Overview of Progent's Ransomware Negotiation Services in Calgary
Progent has experience negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complex exercise that calls for a combination of field experience, technical skills and business savvy. It also demands close co-operation with the victim's IT staff and the cyber insurance carrier, if there is one. Since the number one priority of the ransomware target is fast recovery, it is critical to deploy recovery teams that operate effectively, in parallel, and in close communication. Progent has the breadth of IT knowledge and the deep bench of experts to supplement your network support team and restore your network rapidly and economically.
Support provided by Progent's ransomware negotiation experts include:
In parallel with the settlement negotiations, Progent's ransomware team can help with:
- Establishing the type of ransomware involved in the assault
- Identifying and communicating with the hacker persona
- Evaluating the recovery risk
- Validating the threat actor's decryption tool
- Deciding on an acceptable settlement payment with the victim and the insurance provider
- Negotiating a settlement and timeline with the threat actor
- Checking accordance with anti-money laundering (AML) sanctions
- Carrying out the crypto-currency payment to the TA
- Acquiring, reviewing, and using the threat actor's decryptor mechanism
- If necessary, contacting the threat actor for technical assistance with the decryption tool
After the decryption utility has been learned, Progent can help you to recover physical and virtual devices and services to their original state. Progent can also help you to perform a complete forensics analysis and generate a document to deliver to the insurance carrier. This report helps you to understand security gaps that must be fixed and suggests actions to be performed to block subsequent ransomware assaults.
- Quarantining infected endpoints and data stores to prevent further spread of the assault
- Creating replicas of each infected device and data store to allow forensics without interfering with recovery
- Adding A/V protection to all clean endpoints
- Recovering data from offline backups or unscathed machines
- Building a clean recovery environment
- Remapping and reconnecting datastores to reflect precisely their pre-encryption state
Settling Exfiltration Ransoms
In addition to extorting payment for a decryption utility, modern variants of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Egregor commonly attempt to exfiltrate files. Hackers can then demand an additional ransom for not divulging this data or selling it. Unfortunately, there exists no method to prove that stolen files have been totally erased by the TA. In fact, in many cases the threat actor has little control over where the information ends up. Paying an exfiltration ransom does not free you from the necessity of engaging the advice of privacy lawyers, conducting an audit on which data were stolen, and sending the required alerts to affected entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has provided remote and onsite network services across the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes professionals who have been awarded advanced certifications in core technologies including Cisco networking, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also has guidance in financial management and Enterprise Resource Planning application software. This broad array of skills gives Progent the ability to identify and integrate the surviving pieces of your network after a ransomware assault and rebuild them rapidly into an operational network. Progent has collaborated with leading insurance carriers including Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Guidance in Calgary
To get in touch with Progent about crypto-ransomware settlement services in Calgary, call Progent at 800-462-8800 or go to Contact Progent.