Overview of Progent's Ransomware Negotiation Services in Manchester
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complicated exercise that calls for a mix of real-word experience, technical skills and business savvy. It also calls for working closely with the ransomware victim's IT staff and the cyber insurance provider, if any. Because the number one priority of the ransomware victim is operational continuity, it is critical to deploy response groups that work effectively, concurrently, and with intimate collaboration. Progent offers the scope of IT knowledge and the deep bench of experts to complement your network staff and recover your network environment quickly and affordably.
Services offered by Progent's ransomware settlement team include:
Concurrent with the ransom negotiations, Progent's ransomware team can assist with:
- Establishing the kind of ransomware used in the attack
- identifying and contacting the hacker
- Evaluating the likelihood of recovery
- Validating the TA's decryption tool
- Agreeing on a settlement payment with the ransomware victim and the cyber insurance provider
- Establishing a settlement and schedule with the hacker
- Confirming compliance with anti-money laundering (AML) regulations
- Managing the crypto-currency transfer to the TA
- Acquiring, learning, and operating the threat actor's decryption utility
- If needed, contacting the threat actor for technical help with the decryptor tool
Once the decryption utility has been learned, Progent can assist you to restore computers and services to their pre-arrack condition. Progent can also assist you to perform a forensics investigation and create a document to deliver to the cyber insurance carrier. This document identifies security gaps that need to be fixed and suggests actions that can be performed to counter future ransomware attacks.
- Quarantining affected endpoints to prevent further spread of the assault
- Creating replicas of every breached server and endpoint and data store to allow forensics in parallel with restoration
- Adding A/V protection to all clean endpoints
- Restoring data from offline backups or uncompromised machines
- Building a pristine recovery environment
- Mapping and reconnecting datastores to match precisely their pre-attack condition
Settling Exfiltration Ransoms
In addition to extorting money for a decryption tool, modern strains of ransomware such as Ryuk, Maze, Netwalker, and Nephilim often attempt to steal (or "exfiltrate") files. TAs can then demand an additional ransom for not posting this data on the dark web. Unfortunately, there exists no way to prove that exfiltrated files have been totally deleted by the threat actor. In fact, in many cases the threat actor has little control over who can access the stolen files. Paying an exfiltration ransom does not free you from the necessity of getting the guidance of privacy lawyers, conducting an inventory of files were taken, and carrying out the necessary notifications to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered remote and onsite IT services across the U.S. for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes consultants who have earned advanced certifications in core technologies such as Cisco infrastructure, VMware, and popular Linux distros. Progent's data security consultants have earned internationally recognized certifications such as CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning applications. This scope of skills allows Progent to salvage and consolidate the undamaged parts of your information system after a ransomware attack and reconstruct them quickly into a viable network. Progent has worked with top insurance carriers like Chubb to help organizations recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Guidance in Manchester
To contact with Progent about ransomware settlement services in Manchester, phone Progent at 800-462-8800 or go to Contact Progent.