Overview of Progent's Ransomware Negotiation Services in Toronto
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complicated exercise that requires a mix of field experience, IT knowledge and business acumen. It also demands working closely with the cyber-extortion target's IT team and the cyber insurance carrier, if there is one. Since the top priority of the ransomware target is fast recovery, it is critical to establish response teams that work efficiently, in parallel, and with intimate collaboration. Progent offers the breadth of technical skills and the deep bench of experts to supplement your network staff and recover your network environment rapidly and economically.
Support provided by Progent's ransomware negotiation experts include:
Concurrent with the ransom negotiations, Progent's ransomware staff can assist with:
- Determining the type of ransomware used in the assault
- making contact with the hacker persona
- Evaluating the recovery risk
- Testing the TA's decryption capabilities
- Determining a settlement amount with the victim and the cyber insurance carrier
- Negotiating a settlement amount and schedule with the TA
- Checking accordance with anti-money laundering regulations
- Managing the crypto-currency disbursement to the hacker
- Acquiring, learning, and operating the hacker's decryptor tool
- If necessary, contacting the threat actor for technical assistance with the decryptor utility
Once the decryption tool has been mastered, Progent can assist you to recover physical and virtual devices and software services to their pre-arrack state. Progent can also help you to perform a complete forensics analysis and create a report to share with the cyber insurance carrier. This report helps you to understand security vulnerabilities that need to be eliminated and suggests steps that should be taken to counter future ransomware attacks.
- Quarantining affected endpoints and data stores to prevent further progress of the attack
- Creating replicas of each compromised server and endpoint and data store to allow forensics without interfering with cleanup
- Adding anti-virus protection to all clean endpoints
- Salvaging data from offline backups or unscathed machines
- Creating a clean recovery environment
- Mapping and reconnecting drives to reflect exactly their pre-attack condition
Paying Exfiltration Ransoms
In addition to extorting money for a decryption utility, modern strains of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Nephilim often attempt to exfiltrate files. TAs are then able to require a separate settlement in exchange for not publishing this information or selling it. Unfortunately, there exists no way to guarantee that exfiltrated data have been totally erased by the TA. In fact, in numerous cases the threat actor has limited say over who can access the stolen files. Settling an exfiltration ransom does not eliminate the need for engaging the advice of privacy lawyers, conducting an investigation into which files were compromised, and sending the mandated alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises network services across the U.S. for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes consultants who have been awarded high-level certifications in foundation technology platforms including Cisco infrastructure, VMware, and major Linux distros. Progent's data security experts have earned industry-recognized certifications including CISA, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and ERP application software. This scope of expertise gives Progent the ability to identify and consolidate the surviving pieces of your information system after a ransomware assault and rebuild them rapidly into a functioning system. Progent has collaborated with leading insurance providers like Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Settlement Negotiation Services in Toronto
To get in touch with Progent about ransomware settlement guidance in Toronto, call Progent at 800-462-8800 or go to Contact Progent.