Progent's Ransomware Negotiation Consulting in Calgary
Progent is experienced in negotiating ransomware settlements with hackers. Negotiating an acceptable settlement is a complex exercise that requires a mix of real-word experience, technical knowledge and business savvy. It also demands working closely with the cyber-extortion target's IT team and the cyber insurance carrier, if any. Because the top goal of the ransomware target is operational continuity, it is critical to establish recovery teams that work effectively, in parallel, and with intimate collaboration. Progent offers the breadth of technical knowledge and the deep bench of experts to supplement your IT staff and restore your network rapidly and economically.
Support available from Progent's ransomware settlement experts include:
Concurrent with the ransom negotiations, Progent's ransomware team can assist with:
- Determining the kind of ransomware involved in the assault
- making contact with the hacker persona
- Evaluating the likelihood of recovery
- Verifying the TA's decryption capabilities
- Budgeting a settlement with the ransomware victim and the cyber insurance provider
- Establishing a settlement and schedule with the TA
- Checking compliance with anti-money laundering (AML) laws
- Managing the crypto-currency disbursement to the hacker
- Acquiring, learning, and using the threat actor's decryption mechanism
- If necessary, contacting the TA for technical help with the decryptor tool
After the decryption tool has been mastered, Progent can help you to restore physical and virtual devices and software services to their original condition. Progent can also help you to perform a full forensic review and create a report to deliver to the cyber insurance provider. This report helps you to understand security gaps that must be corrected and suggests actions that should be taken to block subsequent ransomware assaults.
- Quarantining infected endpoints to arrest the progress of the attack
- Creating digital copies of each infected device and data store to allow forensics without interfering with recovery
- Adding anti-virus agents to all virus-free endpoints
- Restoring data from air-gapped backups or uncompromised endpoints
- Building a pristine recovery environment
- Remapping and reconnecting datastores to reflect precisely their pre-encryption condition
Paying Exfiltration Ransoms
In addition to demanding money for a decryption utility, current variants of ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor commonly try to steal (or "exfiltrate") information. Hackers are then able to demand an extra ransom for not publishing this information on the dark web. Sadly, there is no way to prove that exfiltrated files have been totally deleted by the TA. In fact, in many instances the TA has little control about where the information ends up. Settling an exfiltration ransom does not free you from the necessity of seeking the advice of privacy lawyers, performing an inventory of files were compromised, and performing the required alerts to affected entities. In almost all cases, paying an exfiltration ransom is a waste.
Progent has delivered remote and onsite IT services throughout the United States for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have earned high-level certifications in core technology platforms including Cisco infrastructure, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also has top-tier support in financial and Enterprise Resource Planning application software. This breadth of skills gives Progent the ability to identify and integrate the surviving pieces of your information system following a ransomware intrusion and reconstruct them quickly into a viable system. Progent has worked with leading cyber insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Expertise in Calgary
To get in touch with Progent about ransomware settlement negotiation services in Calgary, phone Progent at 800-462-8800 or go to Contact Progent.