Overview of Progent's Ransomware Negotiation Services in Ipanema
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Reaching an optimum settlement is a complex exercise that requires a mix of field experience, IT knowledge and business savvy. It also calls for working closely with the ransomware victim's IT team and the cyber insurance provider, if there is one. Because the top goal of the ransomware victim is operational continuity, it is critical to establish recovery groups that work effectively, in parallel, and in close communication. Progent has the breadth of technical skills and the deep bench of experts to complement your IT support team and recover your network environment quickly and affordably.
Services available from Progent's ransomware settlement experts include:
In parallel with the ransom negotiations, Progent's ransomware team can help with:
- Establishing the type of ransomware used in the assault
- identifying and contacting the hacker
- Evaluating the likelihood of recovery
- Validating the hacker's decryption tool
- Agreeing on a settlement payment with the ransomware victim and the cyber insurance carrier
- Establishing a settlement and timeline with the hacker
- Verifying compliance with anti-money laundering regulations
- Overseeing the crypto-currency transfer to the hacker
- Acquiring, learning, and using the TA's decryption tool
- If needed, contacting the hacker for technical help with the decryption utility
After the decryption tool has been learned, Progent can help you to restore computers and services to their original state. Progent can also assist you to perform a complete forensics analysis and generate a document to deliver to the cyber insurance provider. This report helps you to understand security vulnerabilities that must be eliminated and recommends actions that can be taken to counter future ransomware assaults.
- Quarantining infected endpoints and data stores to arrest the spread of the attack
- Making digital copies of each breached server and endpoint and data store in order to perform forensics without interfering with restoration
- Installing anti-virus protection to all clean endpoints
- Restoring files from air-gapped restores or unscathed machines
- Building a pristine environment
- Remapping and reconnecting drives to reflect exactly their pre-attack condition
Paying Exfiltration Ransoms
Beyond extorting money for a decryption tool, current strains of crypto-ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Nephilim often try to steal (or "exfiltrate") files. TAs can then demand a separate settlement for not publishing this information or selling it. Sadly, there is no way to be certain that stolen files have been completely deleted by the threat actor. Actually, in numerous cases the threat actor has limited say over who can access the stolen files. Settling an exfiltration ransom does not eliminate the necessity of seeking the guidance of legal counsel, conducting an investigation into which data were taken, and sending the necessary notifications to affected entities. In general, paying an exfiltration ransom is not recommended.
Progent has delivered remote and onsite network services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have earned high-level certifications in foundation technology platforms including Cisco networking, VMware, and popular Linux distros. Progent's data security consultants have earned prestigious certifications such as CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning application software. This breadth of expertise gives Progent the ability to identify and integrate the surviving pieces of your network following a ransomware intrusion and reconstruct them rapidly into a functioning network. Progent has collaborated with leading insurance providers like Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Settlement Negotiation Expertise in Ipanema
To get in touch with Progent about ransomware settlement guidance in Ipanema, call Progent at 800-993-9400 or go to Contact Progent.