Overview of Progent's Ransomware Settlement Negotiation Services in Oakland
Progent has experience negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complex activity that requires a combination of field experience, IT skills and business savvy. It also requires working closely with the victim's IT staff and the insurance carrier, if any. Because the number one priority of the ransomware victim is operational continuity, it is critical to deploy response groups that work efficiently, in parallel, and in close communication. Progent has the scope of IT knowledge and the deep bench of experts to supplement your network support team and restore your network environment rapidly and affordably.
Support offered by Progent's ransomware negotiation team include:
Concurrent with the settlement negotiations, Progent's ransomware team can help with:
- Determining the kind of ransomware used in the attack
- identifying and contacting the hacker persona
- Evaluating the likelihood of recovery
- Testing the threat actor's decryption tool
- Budgeting a settlement payment with the ransomware victim and the insurance carrier
- Negotiating a settlement and schedule with the threat actor
- Confirming accordance with anti-money laundering laws
- Managing the crypto-currency disbursement to the TA
- Acquiring, learning, and operating the TA's decryption utility
- If necessary, contacting the threat actor for technical assistance with the decryptor utility
After the decryption tool has been mastered, Progent can assist you to restore computers and services to their pre-arrack state. Progent can also help you to conduct a full forensic review and create a document to deliver to the cyber insurance carrier. This report identifies cybersecurity gaps that must be fixed and recommends steps that should be taken to block future ransomware attacks.
- Quarantining infected endpoints to prevent further progress of the assault
- Creating replicas of each compromised device and data store in order to perform forensics without interfering with cleanup
- Installing anti-virus protection to all clean endpoints
- Recovering data from air-gapped backups or unscathed machines
- Building a clean environment
- Remapping and reconnecting drives to match precisely their pre-attack condition
Paying Exfiltration Ransoms
In addition to demanding payment for a decryption utility, current variants of ransomware such as Ryuk, Maze, Netwalker, and Egregor often try to steal (or "exfiltrate") information. TAs are then able to require an additional payment in exchange for not posting this data or selling it. Sadly, there is no way to prove that stolen data have been totally erased by the threat actor. In fact, in many instances the TA has little control about who can access the stolen files. Paying an exfiltration ransom does not free you from the necessity of engaging the guidance of legal counsel, performing an inventory of data were stolen, and carrying out the necessary notifications to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered remote and on-premises network services across the U.S. for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes professionals who have been awarded high-level certifications in foundation technologies including Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's data security experts have earned industry-recognized certifications including CISA, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP application software. This breadth of expertise allows Progent to identify and integrate the surviving pieces of your network after a ransomware intrusion and rebuild them rapidly into an operational network. Progent has collaborated with leading cyber insurance providers including Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services in Oakland
To get in touch with Progent about crypto-ransomware settlement negotiation services in Oakland, phone Progent at 800-462-8800 or go to Contact Progent.