Progent's Ransomware Settlement Negotiation Consulting in Oakland
Progent is experienced in negotiating ransomware settlements with threat actors. Negotiating an optimum settlement is a complicated exercise that calls for a mix of field experience, technical knowledge and business acumen. It also requires close co-operation with the victim's IT team and the cyber insurance provider, if any. Because the number one goal of the ransomware target is operational continuity, it is vital to deploy recovery teams that operate efficiently, concurrently, and with intimate collaboration. Progent offers the scope of technical skills and the depth of personnel to complement your IT staff and recover your network rapidly and affordably.
Services available from Progent's ransomware settlement experts include:
In parallel with the ransom negotiations, Progent's ransomware staff can help with:
- Establishing the type of ransomware involved in the attack
- Identifying and communicating with the hacker
- Evaluating the likelihood of recovery
- Validating the TA's decryption tool
- Budgeting a settlement range with the ransomware victim and the insurance carrier
- Establishing a settlement and timeline with the hacker
- Checking adherence to anti-money laundering (AML) regulations
- Overseeing the crypto-currency transfer to the TA
- Receiving, reviewing, and using the threat actor's decryptor mechanism
- If necessary, contacting the threat actor for technical help with the decryption tool
After the decryption utility has been learned, Progent can assist you to restore physical and virtual devices and services to their original state. Progent can also help you to perform a full forensic review and generate a document to share with the cyber insurance provider. This document helps you to understand security vulnerabilities that must be corrected and suggests steps to be performed to counter subsequent ransomware assaults.
- Isolating affected endpoints to arrest the progress of the attack
- Creating digital copies of each compromised server and endpoint and data store in order to perform forensics without interfering with restoration
- Installing anti-virus agents to all virus-free endpoints
- Restoring data from air-gapped backups or uncompromised machines
- Building a clean environment
- Remapping and reconnecting drives to match exactly their pre-encryption condition
Beyond demanding money for a decryption utility, modern variants of ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly try to exfiltrate information. TAs can then demand an additional payment in exchange for not publishing this data or selling it. Sadly, there exists no way to prove that stolen files have been totally deleted by the threat actor. In fact, in numerous cases the threat actor has little control over the disposition of the data. Paying an exfiltration ransom does not eliminate the need for seeking the advice of privacy attorneys, performing an audit on which files were taken, and performing the required alerts to impacted entities. In general, paying an exfiltration ransom is a waste.
Progent has provided remote and on-premises network services across the U.S. for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes professionals who have been awarded advanced certifications in core technology platforms such as Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning applications. This broad array of skills allows Progent to salvage and integrate the undamaged pieces of your network after a ransomware attack and rebuild them rapidly into a viable network. Progent has worked with leading insurance carriers like Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services in Oakland
To get in touch with Progent about crypto-ransomware settlement negotiation guidance in Oakland, call Progent at 800-462-8800 or go to Contact Progent.