Overview of Progent's Ransomware Negotiation Consulting in Dallas
Progent is experienced in negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complex activity that requires a combination of field experience, technical skills and business acumen. It also requires working closely with the ransomware victim's IT staff and the cyber insurance carrier, if there is one. Since the top goal of the ransomware target is operational continuity, it is vital to establish response teams that operate effectively, in parallel, and in close communication. Progent offers the breadth of technical skills and the deep bench of experts to supplement your network staff and recover your network rapidly and economically.
Support offered by Progent's ransomware settlement experts include:
Concurrent with the settlement negotiations, Progent's ransomware staff can help with:
- Determining the type of ransomware used in the attack
- making contact with the hacker persona
- Assessing the likelihood of recovery
- Validating the hacker's decryption tool
- Budgeting a settlement amount with the victim and the insurance carrier
- Establishing a settlement amount and timeline with the threat actor
- Confirming compliance with anti-money laundering laws
- Carrying out the crypto-currency transfer to the TA
- Receiving, reviewing, and using the threat actor's decryptor mechanism
- If needed, contacting the hacker for technical help with the decryptor utility
Once the decryption tool has been learned, Progent can assist you to restore computers and software services to their pre-arrack state. Progent can also assist you to perform a forensics investigation and generate a document to deliver to the insurance provider. This report identifies cybersecurity vulnerabilities that need to be fixed and recommends steps that should be taken to counter subsequent ransomware assaults.
- Quarantining affected endpoints to prevent further spread of the assault
- Making digital copies of each infected server and endpoint and data store to allow forensics without interfering with cleanup
- Adding A/V agents to all virus-free endpoints
- Restoring files from air-gapped restores or uncompromised machines
- Building a clean recovery environment
- Mapping and connecting drives to match precisely their pre-encryption condition
In addition to extorting payment for a decryption utility, modern variants of ransomware like Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly attempt to steal (or "exfiltrate") information. TAs can then require a separate settlement for not posting this information on the dark web. Unfortunately, there is no method to guarantee that stolen files have been completely erased by the threat actor. Actually, in numerous instances the TA has little control about who can access the stolen files. Settling an exfiltration ransom does not eliminate the need for getting the advice of legal counsel, conducting an inventory of files were taken, and performing the mandated alerts to impacted entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has delivered remote and onsite network services across the United States for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes professionals who have been awarded advanced certifications in core technologies including Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned industry-recognized certifications such as CISM, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial and Enterprise Resource Planning applications. This scope of expertise allows Progent to identify and integrate the undamaged pieces of your network after a ransomware attack and rebuild them rapidly into an operational network. Progent has collaborated with top cyber insurance carriers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Services in Dallas
To get in touch with Progent about ransomware settlement services in Dallas, call Progent at 800-462-8800 or go to Contact Progent.