Progent's Ransomware Negotiation Consulting in Louisville
Progent has experience negotiating ransomware settlements with threat actors. Negotiating an optimum settlement is a complex activity that calls for a mix of field experience, technical skills and business acumen. It also requires close co-operation with the ransomware victim's IT team and the cyber insurance carrier, if there is one. Because the number one priority of the ransomware victim is operational continuity, it is critical to deploy recovery groups that operate effectively, concurrently, and with intimate collaboration. Progent has the scope of IT knowledge and the deep bench of personnel to complement your network support team and restore your network rapidly and economically.
Support provided by Progent's ransomware settlement experts include:
In parallel with the settlement negotiations, Progent's ransomware team can help with:
- Establishing the kind of ransomware involved in the attack
- identifying and contacting the hacker persona
- Evaluating the recovery risk
- Verifying the hacker's decryption tool
- Agreeing on a settlement payment with the ransomware victim and the insurance carrier
- Establishing a settlement and timeline with the TA
- Checking adherence to anti-money laundering sanctions
- Carrying out the crypto-currency disbursement to the hacker
- Acquiring, reviewing, and operating the threat actor's decryptor tool
- If necessary, contacting the TA for assistance with the decryptor utility
After the decryption utility has been mastered, Progent can help you to restore physical and virtual devices and services to their pre-arrack state. Progent can also help you to conduct a forensics investigation and create a report to share with the insurance provider. This document helps you to understand security gaps that must be eliminated and recommends actions to be taken to combat subsequent ransomware assaults.
- Quarantining affected endpoints and data stores to arrest the spread of the assault
- Making digital copies of each compromised device and data store to allow forensics in parallel with cleanup
- Installing A/V protection to all clean endpoints
- Salvaging files from air-gapped restores or unscathed machines
- Creating a pristine recovery environment
- Mapping and connecting datastores to reflect precisely their pre-encryption state
Beyond extorting money for a decryption utility, current variants of crypto-ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor often try to steal (or "exfiltrate") files. TAs can then demand an extra payment for not posting this information on the dark web. Sadly, there exists no method to be certain that exfiltrated data have been completely erased by the threat actor. Actually, in many cases the threat actor has limited control over data custody. Settling an exfiltration ransom does not eliminate the need for engaging the advice of privacy lawyers, conducting an audit on which files were compromised, and carrying out the necessary notifications to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered online and onsite IT services across the U.S. for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have been awarded advanced certifications in core technologies including Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's data security experts have earned internationally recognized certifications including CISA, CISSP, and GIAC. (See Progent's certifications). Progent also offers guidance in financial management and Enterprise Resource Planning software. This broad array of skills allows Progent to identify and integrate the undamaged parts of your information system following a ransomware intrusion and rebuild them quickly into a functioning network. Progent has collaborated with top insurance providers including Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Settlement Guidance in Louisville
To contact with Progent about ransomware settlement negotiation expertise in Louisville, phone Progent at 800-462-8800 or go to Contact Progent.