Progent's Ransomware Negotiation Services in San Juan
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complex exercise that calls for a combination of field experience, technical skills and business savvy. It also demands close co-operation with the cyber-extortion target's IT staff and the insurance provider, if any. Since the number one priority of the ransomware victim is operational continuity, it is vital to establish response groups that operate efficiently, concurrently, and with intimate collaboration. Progent has the breadth of IT skills and the deep bench of personnel to supplement your IT support team and recover your network rapidly and economically.
Support available from Progent's ransomware negotiation experts include:
In parallel with the ransom negotiations, Progent's ransomware staff can help with:
- Determining the kind of ransomware involved in the assault
- making contact with the hacker persona
- Evaluating the recovery risk
- Testing the hacker's decryption tool
- Agreeing on a settlement amount with the victim and the cyber insurance carrier
- Establishing a settlement and schedule with the TA
- Confirming compliance with anti-money laundering (AML) regulations
- Carrying out the crypto-currency payment to the TA
- Receiving, reviewing, and operating the TA's decryptor tool
- If needed, contacting the threat actor for technical assistance with the decryption utility
After the decryption utility has been learned, Progent can help you to recover physical and virtual devices and services to their pre-arrack state. Progent can also help you to perform a complete forensics analysis and generate a document to deliver to the insurance carrier. This report helps you to understand cybersecurity vulnerabilities that must be eliminated and suggests actions that should be performed to combat future ransomware attacks.
- Isolating affected endpoints to prevent further spread of the attack
- Making replicas of each compromised device and data store to allow forensics in parallel with restoration
- Installing A/V protection to all virus-free endpoints
- Recovering files from offline backups or unscathed endpoints
- Creating a clean recovery environment
- Remapping and connecting drives to match exactly their pre-encryption state
Beyond demanding money for a decryption utility, modern strains of ransomware like Ryuk, Maze, DopplePaymer, and Egregor often try to steal (or "exfiltrate") files. TAs can then require an extra ransom in exchange for not posting this information or selling it. Sadly, there is no method to prove that exfiltrated files have been completely deleted by the threat actor. In fact, in numerous cases the TA has limited say about where the information ends up. Settling an exfiltration ransom does not free you from the necessity of engaging the advice of privacy attorneys, performing an inventory of data were taken, and performing the necessary alerts to affected entities. In general, paying an exfiltration ransom is not recommended.
Progent has delivered online and on-premises network services throughout the United States for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SBEs) includes consultants who have been awarded advanced certifications in core technologies including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned prestigious certifications including CISA, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial management and ERP software. This breadth of expertise gives Progent the ability to salvage and integrate the surviving parts of your information system after a ransomware assault and reconstruct them quickly into an operational network. Progent has worked with top insurance providers including Chubb to help organizations recover from ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Expertise in San Juan
To contact with Progent about crypto-ransomware settlement negotiation guidance in San Juan, phone Progent at 800-462-8800 or go to Contact Progent.