Overview of Progent's Ransomware Negotiation Services in Phoenix
Progent has experience negotiating ransomware settlements with threat actors. Reaching an optimum settlement is a complicated exercise that calls for a combination of field experience, IT skills and business savvy. It also calls for close co-operation with the victim's IT team and the insurance provider, if any. Since the top goal of the ransomware target is operational continuity, it is critical to establish response groups that operate effectively, concurrently, and in close communication. Progent offers the breadth of technical knowledge and the depth of personnel to supplement your IT support team and recover your network environment quickly and affordably.
Services available from Progent's ransomware negotiation experts include:
Concurrent with the ransom negotiations, Progent's ransomware staff can help with:
- Establishing the type of ransomware used in the attack
- identifying and contacting the hacker persona
- Assessing the recovery risk
- Testing the threat actor's decryption tool
- Budgeting a settlement payment with the victim and the cyber insurance provider
- Negotiating a settlement amount and timeline with the TA
- Checking compliance with anti-money laundering (AML) sanctions
- Overseeing the crypto-currency payment to the hacker
- Receiving, reviewing, and operating the hacker's decryptor tool
- If needed, contacting the hacker for technical help with the decryptor utility
Once the decryption utility has been mastered, Progent can assist you to recover computers and services to their pre-arrack condition. Progent can also assist you to perform a forensics investigation and generate a report to share with the insurance provider. This report helps you to understand cybersecurity gaps that must be eliminated and suggests steps that can be taken to combat subsequent ransomware assaults.
- Quarantining affected endpoints to prevent further spread of the attack
- Creating replicas of every infected server and endpoint and data store to allow forensics in parallel with recovery
- Installing anti-virus protection to all clean endpoints
- Recovering files from air-gapped restores or unscathed endpoints
- Creating a clean environment
- Remapping and connecting datastores to reflect precisely their pre-encryption condition
Beyond demanding money for a decryption tool, current strains of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Egregor commonly try to steal (or "exfiltrate") files. TAs can then require a separate ransom in exchange for not divulging this data on the dark web. Unfortunately, there exists no method to guarantee that exfiltrated files have been totally deleted by the TA. In fact, in numerous cases the TA has little say about data custody. Settling an exfiltration ransom does not free you from the necessity of seeking the guidance of privacy lawyers, conducting an audit on which files were taken, and sending the mandated notifications to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has delivered online and onsite network services throughout the United States for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes professionals who have earned high-level certifications in foundation technologies including Cisco infrastructure, VMware, and popular Linux distros. Progent's data security experts have earned prestigious certifications such as CISA, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also has top-tier support in financial management and ERP applications. This breadth of expertise allows Progent to salvage and consolidate the undamaged parts of your information system after a ransomware attack and reconstruct them rapidly into a functioning network. Progent has collaborated with top cyber insurance carriers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Expertise in Phoenix
To contact with Progent about ransomware settlement negotiation expertise in Phoenix, call Progent at 800-462-8800 or go to Contact Progent.