Progent's Ransomware Negotiation Consulting in Tacoma
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an optimum settlement is a complex exercise that requires a combination of real-word experience, technical skills and business savvy. It also requires working closely with the ransomware victim's IT staff and the insurance provider, if there is one. Because the number one goal of the ransomware target is fast recovery, it is vital to establish response groups that work efficiently, concurrently, and in close communication. Progent has the breadth of technical skills and the depth of experts to complement your network staff and recover your network quickly and economically.
Services available from Progent's ransomware settlement experts include:
Concurrent with the ransom negotiations, Progent's ransomware staff can assist with:
- Determining the type of ransomware used in the assault
- identifying and contacting the hacker
- Assessing the likelihood of recovery
- Testing the hacker's decryption tool
- Deciding on an acceptable settlement range with the victim and the insurance provider
- Negotiating a settlement and schedule with the hacker
- Checking accordance with anti-money laundering (AML) sanctions
- Managing the crypto-currency disbursement to the hacker
- Acquiring, learning, and operating the hacker's decryption tool
- If necessary, contacting the TA for technical assistance with the decryptor utility
After the decryption utility has been mastered, Progent can help you to restore machines and services to their pre-arrack state. Progent can also help you to conduct a forensics investigation and create a document to share with the insurance provider. This report helps you to understand cybersecurity vulnerabilities that need to be corrected and recommends actions that can be performed to counter subsequent ransomware assaults.
- Quarantining affected endpoints and data stores to prevent further spread of the attack
- Making digital copies of each infected device and data store to allow forensics in parallel with recovery
- Installing anti-virus agents to all virus-free endpoints
- Salvaging data from offline backups or unscathed machines
- Creating a pristine environment
- Mapping and connecting drives to reflect precisely their pre-encryption state
Beyond demanding payment for a decryption tool, current strains of crypto-ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly attempt to steal (or "exfiltrate") information. Hackers can then require an extra ransom in exchange for not posting this information or selling it. Sadly, there is no method to be certain that exfiltrated data have been totally erased by the hacker. In fact, in many instances the threat actor has limited control about data custody. Settling an exfiltration ransom does not eliminate the need for engaging the guidance of legal counsel, performing an inventory of data were taken, and performing the required alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered remote and on-premises IT services across the United States for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have earned high-level certifications in foundation technologies including Cisco infrastructure, VMware, and popular Linux distros. Progent's data security experts have earned internationally recognized certifications such as CISA, CISSP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial management and ERP applications. This scope of skills gives Progent the ability to salvage and integrate the surviving pieces of your information system after a ransomware intrusion and reconstruct them quickly into a viable network. Progent has collaborated with leading cyber insurance carriers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Expertise in Tacoma
To contact with Progent about ransomware settlement services in Tacoma, phone Progent at 800-462-8800 or go to Contact Progent.