Overview of Progent's Ransomware Settlement Negotiation Services in Garland
Progent is experienced in negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complex activity that requires a mix of real-word experience, technical skills and business savvy. It also calls for close co-operation with the victim's IT staff and the insurance carrier, if there is one. Because the number one goal of the ransomware victim is operational continuity, it is critical to deploy recovery teams that work effectively, in parallel, and with intimate collaboration. Progent has the scope of technical skills and the depth of personnel to supplement your network support team and recover your network environment quickly and economically.
Services provided by Progent's ransomware settlement team include:
In parallel with the ransom negotiations, Progent's ransomware team can help with:
- Determining the type of ransomware involved in the assault
- identifying and contacting the hacker persona
- Evaluating the recovery risk
- Testing the TA's decryption capabilities
- Deciding on an acceptable settlement with the ransomware victim and the cyber insurance carrier
- Establishing a settlement amount and schedule with the hacker
- Checking compliance with anti-money laundering (AML) laws
- Carrying out the crypto-currency transfer to the TA
- Acquiring, reviewing, and operating the threat actor's decryption tool
- If necessary, contacting the TA for technical assistance with the decryptor utility
After the decryption utility has been learned, Progent can assist you to recover physical and virtual devices and software services to their pre-arrack state. Progent can also help you to conduct a forensics investigation and create a document to share with the insurance provider. This document identifies security vulnerabilities that must be fixed and recommends steps to be performed to combat subsequent ransomware assaults.
- Quarantining infected endpoints and data stores to arrest the progress of the attack
- Making digital copies of every infected server and endpoint and data store to allow forensics without interfering with recovery
- Installing anti-virus agents to all virus-free endpoints
- Recovering data from offline backups or uncompromised endpoints
- Creating a clean environment
- Remapping and reconnecting drives to reflect precisely their pre-attack state
Paying Exfiltration Ransoms
In addition to extorting payment for a decryption utility, current variants of crypto-ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor often try to exfiltrate information. TAs can then require an extra settlement for not publishing this data on the dark web. Sadly, there is no way to prove that exfiltrated files have been completely deleted by the threat actor. Actually, in numerous cases the hacker has little control about where the information ends up. Paying an exfiltration ransom does not free you from the necessity of getting the advice of legal counsel, conducting an audit on which files were taken, and carrying out the mandated alerts to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered online and onsite IT services throughout the U.S. for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have been awarded advanced certifications in core technologies such as Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's data security consultants have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial and ERP applications. This scope of expertise gives Progent the ability to identify and consolidate the surviving parts of your IT environment following a ransomware assault and reconstruct them rapidly into an operational network. Progent has collaborated with top insurance providers like Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Services in Garland
To get in touch with Progent about ransomware settlement expertise in Garland, phone Progent at 800-462-8800 or go to Contact Progent.