Overview of Progent's Ransomware Settlement Negotiation Consulting in Campinas
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Negotiating an acceptable settlement is a complicated exercise that requires a mix of field experience, IT knowledge and business savvy. It also calls for close co-operation with the victim's IT team and the cyber insurance provider, if any. Because the number one goal of the ransomware target is fast recovery, it is vital to deploy response teams that operate efficiently, in parallel, and with intimate collaboration. Progent has the scope of technical skills and the depth of experts to supplement your IT support team and restore your network environment rapidly and affordably.
Services available from Progent's ransomware settlement team include:
In parallel with the ransom negotiations, Progent's ransomware team can assist with:
- Establishing the type of ransomware used in the assault
- identifying and contacting the hacker
- Evaluating the likelihood of recovery
- Verifying the TA's decryption tool
- Deciding on an acceptable settlement range with the victim and the cyber insurance carrier
- Establishing a settlement and schedule with the hacker
- Confirming adherence to anti-money laundering (AML) laws
- Overseeing the crypto-currency disbursement to the TA
- Acquiring, reviewing, and operating the threat actor's decryptor mechanism
- If necessary, contacting the TA for assistance with the decryption utility
Once the decryption utility has been learned, Progent can help you to restore physical and virtual devices and software services to their pre-arrack state. Progent can also assist you to perform a forensics investigation and generate a report to share with the insurance carrier. This document helps you to understand security gaps that need to be eliminated and suggests steps that can be taken to block subsequent ransomware attacks.
- Isolating infected endpoints to arrest the spread of the attack
- Creating digital copies of every breached server and endpoint and data store to allow forensics without interfering with restoration
- Installing anti-virus agents to all virus-free endpoints
- Restoring data from offline backups or uncompromised endpoints
- Building a clean recovery environment
- Remapping and reconnecting drives to match exactly their pre-encryption state
In addition to demanding money for a decryption utility, modern variants of crypto-ransomware like Ryuk, Maze, DopplePaymer, and Egregor commonly attempt to exfiltrate information. TAs can then require an additional settlement for not divulging this data or selling it. Sadly, there exists no method to guarantee that exfiltrated data have been totally deleted by the threat actor. In fact, in many cases the hacker has limited say over data custody. Paying an exfiltration ransom does not eliminate the need for getting the advice of privacy attorneys, conducting an audit on which data were stolen, and performing the mandated alerts to affected entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has provided online and onsite IT services across the United States for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have been awarded high-level certifications in foundation technologies such as Cisco infrastructure, VMware, and major Linux distros. Progent's data security experts have earned prestigious certifications such as CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning applications. This broad array of expertise gives Progent the ability to identify and integrate the surviving pieces of your information system following a ransomware intrusion and rebuild them rapidly into a viable network. Progent has collaborated with leading cyber insurance carriers including Chubb to help organizations recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Guidance in Campinas
To get in touch with Progent about ransomware settlement guidance in Campinas, call Progent at 800-993-9400 or go to Contact Progent.