Progent's Ransomware Negotiation Services in Mesa
Progent has experience negotiating ransomware settlements with threat actors. Reaching an optimum settlement is a complicated exercise that calls for a mix of real-word experience, technical skills and business savvy. It also calls for close co-operation with the ransomware victim's IT team and the cyber insurance provider, if there is one. Since the top goal of the ransomware victim is operational continuity, it is critical to establish recovery teams that operate effectively, concurrently, and with intimate collaboration. Progent offers the scope of technical knowledge and the deep bench of experts to complement your IT staff and recover your network quickly and affordably.
Support provided by Progent's ransomware settlement experts include:
In parallel with the settlement negotiations, Progent's ransomware team can assist with:
- Establishing the type of ransomware involved in the assault
- making contact with the hacker
- Assessing the likelihood of recovery
- Validating the threat actor's decryption tool
- Budgeting a settlement range with the ransomware victim and the insurance provider
- Negotiating a settlement and timeline with the hacker
- Checking adherence to anti-money laundering (AML) regulations
- Overseeing the crypto-currency payment to the hacker
- Receiving, reviewing, and using the threat actor's decryption tool
- If needed, contacting the TA for technical help with the decryptor utility
Once the decryption utility has been learned, Progent can help you to restore machines and services to their original condition. Progent can also assist you to perform a forensics investigation and generate a document to deliver to the cyber insurance provider. This document helps you to understand security vulnerabilities that must be corrected and suggests actions that should be taken to block subsequent ransomware attacks.
- Quarantining affected endpoints to prevent further spread of the attack
- Creating digital copies of every infected device and data store to allow forensics without interfering with restoration
- Adding anti-virus agents to all virus-free endpoints
- Restoring data from air-gapped restores or unscathed endpoints
- Building a clean recovery environment
- Remapping and connecting drives to match exactly their pre-encryption state
Paying Exfiltration Ransoms
Beyond extorting money for a decryption tool, modern variants of crypto-ransomware such as Ryuk, Sodinokibi, Netwalker, and Nephilim commonly try to exfiltrate information. TAs can then demand an extra payment for not posting this data or selling it. Sadly, there is no way to prove that stolen files have been totally erased by the TA. In fact, in numerous instances the hacker has limited control about who can access the stolen files. Paying an exfiltration ransom does not free you from the necessity of engaging the guidance of privacy attorneys, conducting an audit on which data were taken, and sending the mandated alerts to affected entities. In almost all cases, paying an exfiltration ransom is a waste.
Progent has provided remote and on-premises network services across the U.S. for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have earned advanced certifications in core technology platforms including Cisco infrastructure, VMware, and major Linux distros. Progent's data security experts have earned prestigious certifications such as CISA, CISSP, and GIAC. (Refer to Progent's certifications). Progent also offers top-tier support in financial management and ERP software. This scope of expertise gives Progent the ability to salvage and integrate the undamaged pieces of your network after a ransomware intrusion and reconstruct them rapidly into a viable network. Progent has collaborated with leading cyber insurance providers including Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Expertise in Mesa
To contact with Progent about crypto-ransomware settlement expertise in Mesa, call Progent at 800-462-8800 or go to Contact Progent.