Overview of Progent's Ransomware Settlement Negotiation Consulting in Tacoma
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complex activity that calls for a mix of field experience, technical knowledge and business acumen. It also requires working closely with the cyber-extortion target's IT team and the cyber insurance carrier, if there is one. Because the number one goal of the ransomware victim is operational continuity, it is critical to deploy recovery teams that work effectively, concurrently, and in close communication. Progent offers the scope of IT knowledge and the deep bench of personnel to complement your IT staff and restore your network quickly and affordably.
Support offered by Progent's ransomware negotiation experts include:
Concurrent with the settlement negotiations, Progent's ransomware staff can help with:
- Determining the kind of ransomware used in the attack
- Identifying and communicating with the hacker persona
- Evaluating the likelihood of recovery
- Validating the threat actor's decryption capabilities
- Determining a settlement with the victim and the cyber insurance carrier
- Negotiating a settlement and schedule with the TA
- Verifying accordance with anti-money laundering (AML) laws
- Managing the crypto-currency payment to the hacker
- Acquiring, reviewing, and operating the hacker's decryptor tool
- If needed, contacting the TA for technical assistance with the decryption tool
After the decryption tool has been learned, Progent can help you to recover machines and software services to their pre-arrack state. Progent can also assist you to perform a full forensic review and generate a report to deliver to the cyber insurance carrier. This document identifies security vulnerabilities that need to be fixed and suggests steps to be performed to counter future ransomware assaults.
- Quarantining infected endpoints to prevent further spread of the attack
- Making replicas of each breached device and data store to allow forensics in parallel with restoration
- Installing A/V protection to all clean endpoints
- Salvaging files from offline backups or unscathed endpoints
- Creating a clean recovery environment
- Mapping and connecting datastores to match exactly their pre-encryption condition
Paying Exfiltration Ransoms
In addition to extorting payment for a decryption utility, modern strains of crypto-ransomware like Ryuk, Maze, Netwalker, and Nephilim often attempt to steal (or "exfiltrate") files. Hackers can then demand a separate payment in exchange for not publishing this information or selling it. Unfortunately, there is no method to be certain that exfiltrated data have been totally deleted by the TA. In fact, in numerous cases the threat actor has little control over data custody. Settling an exfiltration ransom does not free you from the necessity of getting the guidance of privacy lawyers, performing an audit on which data were taken, and carrying out the required alerts to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has delivered online and on-premises network services across the U.S. for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes consultants who have been awarded high-level certifications in foundation technology platforms such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial management and Enterprise Resource Planning software. This scope of expertise allows Progent to salvage and consolidate the undamaged pieces of your IT environment after a ransomware assault and reconstruct them quickly into a viable system. Progent has collaborated with top cyber insurance carriers like Chubb to help organizations recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Guidance in Tacoma
To contact with Progent about crypto-ransomware settlement services in Tacoma, phone Progent at 800-993-9400 or go to Contact Progent.