Progent's Ransomware Settlement Negotiation Services in Jacksonville
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Negotiating an acceptable settlement is a complex activity that requires a mix of real-word experience, technical knowledge and business savvy. It also requires working closely with the victim's IT staff and the insurance carrier, if any. Because the number one goal of the ransomware victim is operational continuity, it is vital to establish response groups that operate efficiently, in parallel, and in close communication. Progent offers the breadth of IT knowledge and the depth of personnel to complement your network staff and recover your network rapidly and affordably.
Services offered by Progent's ransomware negotiation team include:
In parallel with the ransom negotiations, Progent's ransomware staff can assist with:
- Establishing the type of ransomware used in the assault
- Identifying and communicating with the hacker persona
- Evaluating the recovery risk
- Verifying the threat actor's decryption capabilities
- Budgeting a settlement amount with the victim and the cyber insurance provider
- Establishing a settlement amount and schedule with the hacker
- Verifying adherence to anti-money laundering (AML) laws
- Carrying out the crypto-currency payment to the TA
- Receiving, reviewing, and using the threat actor's decryptor tool
- If needed, contacting the threat actor for technical help with the decryptor utility
After the decryption utility has been learned, Progent can help you to recover physical and virtual devices and software services to their pre-arrack state. Progent can also assist you to perform a complete forensics analysis and generate a document to share with the cyber insurance carrier. This document helps you to understand security vulnerabilities that need to be eliminated and suggests actions that should be taken to counter future ransomware assaults.
- Quarantining affected endpoints to prevent further progress of the assault
- Creating digital copies of every breached server and endpoint and data store in order to perform forensics without interfering with cleanup
- Installing anti-virus agents to all clean endpoints
- Salvaging files from offline restores or unscathed machines
- Creating a clean recovery environment
- Remapping and connecting drives to match exactly their pre-encryption condition
In addition to demanding payment for a decryption tool, current variants of ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor often try to exfiltrate files. Hackers can then demand an additional settlement for not publishing this information on the dark web. Unfortunately, there exists no way to be certain that exfiltrated files have been totally erased by the threat actor. In fact, in many instances the hacker has limited say over who can access the stolen files. Settling an exfiltration ransom does not free you from the necessity of seeking the advice of legal counsel, conducting an audit on which files were compromised, and performing the necessary notifications to affected entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises IT services throughout the United States for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes professionals who have earned advanced certifications in foundation technologies such as Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and ERP application software. This scope of skills allows Progent to salvage and consolidate the surviving parts of your information system after a ransomware attack and rebuild them rapidly into an operational network. Progent has worked with top insurance providers including Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Services in Jacksonville
To contact with Progent about crypto-ransomware settlement negotiation guidance in Jacksonville, phone Progent at 800-462-8800 or go to Contact Progent.