Overview of Progent's Ransomware Settlement Negotiation Services in Albany
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complicated exercise that calls for a mix of field experience, IT knowledge and business savvy. It also requires close co-operation with the ransomware victim's IT staff and the insurance provider, if there is one. Since the number one goal of the ransomware victim is fast recovery, it is vital to establish response teams that work effectively, in parallel, and in close communication. Progent offers the breadth of technical knowledge and the deep bench of experts to complement your IT support team and restore your network quickly and affordably.
Services offered by Progent's ransomware negotiation team include:
Concurrent with the settlement negotiations, Progent's ransomware staff can help with:
- Determining the type of ransomware involved in the attack
- Identifying and communicating with the hacker
- Assessing the likelihood of recovery
- Testing the threat actor's decryption capabilities
- Determining a settlement range with the ransomware victim and the insurance provider
- Negotiating a settlement and schedule with the hacker
- Confirming accordance with anti-money laundering (AML) laws
- Managing the crypto-currency transfer to the hacker
- Receiving, reviewing, and operating the threat actor's decryptor tool
- If necessary, contacting the TA for technical help with the decryption tool
Once the decryption tool has been learned, Progent can help you to recover computers and services to their pre-arrack condition. Progent can also help you to conduct a full forensic review and create a report to share with the cyber insurance carrier. This document identifies cybersecurity vulnerabilities that must be eliminated and suggests steps to be taken to block subsequent ransomware attacks.
- Quarantining affected endpoints and data stores to prevent further progress of the assault
- Creating replicas of each infected server and endpoint and data store in order to perform forensics without interfering with restoration
- Installing A/V agents to all clean endpoints
- Restoring files from offline backups or uncompromised endpoints
- Creating a clean environment
- Remapping and connecting datastores to match exactly their pre-attack condition
Paying Exfiltration Ransoms
Beyond extorting money for a decryption tool, modern variants of ransomware like Ryuk, Maze, Netwalker, and Nephilim often try to steal (or "exfiltrate") information. Hackers are then able to require an additional settlement for not divulging this information or selling it. Unfortunately, there exists no method to prove that exfiltrated data have been totally erased by the hacker. In fact, in numerous instances the TA has limited say about where the information ends up. Settling an exfiltration ransom does not free you from the need for engaging the guidance of privacy attorneys, conducting an audit on which files were stolen, and carrying out the required alerts to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises network services across the U.S. for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes consultants who have earned high-level certifications in core technology platforms such as Cisco networking, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications such as CISA, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP application software. This breadth of skills allows Progent to identify and integrate the surviving parts of your information system following a ransomware attack and reconstruct them quickly into a functioning system. Progent has worked with top cyber insurance providers like Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Guidance in Albany
To contact with Progent about ransomware settlement negotiation services in Albany, phone Progent at 800-462-8800 or go to Contact Progent.