Overview of Progent's Ransomware Negotiation Services in Monterey
Progent is experienced in negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complex activity that requires a combination of real-word experience, IT knowledge and business acumen. It also calls for working closely with the cyber-extortion target's IT staff and the cyber insurance provider, if there is one. Because the top priority of the ransomware target is operational continuity, it is vital to establish recovery groups that operate efficiently, concurrently, and in close communication. Progent offers the scope of IT knowledge and the deep bench of personnel to supplement your network staff and recover your network environment quickly and economically.
Services available from Progent's ransomware settlement experts include:
Concurrent with the ransom negotiations, Progent's ransomware team can help with:
- Determining the kind of ransomware used in the assault
- identifying and contacting the hacker
- Assessing the likelihood of recovery
- Validating the hacker's decryption capabilities
- Deciding on an acceptable settlement with the ransomware victim and the insurance carrier
- Negotiating a settlement and schedule with the threat actor
- Verifying compliance with anti-money laundering (AML) laws
- Overseeing the crypto-currency payment to the hacker
- Receiving, reviewing, and using the TA's decryptor utility
- If necessary, contacting the TA for assistance with the decryption tool
Once the decryption utility has been mastered, Progent can assist you to recover physical and virtual devices and software services to their pre-arrack state. Progent can also assist you to conduct comprehensive forensics and create a document to share with the cyber insurance provider. This document identifies cybersecurity gaps that need to be eliminated and suggests actions that can be taken to counter future ransomware attacks.
- Isolating affected endpoints to prevent further spread of the attack
- Making replicas of each compromised device and data store to allow forensics without interfering with recovery
- Adding A/V protection to all clean endpoints
- Recovering data from air-gapped backups or uncompromised machines
- Building a pristine recovery environment
- Mapping and reconnecting datastores to reflect exactly their pre-encryption condition
Paying Exfiltration Ransoms
In addition to demanding money for a decryption utility, modern variants of crypto-ransomware like Ryuk, Maze, Netwalker, and Egregor commonly try to steal (or "exfiltrate") information. TAs can then require an additional payment for not divulging this data or selling it. Unfortunately, there exists no way to be certain that exfiltrated data have been totally deleted by the hacker. In fact, in numerous cases the hacker has little say over who can access the stolen files. Settling an exfiltration ransom does not free you from the necessity of seeking the guidance of privacy lawyers, conducting an inventory of data were taken, and sending the mandated alerts to impacted entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has delivered remote and onsite IT services across the United States for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have earned high-level certifications in foundation technology platforms including Cisco infrastructure, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning software. This breadth of skills gives Progent the ability to salvage and consolidate the undamaged pieces of your network following a ransomware intrusion and reconstruct them rapidly into a functioning system. Progent has collaborated with leading cyber insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Services in Monterey
To contact with Progent about ransomware settlement guidance in Monterey, call Progent at 800-462-8800 or go to Contact Progent.