Progent's Ransomware Negotiation Services in Kansas City
Progent has experience negotiating ransomware settlements with hackers. Negotiating an acceptable settlement is a complicated exercise that calls for a combination of field experience, technical skills and business savvy. It also requires working closely with the ransomware victim's IT team and the insurance carrier, if any. Because the number one goal of the ransomware victim is fast recovery, it is critical to deploy recovery groups that work effectively, in parallel, and in close communication. Progent has the scope of technical knowledge and the deep bench of experts to supplement your network staff and restore your network environment quickly and affordably.
Services provided by Progent's ransomware settlement team include:
Concurrent with the settlement negotiations, Progent's ransomware staff can help with:
- Determining the kind of ransomware involved in the attack
- identifying and contacting the hacker persona
- Assessing the recovery risk
- Verifying the TA's decryption capabilities
- Budgeting a settlement range with the ransomware victim and the insurance carrier
- Negotiating a settlement amount and schedule with the hacker
- Verifying adherence to anti-money laundering sanctions
- Managing the crypto-currency disbursement to the TA
- Acquiring, reviewing, and operating the threat actor's decryption utility
- If needed, contacting the TA for technical help with the decryption tool
After the decryption utility has been mastered, Progent can assist you to recover computers and software services to their pre-arrack state. Progent can also assist you to conduct a complete forensics analysis and generate a document to deliver to the insurance carrier. This report identifies cybersecurity vulnerabilities that need to be eliminated and suggests steps that can be taken to block subsequent ransomware assaults.
- Isolating affected endpoints and data stores to arrest the spread of the attack
- Making digital copies of every compromised device and data store to allow forensics in parallel with recovery
- Adding A/V protection to all virus-free endpoints
- Salvaging files from air-gapped backups or unscathed endpoints
- Creating a pristine recovery environment
- Remapping and reconnecting drives to reflect exactly their pre-encryption state
Paying Exfiltration Ransoms
In addition to extorting money for a decryption utility, current variants of ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor commonly attempt to exfiltrate files. Hackers are then able to demand a separate payment in exchange for not posting this data or selling it. Sadly, there exists no method to guarantee that exfiltrated files have been completely deleted by the hacker. Actually, in many cases the threat actor has little say about where the information ends up. Paying an exfiltration ransom does not eliminate the necessity of engaging the guidance of legal counsel, performing an inventory of files were stolen, and sending the mandated alerts to affected entities. In general, paying an exfiltration ransom is not recommended.
Progent has delivered remote and on-premises network services throughout the U.S. for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have been awarded high-level certifications in core technology platforms such as Cisco infrastructure, VMware, and popular Linux distros. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial management and Enterprise Resource Planning applications. This broad array of expertise allows Progent to salvage and consolidate the undamaged parts of your network after a ransomware intrusion and rebuild them quickly into a functioning network. Progent has worked with leading cyber insurance carriers like Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Guidance in Kansas City
To get in touch with Progent about crypto-ransomware settlement expertise in Kansas City, call Progent at 800-462-8800 or go to Contact Progent.