Overview of Progent's Ransomware Negotiation Services in Addison
Progent is experienced in negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complex activity that requires a mix of field experience, IT skills and business savvy. It also requires working closely with the victim's IT team and the insurance provider, if any. Since the top goal of the ransomware target is fast recovery, it is vital to deploy recovery teams that work efficiently, in parallel, and with intimate collaboration. Progent offers the scope of IT skills and the depth of personnel to supplement your network support team and recover your network environment rapidly and affordably.
Services provided by Progent's ransomware settlement team include:
Concurrent with the settlement negotiations, Progent's ransomware team can help with:
- Establishing the kind of ransomware used in the attack
- making contact with the hacker persona
- Evaluating the recovery risk
- Verifying the TA's decryption tool
- Deciding on an acceptable settlement with the victim and the insurance provider
- Establishing a settlement amount and schedule with the TA
- Checking adherence to anti-money laundering laws
- Carrying out the crypto-currency transfer to the TA
- Acquiring, learning, and operating the threat actor's decryption utility
- If needed, contacting the TA for assistance with the decryption tool
Once the decryption tool has been learned, Progent can assist you to recover machines and services to their original state. Progent can also assist you to conduct comprehensive forensics and create a document to deliver to the cyber insurance carrier. This report helps you to understand security vulnerabilities that must be eliminated and suggests actions that can be taken to combat future ransomware assaults.
- Quarantining affected endpoints to prevent further progress of the assault
- Creating replicas of each breached device and data store to allow forensics without interfering with cleanup
- Adding A/V protection to all clean endpoints
- Restoring files from air-gapped backups or uncompromised machines
- Creating a clean environment
- Remapping and connecting drives to reflect exactly their pre-attack state
Settling Exfiltration Ransoms
In addition to demanding payment for a decryption utility, current variants of ransomware such as Ryuk, Maze, DopplePaymer, and Egregor commonly attempt to steal (or "exfiltrate") files. Hackers are then able to demand a separate payment for not posting this data or selling it. Unfortunately, there exists no method to be certain that stolen data have been completely deleted by the TA. Actually, in numerous cases the threat actor has little control about who can access the stolen files. Paying an exfiltration ransom does not eliminate the necessity of engaging the advice of privacy lawyers, performing an audit on which files were compromised, and performing the required notifications to impacted entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has provided remote and onsite network services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SBEs) includes professionals who have earned advanced certifications in foundation technologies including Cisco networking, VMware, and popular distributions of Linux. Progent's data security consultants have earned internationally recognized certifications such as CISA, CISSP, and CRISC. (Refer to Progent's certifications). Progent also offers guidance in financial management and Enterprise Resource Planning software. This scope of expertise gives Progent the ability to identify and integrate the surviving parts of your information system after a ransomware intrusion and reconstruct them quickly into a functioning system. Progent has worked with top insurance providers including Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Guidance in Addison
To get in touch with Progent about ransomware settlement negotiation services in Addison, call Progent at 800-993-9400 or go to Contact Progent.