Progent's Ransomware Settlement Negotiation Services in Ipanema
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an acceptable settlement is a complicated exercise that requires a mix of real-word experience, technical knowledge and business savvy. It also calls for close co-operation with the cyber-extortion target's IT staff and the insurance carrier, if there is one. Since the number one priority of the ransomware target is fast recovery, it is critical to deploy recovery teams that operate efficiently, in parallel, and in close communication. Progent has the scope of technical skills and the deep bench of experts to supplement your network support team and recover your network environment quickly and economically.
Services available from Progent's ransomware settlement team include:
Concurrent with the ransom negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware involved in the assault
- identifying and contacting the hacker persona
- Assessing the likelihood of recovery
- Verifying the threat actor's decryption tool
- Agreeing on a settlement with the victim and the cyber insurance provider
- Establishing a settlement amount and timeline with the hacker
- Checking accordance with anti-money laundering (AML) regulations
- Managing the crypto-currency disbursement to the hacker
- Receiving, learning, and using the hacker's decryption utility
- If needed, contacting the threat actor for technical assistance with the decryption tool
After the decryption utility has been learned, Progent can help you to recover physical and virtual devices and services to their original condition. Progent can also assist you to perform a forensics investigation and generate a report to deliver to the cyber insurance carrier. This document helps you to understand security gaps that must be fixed and recommends steps that should be taken to combat subsequent ransomware attacks.
- Quarantining infected endpoints and data stores to arrest the spread of the attack
- Creating replicas of each compromised server and endpoint and data store in order to perform forensics without interfering with cleanup
- Adding A/V protection to all clean endpoints
- Restoring data from air-gapped restores or unscathed machines
- Building a clean recovery environment
- Remapping and reconnecting drives to match precisely their pre-attack state
Paying Exfiltration Ransoms
In addition to demanding money for a decryption tool, modern strains of ransomware such as Ryuk, Maze, Netwalker, and Egregor often try to steal (or "exfiltrate") files. Hackers are then able to demand an additional settlement in exchange for not publishing this data or selling it. Unfortunately, there exists no method to be certain that stolen data have been totally erased by the hacker. Actually, in numerous cases the threat actor has little say about where the information ends up. Paying an exfiltration ransom does not free you from the necessity of seeking the advice of legal counsel, performing an investigation into which files were stolen, and performing the necessary notifications to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises network services throughout the U.S. for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technologies such as Cisco infrastructure, VMware, and popular Linux distros. Progent's data security experts have earned industry-recognized certifications such as CISA, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial and ERP applications. This broad array of skills gives Progent the ability to identify and integrate the surviving parts of your IT environment following a ransomware intrusion and rebuild them quickly into a functioning system. Progent has worked with top insurance providers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Settlement Negotiation Services in Ipanema
To contact with Progent about crypto-ransomware settlement negotiation expertise in Ipanema, phone Progent at 800-462-8800 or go to Contact Progent.