Overview of Progent's Ransomware Settlement Negotiation Services in Sorocaba
Progent has experience negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complex activity that calls for a combination of field experience, technical skills and business savvy. It also demands working closely with the ransomware victim's IT staff and the insurance carrier, if any. Because the top goal of the ransomware victim is fast recovery, it is vital to deploy response groups that operate efficiently, in parallel, and with intimate collaboration. Progent has the breadth of IT knowledge and the depth of experts to complement your IT support team and restore your network quickly and affordably.
Services provided by Progent's ransomware settlement negotiation experts include:
Concurrent with the settlement negotiations, Progent's ransomware team can assist with:
- Determining the kind of ransomware involved in the attack
- identifying and contacting the hacker
- Assessing the recovery risk
- Verifying the hacker's decryption tool
- Deciding on an acceptable settlement with the victim and the insurance carrier
- Establishing a settlement amount and schedule with the hacker
- Checking adherence to anti-money laundering (AML) sanctions
- Overseeing the crypto-currency disbursement to the TA
- Acquiring, learning, and using the TA's decryption utility
- If needed, contacting the TA for assistance with the decryption tool
Once the decryption utility has been learned, Progent can assist you to restore physical and virtual devices and services to their original state. Progent can also assist you to conduct a complete forensics analysis and generate a document to share with the insurance carrier. This document identifies security vulnerabilities that must be corrected and recommends actions that should be performed to block subsequent ransomware attacks.
- Isolating affected endpoints and data stores to prevent further spread of the attack
- Making digital copies of every compromised server and endpoint and data store in order to perform forensics in parallel with restoration
- Adding A/V agents to all virus-free endpoints
- Restoring files from offline backups or uncompromised machines
- Creating a clean environment
- Remapping and connecting datastores to match exactly their pre-attack condition
In addition to extorting money for a decryption tool, current strains of ransomware such as Ryuk, Maze, Netwalker, and Nephilim commonly attempt to exfiltrate information. TAs can then require an extra ransom in exchange for not posting this data or selling it. Unfortunately, there is no way to be certain that stolen files have been totally erased by the threat actor. In fact, in many instances the threat actor has limited control about who can access the stolen files. Settling an exfiltration ransom does not eliminate the need for engaging the advice of legal counsel, performing an inventory of files were taken, and sending the mandated alerts to impacted entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has delivered remote and onsite IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have been awarded high-level certifications in foundation technology platforms including Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's data security experts have earned industry-recognized certifications including CISA, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning applications. This scope of skills gives Progent the ability to salvage and integrate the undamaged parts of your network after a ransomware attack and reconstruct them quickly into an operational system. Progent has collaborated with top cyber insurance carriers like Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Settlement Services in Sorocaba
To get in touch with Progent about ransomware settlement services in Sorocaba, phone Progent at 800-462-8800 or go to Contact Progent.