Overview of Progent's Ransomware Negotiation Services in Plano
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complicated activity that requires a mix of field experience, IT skills and business acumen. It also demands close co-operation with the ransomware victim's IT staff and the insurance carrier, if there is one. Because the top goal of the ransomware victim is fast recovery, it is critical to establish recovery teams that operate efficiently, in parallel, and in close communication. Progent offers the breadth of technical skills and the deep bench of personnel to complement your network support team and recover your network quickly and affordably.
Services available from Progent's ransomware negotiation experts include:
In parallel with the settlement negotiations, Progent's ransomware staff can assist with:
- Determining the type of ransomware involved in the attack
- identifying and contacting the hacker
- Assessing the recovery risk
- Validating the threat actor's decryption tool
- Deciding on an acceptable settlement payment with the victim and the insurance carrier
- Negotiating a settlement and schedule with the TA
- Verifying compliance with anti-money laundering sanctions
- Overseeing the crypto-currency disbursement to the hacker
- Acquiring, reviewing, and using the TA's decryption utility
- If needed, contacting the hacker for technical help with the decryption utility
After the decryption utility has been mastered, Progent can assist you to restore machines and services to their original state. Progent can also assist you to conduct a complete forensics analysis and create a document to deliver to the cyber insurance carrier. This report identifies security gaps that must be fixed and recommends actions that should be performed to combat subsequent ransomware attacks.
- Isolating affected endpoints to arrest the progress of the assault
- Creating digital copies of each infected device and data store in order to perform forensics without interfering with cleanup
- Installing anti-virus agents to all clean endpoints
- Recovering data from offline restores or unscathed machines
- Creating a pristine recovery environment
- Remapping and connecting datastores to match exactly their pre-attack condition
Settling Exfiltration Ransoms
In addition to extorting money for a decryption tool, current strains of ransomware like Ryuk, Sodinokibi, DopplePaymer, and Egregor often attempt to steal (or "exfiltrate") information. TAs are then able to demand an extra ransom in exchange for not publishing this information or selling it. Unfortunately, there is no way to be certain that exfiltrated files have been totally erased by the TA. In fact, in numerous cases the TA has limited say about data custody. Paying an exfiltration ransom does not free you from the need for engaging the guidance of privacy attorneys, conducting an inventory of files were taken, and carrying out the necessary alerts to impacted entities. In general, paying an exfiltration ransom is a waste.
Progent has delivered remote and on-premises network services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have been awarded high-level certifications in foundation technologies such as Cisco networking, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications including CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP applications. This broad array of skills gives Progent the ability to identify and consolidate the surviving pieces of your information system after a ransomware intrusion and rebuild them rapidly into a viable system. Progent has collaborated with top cyber insurance carriers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Services in Plano
To get in touch with Progent about crypto-ransomware settlement services in Plano, phone Progent at 800-462-8800 or go to Contact Progent.