Progent's Ransomware Negotiation Services in Napa
Progent is experienced in negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complicated exercise that calls for a mix of real-word experience, technical skills and business savvy. It also requires working closely with the ransomware victim's IT staff and the cyber insurance provider, if any. Because the top priority of the ransomware target is operational continuity, it is critical to deploy response teams that operate effectively, in parallel, and in close communication. Progent offers the breadth of IT knowledge and the depth of personnel to complement your network support team and recover your network environment rapidly and economically.
Services offered by Progent's ransomware settlement negotiation team include:
In parallel with the ransom negotiations, Progent's ransomware team can assist with:
- Determining the type of ransomware involved in the attack
- identifying and contacting the hacker persona
- Evaluating the likelihood of recovery
- Verifying the threat actor's decryption capabilities
- Determining a settlement payment with the victim and the cyber insurance provider
- Negotiating a settlement amount and schedule with the TA
- Confirming adherence to anti-money laundering (AML) laws
- Managing the crypto-currency transfer to the TA
- Receiving, reviewing, and using the threat actor's decryption tool
- If needed, contacting the TA for assistance with the decryption utility
After the decryption tool has been learned, Progent can assist you to restore physical and virtual devices and software services to their original condition. Progent can also assist you to perform a complete forensics analysis and generate a document to deliver to the insurance provider. This document helps you to understand security gaps that must be eliminated and suggests steps to be performed to block future ransomware attacks.
- Quarantining affected endpoints and data stores to prevent further progress of the attack
- Creating digital copies of each breached device and data store to allow forensics in parallel with recovery
- Adding anti-virus protection to all clean endpoints
- Recovering data from air-gapped backups or unscathed machines
- Building a clean recovery environment
- Mapping and reconnecting drives to match precisely their pre-attack state
In addition to extorting money for a decryption utility, current variants of ransomware like Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly try to steal (or "exfiltrate") files. TAs are then able to require a separate payment in exchange for not divulging this information on the dark web. Unfortunately, there is no way to guarantee that exfiltrated data have been totally deleted by the TA. In fact, in many cases the TA has limited control over where the information ends up. Paying an exfiltration ransom does not eliminate the necessity of seeking the advice of privacy attorneys, conducting an audit on which files were stolen, and performing the required notifications to affected entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided online and onsite IT services across the United States for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have been awarded advanced certifications in foundation technology platforms including Cisco networking, VMware, and major distributions of Linux. Progent's data security consultants have earned internationally recognized certifications including CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial and ERP applications. This breadth of expertise gives Progent the ability to identify and integrate the undamaged pieces of your information system after a ransomware intrusion and reconstruct them quickly into a viable system. Progent has worked with top insurance carriers like Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Guidance in Napa
To get in touch with Progent about ransomware settlement services in Napa, phone Progent at 800-462-8800 or go to Contact Progent.