Overview of Progent's Ransomware Negotiation Consulting in Chandler
Progent is experienced in negotiating ransomware settlements with hackers. Negotiating an optimum settlement is a complicated activity that requires a mix of field experience, technical knowledge and business savvy. It also requires close co-operation with the victim's IT staff and the cyber insurance carrier, if there is one. Since the top priority of the ransomware victim is operational continuity, it is critical to establish response teams that work effectively, concurrently, and with intimate collaboration. Progent offers the breadth of IT knowledge and the deep bench of experts to supplement your IT staff and recover your network rapidly and affordably.
Services offered by Progent's ransomware negotiation team include:
Concurrent with the ransom negotiations, Progent's ransomware team can assist with:
- Establishing the type of ransomware involved in the assault
- making contact with the hacker persona
- Evaluating the likelihood of recovery
- Testing the TA's decryption tool
- Agreeing on a settlement with the victim and the cyber insurance carrier
- Establishing a settlement amount and schedule with the threat actor
- Checking adherence to anti-money laundering (AML) laws
- Carrying out the crypto-currency transfer to the TA
- Receiving, reviewing, and operating the TA's decryptor mechanism
- If needed, contacting the threat actor for technical assistance with the decryptor utility
After the decryption utility has been learned, Progent can help you to restore machines and services to their pre-arrack state. Progent can also assist you to conduct a complete forensics analysis and generate a document to deliver to the cyber insurance provider. This report identifies security vulnerabilities that need to be eliminated and suggests actions that should be taken to combat subsequent ransomware attacks.
- Quarantining affected endpoints to prevent further spread of the assault
- Making digital copies of each compromised device and data store in order to perform forensics in parallel with cleanup
- Adding A/V protection to all clean endpoints
- Recovering data from offline backups or unscathed endpoints
- Building a clean environment
- Mapping and reconnecting drives to match precisely their pre-encryption state
Paying Exfiltration Ransoms
In addition to extorting money for a decryption tool, modern variants of crypto-ransomware like Ryuk, Maze, DopplePaymer, and Egregor commonly try to exfiltrate information. Hackers are then able to require an additional ransom in exchange for not divulging this information on the dark web. Sadly, there is no method to be certain that stolen files have been totally deleted by the hacker. In fact, in many instances the TA has limited control over where the information ends up. Settling an exfiltration ransom does not eliminate the need for engaging the advice of privacy attorneys, performing an inventory of files were taken, and carrying out the mandated alerts to impacted entities. In almost all cases, paying an exfiltration ransom is a waste.
Progent has provided remote and onsite network services across the United States for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded advanced certifications in core technologies such as Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications such as CISM, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and ERP applications. This scope of skills allows Progent to salvage and consolidate the surviving parts of your network after a ransomware attack and reconstruct them quickly into a viable system. Progent has worked with leading cyber insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Guidance in Chandler
To get in touch with Progent about crypto-ransomware settlement guidance in Chandler, call Progent at 800-462-8800 or go to Contact Progent.