Overview of Progent's Ransomware Negotiation Consulting in Savannah
Progent has experience negotiating ransomware settlements with threat actors. Reaching an optimum settlement is a complex exercise that calls for a combination of field experience, technical knowledge and business acumen. It also calls for close co-operation with the ransomware victim's IT staff and the cyber insurance carrier, if any. Because the number one goal of the ransomware target is operational continuity, it is vital to establish recovery groups that work efficiently, concurrently, and in close communication. Progent offers the breadth of IT skills and the deep bench of experts to complement your network support team and recover your network quickly and affordably.
Support available from Progent's ransomware settlement negotiation team include:
Concurrent with the ransom negotiations, Progent's ransomware team can assist with:
- Establishing the type of ransomware involved in the attack
- Identifying and communicating with the hacker
- Assessing the recovery risk
- Validating the TA's decryption tool
- Agreeing on a settlement with the ransomware victim and the insurance carrier
- Negotiating a settlement and schedule with the threat actor
- Confirming compliance with anti-money laundering regulations
- Overseeing the crypto-currency transfer to the TA
- Acquiring, reviewing, and operating the threat actor's decryptor tool
- If needed, contacting the TA for technical help with the decryptor tool
Once the decryption tool has been learned, Progent can help you to recover machines and software services to their pre-arrack condition. Progent can also help you to conduct a full forensic review and generate a document to deliver to the insurance carrier. This document identifies cybersecurity vulnerabilities that must be eliminated and recommends steps that can be taken to block future ransomware attacks.
- Quarantining affected endpoints and data stores to prevent further spread of the attack
- Creating digital copies of each breached device and data store in order to perform forensics without interfering with restoration
- Adding anti-virus protection to all clean endpoints
- Restoring data from offline backups or unscathed machines
- Creating a pristine recovery environment
- Remapping and reconnecting datastores to match exactly their pre-encryption condition
Paying Exfiltration Ransoms
Beyond extorting payment for a decryption utility, modern strains of ransomware like Ryuk, Maze, DopplePaymer, and Egregor commonly attempt to exfiltrate files. Hackers are then able to require an extra ransom in exchange for not publishing this data on the dark web. Unfortunately, there is no method to be certain that exfiltrated files have been totally deleted by the threat actor. Actually, in many cases the threat actor has limited say about where the information ends up. Paying an exfiltration ransom does not eliminate the need for seeking the advice of privacy attorneys, conducting an investigation into which data were stolen, and performing the required notifications to affected entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises IT services across the U.S. for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes consultants who have been awarded advanced certifications in core technologies such as Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity experts have earned industry-recognized certifications including CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also has top-tier support in financial management and Enterprise Resource Planning application software. This scope of skills allows Progent to salvage and integrate the surviving pieces of your network following a ransomware attack and reconstruct them quickly into a functioning network. Progent has worked with top insurance providers like Chubb to help businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Guidance in Savannah
To contact with Progent about ransomware settlement negotiation services in Savannah, phone Progent at 800-462-8800 or go to Contact Progent.