Overview of Progent's Ransomware Settlement Negotiation Services in Madison
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an optimum settlement is a complicated activity that calls for a combination of field experience, IT skills and business savvy. It also demands working closely with the victim's IT staff and the cyber insurance provider, if any. Because the top priority of the ransomware target is fast recovery, it is vital to establish response groups that operate effectively, in parallel, and with intimate collaboration. Progent offers the scope of IT skills and the depth of experts to supplement your IT support team and recover your network environment quickly and economically.
Services offered by Progent's ransomware settlement negotiation team include:
Concurrent with the ransom negotiations, Progent's ransomware team can help with:
- Establishing the type of ransomware involved in the attack
- identifying and contacting the hacker
- Assessing the likelihood of recovery
- Testing the hacker's decryption capabilities
- Determining a settlement with the ransomware victim and the cyber insurance provider
- Negotiating a settlement amount and schedule with the TA
- Confirming accordance with anti-money laundering (AML) sanctions
- Carrying out the crypto-currency transfer to the TA
- Acquiring, reviewing, and operating the hacker's decryptor utility
- If needed, contacting the TA for technical assistance with the decryption utility
After the decryption tool has been learned, Progent can assist you to restore physical and virtual devices and services to their original state. Progent can also assist you to perform a complete forensics analysis and create a document to deliver to the cyber insurance provider. This document helps you to understand security vulnerabilities that need to be corrected and suggests steps that can be performed to combat subsequent ransomware attacks.
- Quarantining affected endpoints to arrest the spread of the attack
- Creating replicas of every breached server and endpoint and data store to allow forensics in parallel with restoration
- Adding anti-virus agents to all virus-free endpoints
- Restoring files from air-gapped restores or uncompromised endpoints
- Building a clean environment
- Mapping and reconnecting drives to reflect exactly their pre-encryption state
Paying Exfiltration Ransoms
Beyond extorting money for a decryption utility, modern variants of crypto-ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor commonly attempt to exfiltrate files. Hackers are then able to require an additional payment for not publishing this data on the dark web. Sadly, there is no way to be certain that exfiltrated data have been totally deleted by the TA. In fact, in numerous cases the threat actor has limited control about data custody. Paying an exfiltration ransom does not eliminate the need for engaging the advice of privacy attorneys, performing an inventory of files were stolen, and sending the mandated alerts to affected entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has provided remote and onsite IT services across the United States for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SBEs includes consultants who have earned high-level certifications in foundation technologies including Cisco networking, VMware virtualization, and major distributions of Linux. Progent's data security experts have earned industry-recognized certifications including CISM, CISSP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial and ERP software. This broad array of expertise gives Progent the ability to salvage and consolidate the undamaged pieces of your network after a ransomware assault and rebuild them rapidly into a functioning network. Progent has collaborated with leading cyber insurance carriers including Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Negotiation Guidance in Madison
To contact with Progent about ransomware settlement negotiation guidance in Madison, call Progent at 800-462-8800 or go to Contact Progent.