Overview of Progent's Ransomware Settlement Negotiation Consulting in Toronto
Progent is experienced in negotiating ransomware settlements with hackers. Reaching an acceptable settlement is a complex exercise that requires a mix of field experience, technical knowledge and business savvy. It also requires working closely with the cyber-extortion target's IT team and the insurance carrier, if there is one. Because the top priority of the ransomware victim is operational continuity, it is vital to establish recovery teams that work efficiently, in parallel, and with intimate collaboration. Progent has the breadth of technical skills and the deep bench of experts to supplement your network support team and restore your network environment quickly and affordably.
Services available from Progent's ransomware settlement team include:
Concurrent with the ransom negotiations, Progent's ransomware staff can assist with:
- Determining the type of ransomware used in the assault
- identifying and contacting the hacker
- Assessing the recovery risk
- Validating the TA's decryption tool
- Deciding on an acceptable settlement amount with the ransomware victim and the insurance provider
- Negotiating a settlement and schedule with the TA
- Checking compliance with anti-money laundering laws
- Carrying out the crypto-currency transfer to the hacker
- Receiving, learning, and operating the hacker's decryption tool
- If needed, contacting the threat actor for technical help with the decryptor utility
After the decryption utility has been learned, Progent can assist you to restore physical and virtual devices and services to their pre-arrack condition. Progent can also help you to perform a full forensic review and create a document to deliver to the insurance provider. This report helps you to understand cybersecurity vulnerabilities that must be eliminated and recommends steps that should be performed to combat future ransomware attacks.
- Isolating infected endpoints to arrest the spread of the attack
- Creating digital copies of each breached server and endpoint and data store in order to perform forensics in parallel with recovery
- Adding A/V agents to all virus-free endpoints
- Restoring files from offline backups or unscathed machines
- Creating a pristine recovery environment
- Mapping and reconnecting datastores to reflect exactly their pre-attack state
Settling Exfiltration Ransoms
Beyond demanding payment for a decryption utility, current strains of ransomware such as Ryuk, Maze, Netwalker, and Nephilim commonly attempt to steal (or "exfiltrate") information. TAs are then able to require an extra settlement for not divulging this information on the dark web. Unfortunately, there exists no way to be certain that exfiltrated data have been completely erased by the threat actor. In fact, in numerous instances the threat actor has little say about who can access the stolen files. Settling an exfiltration ransom does not eliminate the need for seeking the guidance of privacy attorneys, performing an inventory of data were taken, and performing the required notifications to affected entities. In general, paying an exfiltration ransom is not recommended.
Progent has delivered remote and on-premises network services throughout the U.S. for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have been awarded advanced certifications in core technology platforms including Cisco infrastructure, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning application software. This scope of expertise allows Progent to salvage and integrate the surviving parts of your network after a ransomware intrusion and reconstruct them quickly into a functioning network. Progent has collaborated with leading insurance providers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Settlement Services in Toronto
To contact with Progent about ransomware settlement negotiation expertise in Toronto, call Progent at 800-462-8800 or go to Contact Progent.