Progent's Ransomware Settlement Negotiation Consulting in Hialeah
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Negotiating an optimum settlement is a complex exercise that requires a mix of field experience, IT skills and business savvy. It also requires working closely with the cyber-extortion target's IT team and the cyber insurance provider, if any. Since the top priority of the ransomware victim is fast recovery, it is critical to establish recovery groups that operate efficiently, in parallel, and in close communication. Progent has the breadth of technical knowledge and the deep bench of personnel to complement your network staff and recover your network environment rapidly and economically.
Services available from Progent's ransomware settlement team include:
In parallel with the ransom negotiations, Progent's ransomware staff can assist with:
- Establishing the type of ransomware used in the attack
- identifying and contacting the hacker persona
- Evaluating the recovery risk
- Verifying the TA's decryption tool
- Budgeting a settlement with the victim and the cyber insurance carrier
- Negotiating a settlement and schedule with the threat actor
- Checking accordance with anti-money laundering sanctions
- Overseeing the crypto-currency transfer to the TA
- Receiving, learning, and using the TA's decryption utility
- If needed, contacting the threat actor for technical help with the decryptor utility
Once the decryption utility has been mastered, Progent can help you to recover physical and virtual devices and software services to their original state. Progent can also help you to perform a forensics investigation and create a report to deliver to the cyber insurance provider. This report helps you to understand security vulnerabilities that need to be corrected and suggests steps that should be performed to combat subsequent ransomware assaults.
- Quarantining affected endpoints to arrest the spread of the assault
- Creating digital copies of each infected server and endpoint and data store in order to perform forensics in parallel with restoration
- Adding anti-virus agents to all virus-free endpoints
- Restoring files from air-gapped backups or uncompromised endpoints
- Creating a pristine environment
- Mapping and reconnecting datastores to reflect exactly their pre-attack condition
Paying Exfiltration Ransoms
Beyond extorting payment for a decryption utility, modern strains of ransomware like Ryuk, Maze, Netwalker, and Egregor commonly try to steal (or "exfiltrate") information. Hackers can then demand an extra ransom in exchange for not posting this information or selling it. Sadly, there is no way to prove that exfiltrated files have been completely deleted by the TA. Actually, in many instances the hacker has limited say over data custody. Paying an exfiltration ransom does not eliminate the need for getting the guidance of legal counsel, performing an investigation into which files were compromised, and performing the required alerts to impacted entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises network services throughout the U.S. for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have earned advanced certifications in foundation technologies such as Cisco infrastructure, VMware, and popular Linux distros. Progent's data security consultants have earned internationally recognized certifications such as CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also offers top-tier support in financial management and Enterprise Resource Planning application software. This breadth of skills allows Progent to salvage and consolidate the undamaged parts of your network after a ransomware attack and reconstruct them rapidly into an operational system. Progent has collaborated with top cyber insurance carriers including Chubb to assist organizations clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Expertise in Hialeah
To contact with Progent about ransomware settlement guidance in Hialeah, phone Progent at 800-462-8800 or go to Contact Progent.