Progent's Ransomware Settlement Negotiation Consulting in Cheyenne
Progent has experience negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complicated exercise that requires a combination of real-word experience, IT skills and business acumen. It also demands close co-operation with the ransomware victim's IT team and the cyber insurance provider, if there is one. Because the top goal of the ransomware target is fast recovery, it is vital to deploy recovery teams that work effectively, concurrently, and in close communication. Progent has the scope of technical knowledge and the depth of experts to complement your network support team and restore your network rapidly and affordably.
Services available from Progent's ransomware settlement experts include:
Concurrent with the settlement negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware used in the assault
- Identifying and communicating with the hacker
- Assessing the recovery risk
- Validating the TA's decryption tool
- Agreeing on a settlement range with the victim and the cyber insurance provider
- Negotiating a settlement amount and schedule with the TA
- Checking adherence to anti-money laundering laws
- Managing the crypto-currency transfer to the hacker
- Receiving, learning, and using the hacker's decryptor tool
- If necessary, contacting the threat actor for technical help with the decryption tool
After the decryption utility has been learned, Progent can assist you to restore machines and software services to their original state. Progent can also assist you to perform a forensics investigation and generate a document to share with the insurance carrier. This document identifies cybersecurity vulnerabilities that need to be eliminated and suggests actions to be taken to block future ransomware attacks.
- Isolating affected endpoints to arrest the progress of the attack
- Creating digital copies of every compromised device and data store to allow forensics without interfering with recovery
- Adding A/V protection to all clean endpoints
- Salvaging data from air-gapped restores or unscathed machines
- Creating a pristine recovery environment
- Remapping and reconnecting datastores to match precisely their pre-encryption condition
Paying Exfiltration Ransoms
Beyond demanding money for a decryption utility, modern variants of ransomware such as Ryuk, Maze, DopplePaymer, and Nephilim often attempt to steal (or "exfiltrate") files. TAs can then demand a separate settlement for not publishing this information on the dark web. Sadly, there exists no way to be certain that stolen data have been totally deleted by the threat actor. In fact, in many cases the hacker has little control over data custody. Settling an exfiltration ransom does not free you from the necessity of getting the guidance of privacy lawyers, performing an inventory of data were compromised, and carrying out the required notifications to affected entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has delivered remote and on-premises network services throughout the U.S. for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SBEs) includes professionals who have been awarded advanced certifications in core technologies such as Cisco infrastructure, VMware, and major distributions of Linux. Progent's data security experts have earned prestigious certifications such as CISM, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also offers top-tier support in financial and Enterprise Resource Planning software. This scope of skills gives Progent the ability to salvage and consolidate the surviving parts of your IT environment following a ransomware intrusion and rebuild them rapidly into a functioning network. Progent has worked with leading insurance providers including Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Guidance in Cheyenne
To get in touch with Progent about crypto-ransomware settlement expertise in Cheyenne, phone Progent at 800-993-9400 or go to Contact Progent.