Overview of Progent's Ransomware Settlement Negotiation Consulting in Saddle Brook
Progent is experienced in negotiating ransomware settlements with threat actors. Negotiating an optimum settlement is a complex exercise that calls for a mix of real-word experience, IT knowledge and business acumen. It also calls for close co-operation with the cyber-extortion target's IT team and the insurance provider, if there is one. Since the number one priority of the ransomware victim is operational continuity, it is critical to establish recovery groups that operate effectively, in parallel, and in close communication. Progent has the breadth of technical knowledge and the deep bench of personnel to supplement your network support team and restore your network quickly and economically.
Services available from Progent's ransomware settlement negotiation experts include:
Concurrent with the ransom negotiations, Progent's ransomware team can assist with:
- Determining the kind of ransomware used in the attack
- making contact with the hacker
- Evaluating the likelihood of recovery
- Validating the TA's decryption tool
- Budgeting a settlement amount with the ransomware victim and the cyber insurance provider
- Establishing a settlement amount and timeline with the TA
- Confirming adherence to anti-money laundering (AML) regulations
- Carrying out the crypto-currency payment to the hacker
- Receiving, learning, and using the TA's decryption utility
- If needed, contacting the threat actor for assistance with the decryptor utility
Once the decryption tool has been learned, Progent can assist you to recover physical and virtual devices and software services to their original state. Progent can also help you to perform a complete forensics analysis and create a document to deliver to the insurance provider. This document identifies cybersecurity gaps that must be fixed and recommends actions that can be taken to block future ransomware attacks.
- Isolating infected endpoints and data stores to arrest the progress of the assault
- Making digital copies of every breached device and data store in order to perform forensics without interfering with recovery
- Adding anti-virus protection to all virus-free endpoints
- Salvaging files from air-gapped restores or unscathed endpoints
- Creating a clean recovery environment
- Remapping and connecting datastores to match exactly their pre-attack state
Settling Exfiltration Ransoms
Beyond demanding payment for a decryption utility, current strains of crypto-ransomware such as Ryuk, Maze, Netwalker, and Nephilim often try to steal (or "exfiltrate") information. Hackers can then require an additional settlement in exchange for not posting this information or selling it. Unfortunately, there exists no way to be certain that stolen files have been totally erased by the threat actor. In fact, in many cases the threat actor has limited control about the disposition of the data. Settling an exfiltration ransom does not free you from the need for seeking the advice of privacy lawyers, performing an investigation into which files were stolen, and performing the necessary notifications to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has delivered online and onsite network services across the United States for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes professionals who have earned high-level certifications in foundation technology platforms including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's cybersecurity experts have earned prestigious certifications including CISA, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also offers top-tier support in financial and Enterprise Resource Planning application software. This broad array of expertise gives Progent the ability to identify and integrate the undamaged parts of your IT environment after a ransomware assault and reconstruct them rapidly into a viable network. Progent has worked with leading insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Expertise in Saddle Brook
To contact with Progent about ransomware settlement expertise in Saddle Brook, phone Progent at 800-462-8800 or go to Contact Progent.