Progent's Ransomware Negotiation Services in Louisville
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complicated activity that calls for a mix of real-word experience, IT knowledge and business savvy. It also demands close co-operation with the ransomware victim's IT team and the insurance carrier, if there is one. Since the top goal of the ransomware victim is operational continuity, it is critical to establish recovery groups that work effectively, in parallel, and in close communication. Progent offers the breadth of technical knowledge and the depth of personnel to supplement your IT staff and recover your network rapidly and affordably.
Services available from Progent's ransomware settlement negotiation experts include:
In parallel with the ransom negotiations, Progent's ransomware staff can help with:
- Establishing the type of ransomware used in the assault
- Identifying and communicating with the hacker persona
- Assessing the likelihood of recovery
- Validating the TA's decryption tool
- Determining a settlement amount with the ransomware victim and the insurance carrier
- Negotiating a settlement amount and timeline with the hacker
- Confirming accordance with anti-money laundering (AML) regulations
- Overseeing the crypto-currency transfer to the hacker
- Receiving, reviewing, and operating the threat actor's decryption tool
- If needed, contacting the TA for technical assistance with the decryption tool
Once the decryption tool has been learned, Progent can assist you to restore computers and services to their pre-arrack condition. Progent can also help you to conduct a full forensic review and create a report to deliver to the insurance provider. This document identifies security gaps that must be fixed and suggests actions that can be taken to block future ransomware assaults.
- Quarantining affected endpoints to prevent further spread of the assault
- Making digital copies of every infected device and data store in order to perform forensics without interfering with cleanup
- Adding anti-virus protection to all clean endpoints
- Salvaging data from offline backups or unscathed machines
- Building a clean recovery environment
- Remapping and connecting drives to match precisely their pre-encryption condition
Paying Exfiltration Ransoms
Beyond extorting payment for a decryption tool, current variants of crypto-ransomware like Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly attempt to steal (or "exfiltrate") files. TAs can then demand a separate payment for not divulging this data on the dark web. Sadly, there exists no method to be certain that exfiltrated data have been completely deleted by the TA. Actually, in numerous instances the hacker has limited control about who can access the stolen files. Paying an exfiltration ransom does not eliminate the need for engaging the advice of privacy attorneys, conducting an audit on which data were compromised, and carrying out the required notifications to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered online and onsite network services throughout the U.S. for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SBEs includes professionals who have been awarded high-level certifications in foundation technologies such as Cisco networking, VMware, and major Linux distros. Progent's cybersecurity consultants have earned industry-recognized certifications such as CISM, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning applications. This breadth of expertise gives Progent the ability to identify and integrate the undamaged parts of your information system following a ransomware assault and reconstruct them quickly into an operational system. Progent has worked with leading cyber insurance carriers like Chubb to assist organizations clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Guidance in Louisville
To get in touch with Progent about ransomware settlement negotiation expertise in Louisville, call Progent at 800-462-8800 or go to Contact Progent.