Progent's Ransomware Negotiation Consulting in Cheyenne
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an optimum settlement is a complex activity that requires a mix of field experience, technical knowledge and business savvy. It also calls for working closely with the victim's IT team and the insurance provider, if there is one. Since the top goal of the ransomware target is operational continuity, it is vital to deploy recovery teams that work efficiently, concurrently, and with intimate collaboration. Progent offers the scope of technical knowledge and the depth of personnel to complement your IT support team and recover your network environment rapidly and economically.
Services provided by Progent's ransomware settlement negotiation team include:
In parallel with the settlement negotiations, Progent's ransomware staff can help with:
- Determining the type of ransomware used in the attack
- making contact with the hacker persona
- Assessing the recovery risk
- Validating the TA's decryption tool
- Deciding on an acceptable settlement with the ransomware victim and the cyber insurance provider
- Negotiating a settlement and schedule with the TA
- Verifying compliance with anti-money laundering (AML) sanctions
- Carrying out the crypto-currency disbursement to the TA
- Acquiring, learning, and using the threat actor's decryption tool
- If necessary, contacting the threat actor for technical assistance with the decryption utility
After the decryption utility has been learned, Progent can help you to recover machines and services to their pre-arrack state. Progent can also help you to conduct a full forensic review and generate a document to deliver to the cyber insurance provider. This document identifies cybersecurity vulnerabilities that need to be fixed and suggests actions to be performed to block subsequent ransomware attacks.
- Quarantining infected endpoints to prevent further spread of the attack
- Creating replicas of every compromised server and endpoint and data store in order to perform forensics without interfering with restoration
- Adding A/V agents to all clean endpoints
- Restoring files from offline restores or uncompromised machines
- Building a clean environment
- Mapping and connecting drives to reflect precisely their pre-encryption condition
Paying Exfiltration Ransoms
In addition to extorting payment for a decryption tool, current strains of crypto-ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor often try to exfiltrate information. TAs can then require a separate settlement in exchange for not divulging this information on the dark web. Unfortunately, there exists no method to prove that exfiltrated files have been completely deleted by the TA. In fact, in many cases the hacker has little control over the disposition of the data. Paying an exfiltration ransom does not free you from the necessity of seeking the advice of legal counsel, performing an inventory of files were stolen, and performing the required alerts to impacted entities. In almost all cases, paying an exfiltration ransom is a waste.
Progent has delivered online and on-premises network services across the United States for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes professionals who have been awarded advanced certifications in core technologies including Cisco networking, VMware, and major Linux distros. Progent's data security consultants have earned industry-recognized certifications such as CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP applications. This breadth of expertise gives Progent the ability to salvage and integrate the surviving pieces of your IT environment following a ransomware attack and reconstruct them rapidly into a viable network. Progent has worked with leading insurance providers like Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Guidance in Cheyenne
To contact with Progent about ransomware settlement guidance in Cheyenne, call Progent at 800-462-8800 or go to Contact Progent.