Progent's Ransomware Settlement Negotiation Consulting in Santos
Progent has experience negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complicated exercise that requires a mix of field experience, IT skills and business savvy. It also demands working closely with the cyber-extortion target's IT staff and the insurance provider, if any. Since the top goal of the ransomware target is operational continuity, it is vital to establish recovery teams that operate effectively, in parallel, and with intimate collaboration. Progent offers the scope of IT skills and the deep bench of experts to supplement your network support team and restore your network environment rapidly and affordably.
Services provided by Progent's ransomware settlement negotiation experts include:
Concurrent with the settlement negotiations, Progent's ransomware team can assist with:
- Establishing the kind of ransomware involved in the assault
- identifying and contacting the hacker persona
- Evaluating the recovery risk
- Verifying the hacker's decryption tool
- Deciding on an acceptable settlement with the ransomware victim and the insurance carrier
- Establishing a settlement amount and timeline with the TA
- Confirming accordance with anti-money laundering laws
- Overseeing the crypto-currency disbursement to the TA
- Acquiring, reviewing, and using the threat actor's decryptor utility
- If necessary, contacting the hacker for assistance with the decryptor tool
Once the decryption utility has been mastered, Progent can assist you to recover physical and virtual devices and services to their original condition. Progent can also assist you to perform a complete forensics analysis and create a report to share with the cyber insurance provider. This document helps you to understand security gaps that must be eliminated and suggests steps that should be performed to combat subsequent ransomware attacks.
- Isolating infected endpoints to prevent further progress of the attack
- Making replicas of each compromised server and endpoint and data store to allow forensics in parallel with cleanup
- Adding anti-virus protection to all clean endpoints
- Recovering data from offline restores or unscathed endpoints
- Creating a clean recovery environment
- Remapping and connecting drives to match precisely their pre-attack condition
Paying Exfiltration Ransoms
Beyond demanding payment for a decryption tool, current variants of ransomware like Ryuk, Maze, DopplePaymer, and Egregor often attempt to steal (or "exfiltrate") files. TAs can then demand an extra settlement in exchange for not publishing this data on the dark web. Unfortunately, there is no way to prove that exfiltrated data have been completely deleted by the threat actor. Actually, in many cases the hacker has limited control over the disposition of the data. Paying an exfiltration ransom does not free you from the need for seeking the advice of privacy lawyers, performing an inventory of files were compromised, and carrying out the required alerts to affected entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered remote and onsite network services throughout the United States for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes professionals who have earned high-level certifications in foundation technology platforms such as Cisco networking, VMware virtualization, and popular Linux distros. Progent's data security experts have earned internationally recognized certifications such as CISM, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial and ERP application software. This scope of skills gives Progent the ability to salvage and consolidate the surviving parts of your network following a ransomware attack and reconstruct them quickly into a viable system. Progent has worked with top insurance carriers like Chubb to assist businesses recover from ransomware assaults.
Contact Progent about Ransomware Settlement Expertise in Santos
To get in touch with Progent about ransomware settlement negotiation guidance in Santos, phone Progent at 800-462-8800 or go to Contact Progent.