Overview of Progent's Ransomware Settlement Negotiation Consulting in Charleston
Progent is experienced in negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complicated exercise that requires a combination of field experience, IT knowledge and business acumen. It also demands close co-operation with the cyber-extortion target's IT staff and the cyber insurance carrier, if there is one. Because the number one priority of the ransomware target is operational continuity, it is vital to deploy response groups that operate efficiently, concurrently, and in close communication. Progent offers the breadth of IT skills and the depth of personnel to supplement your network staff and restore your network environment quickly and economically.
Services available from Progent's ransomware settlement team include:
In parallel with the ransom negotiations, Progent's ransomware team can assist with:
- Determining the kind of ransomware used in the attack
- Identifying and communicating with the hacker
- Evaluating the recovery risk
- Testing the hacker's decryption capabilities
- Determining a settlement with the ransomware victim and the insurance carrier
- Negotiating a settlement amount and schedule with the hacker
- Confirming compliance with anti-money laundering (AML) sanctions
- Overseeing the crypto-currency transfer to the TA
- Receiving, reviewing, and operating the TA's decryption utility
- If needed, contacting the TA for technical assistance with the decryption tool
After the decryption tool has been mastered, Progent can assist you to restore computers and services to their original condition. Progent can also help you to conduct comprehensive forensics and create a document to share with the cyber insurance carrier. This report identifies cybersecurity gaps that need to be fixed and suggests steps that can be performed to counter subsequent ransomware attacks.
- Quarantining affected endpoints to arrest the spread of the assault
- Creating replicas of every breached device and data store to allow forensics without interfering with recovery
- Adding A/V agents to all clean endpoints
- Recovering data from offline backups or unscathed machines
- Building a pristine environment
- Mapping and connecting datastores to reflect precisely their pre-encryption state
Settling Exfiltration Ransoms
Beyond extorting money for a decryption tool, modern strains of crypto-ransomware such as Ryuk, Maze, Netwalker, and Egregor often attempt to steal (or "exfiltrate") files. TAs can then demand an additional ransom for not publishing this information on the dark web. Unfortunately, there exists no method to guarantee that stolen data have been completely deleted by the hacker. In fact, in many cases the threat actor has little control about data custody. Settling an exfiltration ransom does not free you from the necessity of getting the guidance of privacy lawyers, conducting an inventory of files were stolen, and performing the required alerts to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered remote and on-premises network services across the U.S. for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes professionals who have earned advanced certifications in core technology platforms including Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's cybersecurity experts have earned prestigious certifications including CISA, CISSP-ISSAP, and GIAC. (Refer to Progent's certifications). Progent also has guidance in financial management and ERP applications. This scope of skills gives Progent the ability to salvage and integrate the surviving pieces of your IT environment after a ransomware attack and rebuild them quickly into a viable network. Progent has worked with leading cyber insurance providers including Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services in Charleston
To get in touch with Progent about crypto-ransomware settlement negotiation expertise in Charleston, call Progent at 800-462-8800 or go to Contact Progent.