Overview of Progent's Ransomware Negotiation Services in Addison
Progent is experienced in negotiating ransomware settlements with hackers. Negotiating an acceptable settlement is a complicated activity that calls for a combination of real-word experience, IT skills and business savvy. It also requires working closely with the cyber-extortion target's IT staff and the cyber insurance carrier, if there is one. Because the number one goal of the ransomware victim is operational continuity, it is critical to deploy response groups that operate effectively, concurrently, and in close communication. Progent has the breadth of IT knowledge and the deep bench of personnel to supplement your network staff and recover your network environment quickly and affordably.
Services provided by Progent's ransomware negotiation experts include:
In parallel with the settlement negotiations, Progent's ransomware staff can help with:
- Determining the type of ransomware used in the assault
- Identifying and communicating with the hacker
- Evaluating the recovery risk
- Verifying the TA's decryption tool
- Agreeing on a settlement payment with the victim and the insurance carrier
- Establishing a settlement and schedule with the hacker
- Confirming adherence to anti-money laundering regulations
- Carrying out the crypto-currency transfer to the TA
- Receiving, learning, and operating the hacker's decryption tool
- If needed, contacting the hacker for technical assistance with the decryptor utility
After the decryption utility has been learned, Progent can help you to recover machines and services to their pre-arrack state. Progent can also assist you to perform a full forensic review and generate a document to deliver to the cyber insurance provider. This report helps you to understand cybersecurity gaps that need to be corrected and recommends actions that can be taken to combat subsequent ransomware attacks.
- Quarantining affected endpoints and data stores to arrest the spread of the assault
- Making digital copies of each breached device and data store in order to perform forensics in parallel with recovery
- Adding anti-virus protection to all clean endpoints
- Recovering data from air-gapped backups or unscathed endpoints
- Building a clean environment
- Mapping and reconnecting datastores to reflect precisely their pre-attack condition
Settling Exfiltration Ransoms
In addition to extorting money for a decryption utility, modern variants of crypto-ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly attempt to steal (or "exfiltrate") files. Hackers are then able to demand an additional payment for not publishing this data on the dark web. Sadly, there exists no way to guarantee that stolen data have been completely erased by the threat actor. In fact, in many cases the hacker has little control about who can access the stolen files. Paying an exfiltration ransom does not eliminate the necessity of seeking the advice of legal counsel, conducting an investigation into which files were taken, and carrying out the required alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided remote and onsite network services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have earned high-level certifications in core technology platforms such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's data security experts have earned prestigious certifications such as CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial management and Enterprise Resource Planning software. This breadth of expertise gives Progent the ability to identify and integrate the undamaged parts of your IT environment after a ransomware intrusion and rebuild them quickly into a viable network. Progent has collaborated with top insurance carriers like Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Expertise in Addison
To get in touch with Progent about ransomware settlement expertise in Addison, phone Progent at 800-462-8800 or go to Contact Progent.