Overview of Progent's Ransomware Settlement Negotiation Services in Monterey
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an acceptable settlement is a complex activity that requires a combination of field experience, technical skills and business savvy. It also requires working closely with the cyber-extortion target's IT team and the insurance provider, if any. Since the top priority of the ransomware target is operational continuity, it is vital to deploy response groups that operate efficiently, in parallel, and with intimate collaboration. Progent has the breadth of technical knowledge and the deep bench of personnel to complement your IT staff and recover your network environment quickly and affordably.
Services offered by Progent's ransomware settlement negotiation experts include:
In parallel with the settlement negotiations, Progent's ransomware staff can help with:
- Establishing the kind of ransomware used in the attack
- Identifying and communicating with the hacker
- Assessing the likelihood of recovery
- Validating the threat actor's decryption tool
- Deciding on an acceptable settlement range with the victim and the cyber insurance provider
- Negotiating a settlement and schedule with the TA
- Verifying compliance with anti-money laundering (AML) laws
- Managing the crypto-currency payment to the hacker
- Receiving, reviewing, and using the threat actor's decryptor tool
- If necessary, contacting the hacker for technical help with the decryptor utility
After the decryption utility has been learned, Progent can assist you to recover computers and software services to their pre-arrack state. Progent can also help you to conduct a complete forensics analysis and generate a document to deliver to the cyber insurance provider. This document helps you to understand security vulnerabilities that need to be corrected and suggests steps that should be taken to block future ransomware assaults.
- Quarantining infected endpoints and data stores to prevent further spread of the attack
- Making replicas of every compromised server and endpoint and data store in order to perform forensics without interfering with restoration
- Installing anti-virus protection to all virus-free endpoints
- Recovering files from air-gapped restores or uncompromised machines
- Creating a clean environment
- Remapping and reconnecting drives to match precisely their pre-encryption condition
Settling Exfiltration Ransoms
Beyond extorting payment for a decryption tool, current variants of crypto-ransomware such as Ryuk, Sodinokibi, Netwalker, and Nephilim often try to steal (or "exfiltrate") files. Hackers can then require a separate ransom for not divulging this information or selling it. Unfortunately, there is no method to prove that exfiltrated data have been totally erased by the TA. In fact, in many cases the threat actor has little say over data custody. Settling an exfiltration ransom does not free you from the need for seeking the guidance of privacy attorneys, conducting an investigation into which files were taken, and sending the required notifications to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises IT services across the U.S. for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have earned advanced certifications in core technologies including Cisco networking, VMware, and popular Linux distros. Progent's data security consultants have earned industry-recognized certifications such as CISM, CISSP, and CRISC. (Refer to Progent's certifications). Progent also offers top-tier support in financial and ERP software. This breadth of expertise allows Progent to identify and consolidate the undamaged pieces of your IT environment after a ransomware intrusion and reconstruct them rapidly into a functioning system. Progent has worked with leading insurance providers including Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Negotiation Guidance in Monterey
To contact with Progent about ransomware settlement services in Monterey, phone Progent at 800-462-8800 or go to Contact Progent.