Progent's Ransomware Settlement Negotiation Consulting in Mesa
Progent has experience negotiating ransomware settlements with hackers. Negotiating an optimum settlement is a complicated activity that calls for a combination of real-word experience, technical skills and business savvy. It also requires close co-operation with the ransomware victim's IT staff and the insurance carrier, if any. Because the number one priority of the ransomware target is operational continuity, it is critical to deploy response groups that operate efficiently, concurrently, and in close communication. Progent offers the breadth of IT skills and the depth of experts to supplement your IT staff and recover your network quickly and economically.
Services offered by Progent's ransomware settlement experts include:
Concurrent with the settlement negotiations, Progent's ransomware team can help with:
- Determining the kind of ransomware used in the attack
- Identifying and communicating with the hacker
- Assessing the recovery risk
- Verifying the TA's decryption tool
- Agreeing on a settlement range with the ransomware victim and the insurance provider
- Establishing a settlement amount and schedule with the hacker
- Confirming compliance with anti-money laundering (AML) sanctions
- Managing the crypto-currency transfer to the hacker
- Acquiring, reviewing, and operating the TA's decryption mechanism
- If necessary, contacting the hacker for technical help with the decryption utility
Once the decryption utility has been learned, Progent can assist you to recover computers and services to their pre-arrack state. Progent can also assist you to conduct a forensics investigation and generate a document to share with the insurance provider. This report helps you to understand cybersecurity gaps that must be eliminated and suggests steps that should be taken to combat future ransomware attacks.
- Isolating affected endpoints to arrest the spread of the attack
- Making digital copies of every breached server and endpoint and data store to allow forensics without interfering with cleanup
- Adding anti-virus agents to all clean endpoints
- Recovering data from air-gapped backups or unscathed endpoints
- Building a clean recovery environment
- Mapping and connecting drives to match precisely their pre-attack state
Paying Exfiltration Ransoms
In addition to demanding money for a decryption tool, current variants of ransomware like Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly try to steal (or "exfiltrate") files. Hackers can then demand a separate settlement in exchange for not divulging this data or selling it. Sadly, there is no way to guarantee that stolen data have been completely erased by the threat actor. Actually, in numerous instances the TA has little control about data custody. Settling an exfiltration ransom does not eliminate the need for engaging the advice of legal counsel, conducting an audit on which files were taken, and performing the necessary alerts to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises IT services across the U.S. for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded high-level certifications in core technology platforms including Cisco infrastructure, VMware, and major distributions of Linux. Progent's data security consultants have earned prestigious certifications including CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial and ERP software. This breadth of expertise allows Progent to salvage and integrate the undamaged pieces of your network after a ransomware intrusion and reconstruct them quickly into a functioning system. Progent has collaborated with top cyber insurance providers like Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Negotiation Expertise in Mesa
To contact with Progent about ransomware settlement guidance in Mesa, call Progent at 800-462-8800 or go to Contact Progent.