Overview of Progent's Ransomware Settlement Negotiation Consulting in Skokie
Progent has experience negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complex activity that requires a mix of field experience, IT skills and business savvy. It also demands working closely with the ransomware victim's IT team and the insurance provider, if any. Since the top goal of the ransomware target is fast recovery, it is vital to establish response groups that work effectively, concurrently, and in close communication. Progent has the breadth of IT skills and the depth of personnel to supplement your network staff and recover your network environment rapidly and affordably.
Services offered by Progent's ransomware settlement experts include:
In parallel with the ransom negotiations, Progent's ransomware staff can help with:
- Establishing the type of ransomware used in the attack
- Identifying and communicating with the hacker persona
- Assessing the likelihood of recovery
- Testing the threat actor's decryption capabilities
- Deciding on an acceptable settlement range with the victim and the cyber insurance provider
- Establishing a settlement amount and timeline with the threat actor
- Checking accordance with anti-money laundering (AML) laws
- Carrying out the crypto-currency disbursement to the TA
- Acquiring, learning, and operating the threat actor's decryption utility
- If necessary, contacting the TA for technical assistance with the decryption tool
After the decryption tool has been mastered, Progent can help you to recover machines and services to their pre-arrack condition. Progent can also assist you to conduct a full forensic review and create a document to deliver to the cyber insurance provider. This report helps you to understand security vulnerabilities that must be fixed and suggests steps that can be performed to combat future ransomware assaults.
- Quarantining affected endpoints to prevent further progress of the assault
- Creating replicas of every compromised server and endpoint and data store in order to perform forensics without interfering with cleanup
- Adding A/V protection to all clean endpoints
- Salvaging files from air-gapped restores or unscathed endpoints
- Building a clean environment
- Mapping and connecting drives to match precisely their pre-attack state
Settling Exfiltration Ransoms
In addition to extorting payment for a decryption utility, modern strains of crypto-ransomware like Ryuk, Sodinokibi, DopplePaymer, and Nephilim commonly attempt to steal (or "exfiltrate") files. TAs are then able to demand a separate settlement for not posting this data or selling it. Sadly, there is no method to guarantee that stolen files have been completely deleted by the threat actor. In fact, in numerous instances the hacker has little control about who can access the stolen files. Paying an exfiltration ransom does not free you from the necessity of seeking the guidance of privacy attorneys, performing an inventory of data were compromised, and carrying out the necessary notifications to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered remote and on-premises IT services across the U.S. for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have earned high-level certifications in foundation technology platforms such as Cisco infrastructure, VMware, and major Linux distros. Progent's data security experts have earned internationally recognized certifications such as CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial and Enterprise Resource Planning applications. This breadth of expertise allows Progent to salvage and integrate the undamaged parts of your IT environment following a ransomware assault and reconstruct them quickly into a viable system. Progent has worked with top insurance carriers like Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Guidance in Skokie
To contact with Progent about crypto-ransomware settlement negotiation guidance in Skokie, call Progent at 800-462-8800 or go to Contact Progent.