Progent's Ransomware Settlement Negotiation Services in Sherman Oaks
Progent has experience negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complex exercise that requires a combination of field experience, IT knowledge and business acumen. It also requires close co-operation with the victim's IT team and the cyber insurance provider, if there is one. Since the number one priority of the ransomware victim is operational continuity, it is vital to establish recovery teams that operate effectively, concurrently, and in close communication. Progent has the scope of technical knowledge and the deep bench of experts to complement your network support team and restore your network environment rapidly and affordably.
Services offered by Progent's ransomware negotiation experts include:
Concurrent with the settlement negotiations, Progent's ransomware team can assist with:
- Determining the kind of ransomware involved in the attack
- Identifying and communicating with the hacker
- Assessing the recovery risk
- Verifying the TA's decryption tool
- Deciding on an acceptable settlement range with the ransomware victim and the insurance carrier
- Establishing a settlement and timeline with the TA
- Confirming adherence to anti-money laundering sanctions
- Carrying out the crypto-currency payment to the TA
- Acquiring, reviewing, and operating the hacker's decryptor tool
- If needed, contacting the TA for technical assistance with the decryption utility
Once the decryption tool has been mastered, Progent can assist you to recover machines and services to their pre-arrack state. Progent can also help you to conduct comprehensive forensics and create a report to deliver to the cyber insurance provider. This report identifies security vulnerabilities that need to be corrected and suggests actions that can be taken to counter future ransomware attacks.
- Isolating infected endpoints and data stores to prevent further spread of the attack
- Creating replicas of every compromised server and endpoint and data store in order to perform forensics without interfering with cleanup
- Adding anti-virus agents to all clean endpoints
- Restoring data from offline backups or unscathed machines
- Building a clean recovery environment
- Remapping and reconnecting drives to reflect precisely their pre-attack state
Settling Exfiltration Ransoms
Beyond extorting money for a decryption tool, modern variants of ransomware like Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly attempt to steal (or "exfiltrate") information. TAs can then require an additional settlement in exchange for not publishing this information on the dark web. Unfortunately, there is no way to guarantee that stolen data have been completely erased by the TA. Actually, in numerous instances the threat actor has limited say about the disposition of the data. Settling an exfiltration ransom does not eliminate the need for getting the guidance of privacy attorneys, conducting an audit on which files were taken, and performing the necessary alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered online and onsite IT services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes consultants who have earned advanced certifications in foundation technologies including Cisco networking, VMware virtualization, and popular Linux distros. Progent's data security experts have earned industry-recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP application software. This breadth of skills gives Progent the ability to salvage and integrate the surviving parts of your network after a ransomware attack and reconstruct them rapidly into a functioning system. Progent has worked with leading insurance carriers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Services in Sherman Oaks
To get in touch with Progent about ransomware settlement negotiation guidance in Sherman Oaks, call Progent at 800-462-8800 or go to Contact Progent.