Progent's Ransomware Negotiation Consulting in Savannah
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an acceptable settlement is a complex activity that requires a combination of field experience, technical skills and business savvy. It also requires close co-operation with the victim's IT team and the cyber insurance provider, if there is one. Because the number one goal of the ransomware victim is operational continuity, it is critical to deploy response teams that work efficiently, concurrently, and in close communication. Progent has the scope of technical knowledge and the deep bench of personnel to supplement your IT staff and recover your network environment rapidly and economically.
Services available from Progent's ransomware settlement team include:
Concurrent with the ransom negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware used in the attack
- Identifying and communicating with the hacker persona
- Evaluating the likelihood of recovery
- Validating the hacker's decryption tool
- Deciding on an acceptable settlement range with the victim and the insurance carrier
- Negotiating a settlement amount and timeline with the hacker
- Confirming accordance with anti-money laundering laws
- Overseeing the crypto-currency transfer to the hacker
- Receiving, reviewing, and using the threat actor's decryption utility
- If necessary, contacting the TA for assistance with the decryptor tool
After the decryption utility has been learned, Progent can help you to recover computers and services to their original state. Progent can also help you to perform a forensics investigation and create a report to share with the cyber insurance provider. This report identifies security vulnerabilities that need to be eliminated and suggests steps that can be taken to counter subsequent ransomware assaults.
- Isolating affected endpoints to prevent further progress of the attack
- Creating digital copies of each breached device and data store in order to perform forensics without interfering with cleanup
- Installing anti-virus protection to all virus-free endpoints
- Restoring data from air-gapped restores or unscathed machines
- Building a clean environment
- Mapping and reconnecting datastores to match exactly their pre-encryption state
Settling Exfiltration Ransoms
In addition to extorting money for a decryption tool, modern variants of crypto-ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly attempt to exfiltrate information. Hackers can then demand an additional payment in exchange for not divulging this information on the dark web. Sadly, there is no method to be certain that exfiltrated data have been completely erased by the threat actor. Actually, in numerous instances the TA has limited control over where the information ends up. Paying an exfiltration ransom does not free you from the necessity of seeking the advice of legal counsel, performing an inventory of files were compromised, and carrying out the required alerts to affected entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has provided online and onsite network services across the United States for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of SBEs includes professionals who have been awarded advanced certifications in foundation technologies such as Cisco networking, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned prestigious certifications such as CISA, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and Enterprise Resource Planning application software. This breadth of skills allows Progent to salvage and integrate the surviving parts of your information system following a ransomware intrusion and reconstruct them rapidly into a functioning system. Progent has worked with top insurance carriers like Chubb to help organizations recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services in Savannah
To get in touch with Progent about crypto-ransomware settlement negotiation services in Savannah, call Progent at 800-462-8800 or go to Contact Progent.