Progent's Ransomware Negotiation Services in Clearwater
Progent has experience negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complicated exercise that requires a combination of real-word experience, IT skills and business savvy. It also calls for working closely with the cyber-extortion target's IT team and the insurance carrier, if any. Since the number one priority of the ransomware victim is operational continuity, it is critical to establish recovery teams that operate efficiently, concurrently, and in close communication. Progent offers the scope of IT skills and the deep bench of personnel to supplement your network staff and recover your network environment quickly and affordably.
Support provided by Progent's ransomware settlement team include:
Concurrent with the settlement negotiations, Progent's ransomware team can assist with:
- Determining the type of ransomware used in the attack
- making contact with the hacker persona
- Evaluating the recovery risk
- Verifying the TA's decryption capabilities
- Deciding on an acceptable settlement with the victim and the cyber insurance carrier
- Establishing a settlement and timeline with the threat actor
- Verifying adherence to anti-money laundering regulations
- Managing the crypto-currency transfer to the hacker
- Acquiring, learning, and operating the hacker's decryptor mechanism
- If needed, contacting the TA for assistance with the decryption tool
Once the decryption tool has been learned, Progent can help you to recover computers and services to their pre-arrack condition. Progent can also help you to conduct a forensics investigation and create a document to share with the cyber insurance carrier. This report identifies cybersecurity gaps that need to be fixed and suggests steps that should be taken to counter future ransomware attacks.
- Quarantining affected endpoints to arrest the spread of the attack
- Creating replicas of every compromised server and endpoint and data store to allow forensics without interfering with recovery
- Installing anti-virus agents to all virus-free endpoints
- Recovering files from air-gapped backups or unscathed endpoints
- Building a clean environment
- Mapping and reconnecting drives to match exactly their pre-attack condition
In addition to extorting money for a decryption tool, current variants of ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Egregor often try to exfiltrate files. Hackers can then require an additional settlement in exchange for not posting this data or selling it. Sadly, there is no method to prove that exfiltrated files have been completely deleted by the TA. Actually, in many cases the TA has little control about where the information ends up. Paying an exfiltration ransom does not free you from the necessity of seeking the guidance of privacy lawyers, conducting an audit on which data were taken, and carrying out the mandated notifications to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered online and onsite IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have been awarded high-level certifications in core technology platforms such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned industry-recognized certifications including CISA, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning applications. This broad array of expertise gives Progent the ability to identify and consolidate the undamaged pieces of your IT environment following a ransomware attack and rebuild them rapidly into an operational network. Progent has collaborated with top insurance carriers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services in Clearwater
To contact with Progent about crypto-ransomware settlement negotiation expertise in Clearwater, call Progent at 800-462-8800 or go to Contact Progent.