Overview of Progent's Ransomware Negotiation Consulting in Webster
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an optimum settlement is a complex activity that requires a combination of field experience, technical knowledge and business acumen. It also requires close co-operation with the victim's IT team and the insurance carrier, if there is one. Since the number one goal of the ransomware victim is operational continuity, it is critical to deploy response groups that operate efficiently, concurrently, and with intimate collaboration. Progent has the breadth of IT knowledge and the depth of experts to complement your network staff and recover your network quickly and economically.
Services offered by Progent's ransomware settlement negotiation team include:
In parallel with the ransom negotiations, Progent's ransomware staff can assist with:
- Determining the kind of ransomware used in the attack
- identifying and contacting the hacker persona
- Evaluating the recovery risk
- Testing the threat actor's decryption tool
- Budgeting a settlement amount with the victim and the insurance provider
- Establishing a settlement amount and schedule with the threat actor
- Confirming compliance with anti-money laundering regulations
- Managing the crypto-currency payment to the hacker
- Acquiring, reviewing, and using the hacker's decryption mechanism
- If needed, contacting the threat actor for technical help with the decryptor utility
After the decryption utility has been learned, Progent can assist you to restore physical and virtual devices and software services to their original state. Progent can also help you to conduct a full forensic review and create a report to share with the cyber insurance provider. This report helps you to understand security vulnerabilities that must be fixed and recommends actions to be taken to combat future ransomware assaults.
- Isolating affected endpoints to arrest the spread of the assault
- Making digital copies of every infected server and endpoint and data store to allow forensics in parallel with restoration
- Installing A/V protection to all clean endpoints
- Recovering data from air-gapped backups or unscathed endpoints
- Building a pristine environment
- Mapping and connecting datastores to reflect exactly their pre-encryption state
Settling Exfiltration Ransoms
In addition to demanding money for a decryption tool, modern variants of ransomware like Ryuk, Maze, Netwalker, and Nephilim commonly try to steal (or "exfiltrate") information. Hackers can then demand an additional ransom in exchange for not publishing this data or selling it. Sadly, there exists no way to prove that exfiltrated files have been completely erased by the TA. In fact, in many instances the hacker has little say over who can access the stolen files. Paying an exfiltration ransom does not free you from the need for engaging the advice of privacy lawyers, performing an investigation into which data were stolen, and sending the required alerts to affected entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises IT services across the United States for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have been awarded high-level certifications in foundation technologies including Cisco networking, VMware virtualization, and major distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and ERP applications. This scope of skills gives Progent the ability to salvage and integrate the surviving pieces of your network following a ransomware assault and reconstruct them rapidly into a functioning system. Progent has worked with top insurance carriers like Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services in Webster
To contact with Progent about ransomware settlement services in Webster, call Progent at 800-462-8800 or go to Contact Progent.