Progent's Ransomware Settlement Negotiation Consulting in Cheyenne
Progent has experience negotiating ransomware settlements with hackers. Reaching an acceptable settlement is a complicated exercise that calls for a mix of real-word experience, technical skills and business savvy. It also calls for working closely with the ransomware victim's IT staff and the insurance provider, if there is one. Because the number one priority of the ransomware victim is operational continuity, it is vital to deploy response teams that operate efficiently, concurrently, and with intimate collaboration. Progent offers the breadth of technical knowledge and the depth of experts to supplement your IT staff and recover your network environment quickly and economically.
Support available from Progent's ransomware settlement experts include:
Concurrent with the ransom negotiations, Progent's ransomware team can help with:
- Determining the type of ransomware used in the assault
- Identifying and communicating with the hacker
- Evaluating the likelihood of recovery
- Validating the hacker's decryption tool
- Determining a settlement range with the ransomware victim and the insurance provider
- Establishing a settlement amount and timeline with the threat actor
- Checking compliance with anti-money laundering (AML) sanctions
- Overseeing the crypto-currency disbursement to the TA
- Receiving, reviewing, and using the TA's decryptor tool
- If necessary, contacting the TA for technical assistance with the decryptor utility
After the decryption utility has been learned, Progent can help you to recover machines and services to their original condition. Progent can also help you to conduct a full forensic review and create a document to deliver to the cyber insurance carrier. This document identifies security vulnerabilities that must be eliminated and suggests actions that can be taken to block future ransomware attacks.
- Quarantining affected endpoints and data stores to prevent further spread of the attack
- Making digital copies of each compromised device and data store to allow forensics without interfering with recovery
- Installing A/V agents to all clean endpoints
- Restoring data from air-gapped backups or uncompromised endpoints
- Building a clean recovery environment
- Mapping and reconnecting datastores to reflect precisely their pre-encryption condition
Beyond demanding payment for a decryption tool, modern strains of ransomware like Ryuk, Maze, DopplePaymer, and Nephilim commonly attempt to exfiltrate files. TAs can then require an extra settlement in exchange for not divulging this data or selling it. Unfortunately, there exists no way to prove that exfiltrated data have been completely erased by the TA. In fact, in many cases the TA has limited say over where the information ends up. Settling an exfiltration ransom does not eliminate the necessity of seeking the advice of legal counsel, conducting an investigation into which data were taken, and performing the required alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered online and on-premises IT services throughout the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SBEs) includes consultants who have been awarded advanced certifications in foundation technology platforms including Cisco networking, VMware, and major Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and ERP applications. This broad array of expertise allows Progent to identify and consolidate the surviving pieces of your information system after a ransomware attack and rebuild them rapidly into an operational system. Progent has collaborated with leading cyber insurance carriers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Services in Cheyenne
To contact with Progent about ransomware settlement negotiation guidance in Cheyenne, phone Progent at 800-462-8800 or go to Contact Progent.