cambridge, call Progent at 800-993-9400 or go to Contact Progent.