Overview of Progent's Ransomware Settlement Negotiation Consulting in Fort Wayne
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complex exercise that calls for a mix of field experience, IT skills and business acumen. It also calls for working closely with the victim's IT staff and the cyber insurance carrier, if there is one. Since the top goal of the ransomware target is fast recovery, it is vital to establish recovery teams that work effectively, concurrently, and in close communication. Progent offers the scope of IT knowledge and the depth of personnel to complement your IT support team and restore your network rapidly and economically.
Services available from Progent's ransomware settlement experts include:
Concurrent with the settlement negotiations, Progent's ransomware staff can assist with:
- Establishing the type of ransomware involved in the assault
- Identifying and communicating with the hacker persona
- Evaluating the recovery risk
- Verifying the hacker's decryption capabilities
- Determining a settlement payment with the ransomware victim and the insurance carrier
- Negotiating a settlement amount and schedule with the TA
- Checking adherence to anti-money laundering (AML) regulations
- Managing the crypto-currency transfer to the hacker
- Acquiring, reviewing, and operating the threat actor's decryption utility
- If needed, contacting the hacker for technical assistance with the decryption utility
Once the decryption utility has been mastered, Progent can help you to recover computers and services to their original condition. Progent can also help you to perform a complete forensics analysis and generate a document to share with the insurance carrier. This document identifies cybersecurity gaps that need to be eliminated and recommends actions to be taken to combat future ransomware assaults.
- Isolating infected endpoints to prevent further progress of the attack
- Creating replicas of each compromised device and data store to allow forensics without interfering with cleanup
- Adding A/V agents to all clean endpoints
- Salvaging data from air-gapped restores or unscathed machines
- Creating a pristine recovery environment
- Remapping and reconnecting drives to match exactly their pre-encryption state
Paying Exfiltration Ransoms
Beyond demanding payment for a decryption tool, modern strains of crypto-ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Egregor often attempt to exfiltrate information. Hackers can then require an extra payment in exchange for not divulging this data or selling it. Unfortunately, there exists no way to prove that stolen files have been completely deleted by the TA. In fact, in many cases the threat actor has little control over where the information ends up. Settling an exfiltration ransom does not free you from the need for seeking the guidance of legal counsel, conducting an audit on which files were compromised, and sending the required alerts to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises network services across the U.S. for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SBEs) includes professionals who have earned advanced certifications in core technologies including Cisco infrastructure, VMware, and popular Linux distros. Progent's data security experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also has guidance in financial and Enterprise Resource Planning application software. This scope of skills allows Progent to identify and integrate the surviving parts of your network following a ransomware assault and rebuild them rapidly into a viable network. Progent has worked with leading cyber insurance carriers like Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Expertise in Fort Wayne
To get in touch with Progent about crypto-ransomware settlement guidance in Fort Wayne, phone Progent at 800-462-8800 or go to Contact Progent.