Progent's Ransomware Negotiation Services in Sherman Oaks
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complex activity that calls for a combination of field experience, IT knowledge and business savvy. It also calls for close co-operation with the cyber-extortion target's IT staff and the insurance provider, if there is one. Because the number one priority of the ransomware victim is fast recovery, it is critical to deploy response groups that operate efficiently, concurrently, and with intimate collaboration. Progent has the breadth of IT skills and the depth of experts to supplement your IT support team and restore your network rapidly and economically.
Services offered by Progent's ransomware negotiation team include:
In parallel with the settlement negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware involved in the attack
- making contact with the hacker persona
- Evaluating the recovery risk
- Validating the TA's decryption capabilities
- Budgeting a settlement payment with the ransomware victim and the cyber insurance provider
- Negotiating a settlement amount and schedule with the threat actor
- Confirming accordance with anti-money laundering sanctions
- Managing the crypto-currency payment to the hacker
- Acquiring, learning, and operating the TA's decryptor mechanism
- If necessary, contacting the threat actor for technical help with the decryption utility
After the decryption utility has been learned, Progent can assist you to restore machines and software services to their pre-arrack state. Progent can also assist you to conduct a forensics investigation and create a document to share with the insurance provider. This report identifies cybersecurity vulnerabilities that must be corrected and suggests actions that should be performed to block future ransomware attacks.
- Isolating infected endpoints to prevent further progress of the attack
- Making replicas of every infected server and endpoint and data store to allow forensics without interfering with recovery
- Adding A/V agents to all virus-free endpoints
- Recovering data from air-gapped restores or uncompromised machines
- Creating a clean recovery environment
- Mapping and reconnecting datastores to reflect precisely their pre-attack condition
Beyond demanding payment for a decryption utility, current strains of ransomware such as Ryuk, Maze, DopplePaymer, and Nephilim often try to steal (or "exfiltrate") files. TAs are then able to require an additional payment for not publishing this data on the dark web. Sadly, there is no method to guarantee that stolen data have been totally deleted by the threat actor. Actually, in many cases the TA has little control over who can access the stolen files. Settling an exfiltration ransom does not free you from the need for seeking the advice of privacy attorneys, conducting an inventory of files were taken, and sending the necessary alerts to impacted entities. In almost all cases, paying an exfiltration ransom is a waste.
Progent has provided remote and on-premises network services across the United States for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have earned advanced certifications in foundation technologies such as Cisco networking, VMware, and major distributions of Linux. Progent's data security experts have earned prestigious certifications such as CISA, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and ERP application software. This breadth of skills gives Progent the ability to salvage and integrate the undamaged pieces of your information system after a ransomware intrusion and reconstruct them quickly into an operational system. Progent has worked with leading cyber insurance carriers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Expertise in Sherman Oaks
To get in touch with Progent about crypto-ransomware settlement expertise in Sherman Oaks, call Progent at 800-462-8800 or go to Contact Progent.