Overview of Progent's Ransomware Settlement Negotiation Consulting in Hartford
Progent has experience negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complicated activity that calls for a combination of field experience, IT knowledge and business savvy. It also requires working closely with the ransomware victim's IT staff and the insurance provider, if there is one. Since the top priority of the ransomware target is operational continuity, it is vital to establish response groups that operate effectively, in parallel, and with intimate collaboration. Progent offers the breadth of IT knowledge and the depth of personnel to supplement your IT staff and restore your network environment quickly and affordably.
Support provided by Progent's ransomware settlement negotiation team include:
In parallel with the settlement negotiations, Progent's ransomware staff can assist with:
- Determining the type of ransomware involved in the assault
- Identifying and communicating with the hacker
- Assessing the likelihood of recovery
- Validating the threat actor's decryption tool
- Budgeting a settlement range with the victim and the cyber insurance provider
- Establishing a settlement and timeline with the threat actor
- Confirming compliance with anti-money laundering (AML) laws
- Overseeing the crypto-currency disbursement to the TA
- Receiving, learning, and using the hacker's decryption mechanism
- If needed, contacting the TA for assistance with the decryption tool
Once the decryption tool has been learned, Progent can assist you to restore computers and services to their original condition. Progent can also help you to perform a complete forensics analysis and create a document to deliver to the insurance carrier. This document helps you to understand cybersecurity vulnerabilities that need to be corrected and suggests steps that can be taken to counter subsequent ransomware assaults.
- Isolating infected endpoints to arrest the progress of the attack
- Creating digital copies of every infected server and endpoint and data store to allow forensics in parallel with recovery
- Adding A/V protection to all clean endpoints
- Restoring files from offline backups or unscathed machines
- Building a pristine recovery environment
- Mapping and connecting datastores to reflect precisely their pre-encryption condition
Paying Exfiltration Ransoms
In addition to demanding payment for a decryption tool, current variants of ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor commonly attempt to exfiltrate information. TAs are then able to require an additional ransom in exchange for not publishing this information on the dark web. Sadly, there is no way to be certain that exfiltrated data have been totally erased by the hacker. Actually, in many cases the TA has limited control about the disposition of the data. Settling an exfiltration ransom does not eliminate the need for seeking the guidance of privacy lawyers, performing an audit on which data were taken, and sending the required alerts to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided online and onsite network services across the United States for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes professionals who have been awarded advanced certifications in foundation technologies including Cisco networking, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also offers guidance in financial management and Enterprise Resource Planning applications. This scope of skills gives Progent the ability to salvage and consolidate the undamaged parts of your IT environment following a ransomware intrusion and reconstruct them quickly into an operational system. Progent has worked with top cyber insurance providers including Chubb to help organizations recover from ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Services in Hartford
To get in touch with Progent about crypto-ransomware settlement negotiation expertise in Hartford, call Progent at 800-462-8800 or go to Contact Progent.