Overview of Progent's Ransomware Negotiation Consulting in Valencia
Progent is experienced in negotiating ransomware settlements with threat actors. Negotiating an optimum settlement is a complicated exercise that requires a mix of field experience, technical knowledge and business savvy. It also demands close co-operation with the cyber-extortion target's IT team and the insurance carrier, if there is one. Because the number one priority of the ransomware victim is fast recovery, it is vital to deploy response groups that work efficiently, concurrently, and in close communication. Progent has the scope of IT knowledge and the deep bench of experts to supplement your network staff and recover your network environment rapidly and economically.
Support provided by Progent's ransomware negotiation team include:
Concurrent with the settlement negotiations, Progent's ransomware team can assist with:
- Establishing the type of ransomware involved in the attack
- making contact with the hacker
- Assessing the recovery risk
- Testing the hacker's decryption tool
- Agreeing on a settlement payment with the ransomware victim and the cyber insurance provider
- Negotiating a settlement amount and schedule with the hacker
- Verifying compliance with anti-money laundering sanctions
- Overseeing the crypto-currency disbursement to the TA
- Acquiring, learning, and operating the threat actor's decryption tool
- If needed, contacting the TA for technical help with the decryption utility
After the decryption utility has been learned, Progent can help you to restore machines and services to their pre-arrack condition. Progent can also assist you to conduct comprehensive forensics and generate a document to share with the insurance carrier. This report identifies security gaps that must be corrected and suggests steps that can be performed to block subsequent ransomware attacks.
- Isolating infected endpoints to arrest the progress of the attack
- Creating digital copies of each breached device and data store in order to perform forensics in parallel with cleanup
- Adding A/V protection to all clean endpoints
- Salvaging data from air-gapped backups or uncompromised machines
- Creating a pristine recovery environment
- Remapping and connecting drives to reflect exactly their pre-encryption condition
Settling Exfiltration Ransoms
Beyond demanding money for a decryption utility, current strains of ransomware such as Ryuk, Sodinokibi, Netwalker, and Nephilim commonly attempt to exfiltrate files. Hackers are then able to demand an extra settlement in exchange for not posting this information on the dark web. Sadly, there exists no way to prove that stolen files have been totally erased by the hacker. Actually, in numerous cases the TA has limited control about data custody. Paying an exfiltration ransom does not free you from the need for engaging the advice of legal counsel, performing an audit on which data were compromised, and performing the mandated alerts to affected entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided remote and on-premises IT services across the U.S. for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SBEs) includes consultants who have earned high-level certifications in core technology platforms such as Cisco networking, VMware virtualization, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications including CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP applications. This scope of expertise allows Progent to salvage and integrate the undamaged pieces of your information system following a ransomware assault and rebuild them rapidly into a functioning network. Progent has collaborated with top cyber insurance providers like Chubb to assist organizations clean up after ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Guidance in Valencia
To contact with Progent about ransomware settlement negotiation expertise in Valencia, call Progent at 800-462-8800 or go to Contact Progent.