Overview of Progent's Ransomware Settlement Negotiation Services in Cincinnati
Progent has experience negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complex exercise that calls for a combination of real-word experience, IT knowledge and business acumen. It also calls for close co-operation with the cyber-extortion target's IT staff and the cyber insurance carrier, if there is one. Because the top priority of the ransomware victim is operational continuity, it is critical to deploy recovery teams that work efficiently, in parallel, and with intimate collaboration. Progent has the breadth of technical knowledge and the depth of experts to supplement your IT staff and restore your network rapidly and economically.
Support provided by Progent's ransomware settlement team include:
In parallel with the ransom negotiations, Progent's ransomware staff can help with:
- Determining the kind of ransomware involved in the attack
- Identifying and communicating with the hacker persona
- Assessing the recovery risk
- Validating the threat actor's decryption capabilities
- Deciding on an acceptable settlement range with the victim and the insurance provider
- Establishing a settlement and schedule with the threat actor
- Verifying accordance with anti-money laundering (AML) laws
- Managing the crypto-currency disbursement to the TA
- Receiving, reviewing, and operating the TA's decryption tool
- If needed, contacting the hacker for assistance with the decryptor utility
Once the decryption tool has been mastered, Progent can assist you to recover computers and software services to their pre-arrack condition. Progent can also assist you to perform a complete forensics analysis and generate a document to share with the insurance provider. This report identifies cybersecurity vulnerabilities that need to be corrected and recommends actions that should be taken to block subsequent ransomware attacks.
- Isolating affected endpoints to arrest the progress of the attack
- Creating digital copies of every breached device and data store in order to perform forensics without interfering with cleanup
- Installing anti-virus protection to all clean endpoints
- Restoring files from air-gapped restores or unscathed machines
- Creating a clean recovery environment
- Mapping and reconnecting drives to reflect precisely their pre-attack condition
In addition to extorting money for a decryption tool, modern variants of crypto-ransomware like Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly attempt to steal (or "exfiltrate") files. TAs are then able to demand an additional settlement for not divulging this information on the dark web. Sadly, there exists no way to prove that exfiltrated data have been totally erased by the TA. Actually, in many cases the threat actor has little control over where the information ends up. Settling an exfiltration ransom does not free you from the necessity of seeking the guidance of privacy attorneys, conducting an inventory of data were compromised, and performing the required notifications to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered online and onsite network services throughout the U.S. for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of SBEs includes consultants who have earned advanced certifications in foundation technologies such as Cisco networking, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned industry-recognized certifications including CISA, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also has guidance in financial management and Enterprise Resource Planning applications. This breadth of skills gives Progent the ability to salvage and consolidate the undamaged parts of your information system following a ransomware attack and rebuild them quickly into a functioning system. Progent has worked with top insurance carriers including Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Services in Cincinnati
To get in touch with Progent about crypto-ransomware settlement expertise in Cincinnati, call Progent at 800-462-8800 or go to Contact Progent.