Overview of Progent's Ransomware Settlement Negotiation Consulting in Cincinnati
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complex exercise that requires a combination of field experience, IT skills and business acumen. It also requires working closely with the victim's IT staff and the insurance carrier, if any. Since the number one priority of the ransomware victim is fast recovery, it is vital to deploy recovery groups that work efficiently, concurrently, and with intimate collaboration. Progent offers the scope of technical skills and the deep bench of experts to complement your network support team and recover your network environment quickly and economically.
Support available from Progent's ransomware negotiation team include:
Concurrent with the ransom negotiations, Progent's ransomware team can help with:
- Establishing the type of ransomware used in the assault
- identifying and contacting the hacker persona
- Evaluating the recovery risk
- Validating the hacker's decryption tool
- Deciding on an acceptable settlement range with the victim and the insurance provider
- Negotiating a settlement amount and schedule with the hacker
- Confirming adherence to anti-money laundering (AML) laws
- Overseeing the crypto-currency payment to the hacker
- Receiving, reviewing, and using the TA's decryptor mechanism
- If needed, contacting the TA for assistance with the decryption tool
After the decryption tool has been mastered, Progent can assist you to recover computers and services to their original state. Progent can also assist you to conduct a full forensic review and generate a report to deliver to the insurance carrier. This document identifies cybersecurity vulnerabilities that need to be corrected and suggests actions that should be performed to counter future ransomware attacks.
- Isolating affected endpoints to prevent further progress of the assault
- Making digital copies of every compromised server and endpoint and data store to allow forensics in parallel with cleanup
- Adding anti-virus agents to all virus-free endpoints
- Salvaging data from offline restores or uncompromised endpoints
- Creating a clean environment
- Remapping and reconnecting drives to match exactly their pre-attack state
Paying Exfiltration Ransoms
Beyond demanding payment for a decryption tool, modern strains of crypto-ransomware like Ryuk, Maze, Netwalker, and Egregor commonly attempt to steal (or "exfiltrate") information. Hackers can then require an additional settlement in exchange for not posting this data on the dark web. Unfortunately, there is no way to be certain that exfiltrated files have been totally deleted by the TA. Actually, in numerous instances the hacker has little control about who can access the stolen files. Paying an exfiltration ransom does not eliminate the necessity of getting the advice of legal counsel, performing an investigation into which files were stolen, and sending the necessary notifications to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided remote and on-premises network services across the United States for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes professionals who have earned advanced certifications in core technologies such as Cisco infrastructure, VMware, and popular distributions of Linux. Progent's data security experts have earned prestigious certifications including CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial management and Enterprise Resource Planning software. This breadth of expertise allows Progent to identify and consolidate the surviving parts of your network following a ransomware intrusion and rebuild them quickly into an operational network. Progent has worked with leading cyber insurance carriers like Chubb to help businesses recover from ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Guidance in Cincinnati
To contact with Progent about crypto-ransomware settlement negotiation guidance in Cincinnati, call Progent at 800-462-8800 or go to Contact Progent.