Progent's Ransomware Negotiation Consulting in Chandler
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complicated activity that requires a combination of real-word experience, technical knowledge and business savvy. It also demands working closely with the ransomware victim's IT staff and the cyber insurance provider, if there is one. Because the number one priority of the ransomware target is fast recovery, it is critical to establish response groups that operate efficiently, in parallel, and in close communication. Progent has the scope of IT knowledge and the deep bench of experts to supplement your IT support team and recover your network environment quickly and economically.
Services provided by Progent's ransomware negotiation team include:
Concurrent with the settlement negotiations, Progent's ransomware staff can help with:
- Determining the type of ransomware used in the attack
- identifying and contacting the hacker persona
- Assessing the likelihood of recovery
- Verifying the TA's decryption capabilities
- Determining a settlement with the ransomware victim and the cyber insurance provider
- Negotiating a settlement and timeline with the TA
- Confirming accordance with anti-money laundering (AML) laws
- Overseeing the crypto-currency disbursement to the TA
- Receiving, learning, and using the threat actor's decryption utility
- If needed, contacting the hacker for technical help with the decryptor tool
Once the decryption tool has been mastered, Progent can help you to recover physical and virtual devices and software services to their pre-arrack state. Progent can also assist you to conduct a full forensic review and create a report to share with the cyber insurance carrier. This document helps you to understand cybersecurity gaps that must be fixed and suggests steps that should be performed to counter future ransomware assaults.
- Quarantining affected endpoints and data stores to prevent further progress of the attack
- Making replicas of every breached device and data store to allow forensics without interfering with recovery
- Installing anti-virus protection to all clean endpoints
- Salvaging data from offline backups or unscathed endpoints
- Building a pristine recovery environment
- Remapping and connecting drives to reflect precisely their pre-encryption condition
Settling Exfiltration Ransoms
Beyond extorting payment for a decryption tool, current variants of ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor commonly attempt to exfiltrate files. TAs are then able to demand a separate payment for not publishing this data or selling it. Sadly, there is no method to prove that stolen files have been totally deleted by the TA. Actually, in many instances the hacker has little control over where the information ends up. Settling an exfiltration ransom does not free you from the need for engaging the guidance of legal counsel, performing an inventory of files were taken, and sending the required notifications to affected entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered remote and onsite IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SBEs) includes consultants who have been awarded advanced certifications in foundation technologies such as Cisco infrastructure, VMware, and popular Linux distros. Progent's data security experts have earned industry-recognized certifications such as CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also has guidance in financial management and ERP application software. This scope of expertise allows Progent to identify and consolidate the undamaged pieces of your IT environment following a ransomware intrusion and reconstruct them quickly into an operational network. Progent has collaborated with leading insurance providers like Chubb to help businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Guidance in Chandler
To get in touch with Progent about ransomware settlement negotiation guidance in Chandler, call Progent at 800-462-8800 or go to Contact Progent.