Progent's Ransomware Settlement Negotiation Consulting in Mesa
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Negotiating an optimum settlement is a complicated exercise that calls for a combination of real-word experience, IT knowledge and business acumen. It also demands working closely with the victim's IT team and the cyber insurance carrier, if there is one. Because the top priority of the ransomware victim is operational continuity, it is critical to deploy recovery teams that work efficiently, concurrently, and with intimate collaboration. Progent has the breadth of IT skills and the depth of personnel to supplement your network support team and recover your network environment rapidly and affordably.
Services provided by Progent's ransomware settlement experts include:
Concurrent with the ransom negotiations, Progent's ransomware team can help with:
- Determining the type of ransomware involved in the attack
- making contact with the hacker persona
- Evaluating the recovery risk
- Validating the hacker's decryption capabilities
- Agreeing on a settlement range with the victim and the cyber insurance carrier
- Establishing a settlement and timeline with the TA
- Verifying adherence to anti-money laundering (AML) regulations
- Carrying out the crypto-currency payment to the hacker
- Acquiring, learning, and operating the TA's decryption utility
- If necessary, contacting the hacker for technical help with the decryption tool
After the decryption utility has been learned, Progent can help you to recover physical and virtual devices and services to their pre-arrack state. Progent can also help you to perform a forensics investigation and generate a document to share with the cyber insurance provider. This report helps you to understand security gaps that must be corrected and recommends actions that should be performed to block subsequent ransomware assaults.
- Quarantining infected endpoints to prevent further spread of the attack
- Creating digital copies of every breached device and data store to allow forensics in parallel with cleanup
- Installing A/V agents to all virus-free endpoints
- Salvaging files from offline backups or unscathed machines
- Building a pristine environment
- Remapping and connecting drives to reflect precisely their pre-encryption state
Settling Exfiltration Ransoms
In addition to extorting money for a decryption tool, current variants of ransomware such as Ryuk, Maze, Netwalker, and Egregor commonly attempt to exfiltrate files. Hackers can then demand a separate settlement in exchange for not posting this information on the dark web. Unfortunately, there is no way to guarantee that exfiltrated files have been completely erased by the threat actor. Actually, in numerous cases the threat actor has limited control over the disposition of the data. Paying an exfiltration ransom does not eliminate the need for getting the guidance of privacy attorneys, performing an investigation into which data were stolen, and sending the required notifications to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided online and onsite IT services throughout the United States for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes professionals who have been awarded advanced certifications in foundation technology platforms such as Cisco networking, VMware, and popular distributions of Linux. Progent's data security experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning application software. This scope of skills gives Progent the ability to salvage and consolidate the undamaged parts of your IT environment following a ransomware attack and reconstruct them rapidly into a functioning system. Progent has collaborated with leading insurance providers like Chubb to help businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Guidance in Mesa
To contact with Progent about ransomware settlement negotiation expertise in Mesa, call Progent at 800-993-9400 or go to Contact Progent.