Progent's Ransomware Settlement Negotiation Services in Allen
Progent has experience negotiating ransomware settlements with threat actors. Reaching an optimum settlement is a complicated exercise that requires a combination of field experience, IT knowledge and business acumen. It also demands close co-operation with the ransomware victim's IT team and the cyber insurance carrier, if any. Since the top goal of the ransomware target is operational continuity, it is critical to establish response teams that operate efficiently, in parallel, and in close communication. Progent has the scope of technical skills and the depth of personnel to complement your IT support team and recover your network rapidly and affordably.
Services provided by Progent's ransomware settlement team include:
In parallel with the ransom negotiations, Progent's ransomware staff can assist with:
- Determining the type of ransomware involved in the attack
- making contact with the hacker persona
- Evaluating the recovery risk
- Verifying the TA's decryption tool
- Deciding on an acceptable settlement amount with the ransomware victim and the cyber insurance carrier
- Negotiating a settlement amount and schedule with the threat actor
- Verifying compliance with anti-money laundering sanctions
- Carrying out the crypto-currency disbursement to the hacker
- Acquiring, learning, and using the TA's decryptor tool
- If needed, contacting the threat actor for assistance with the decryption utility
Once the decryption utility has been mastered, Progent can help you to recover physical and virtual devices and services to their original condition. Progent can also help you to perform comprehensive forensics and generate a report to share with the cyber insurance carrier. This report identifies security gaps that need to be corrected and suggests actions that can be taken to counter subsequent ransomware attacks.
- Isolating affected endpoints and data stores to arrest the spread of the attack
- Creating replicas of every compromised device and data store to allow forensics without interfering with restoration
- Installing anti-virus agents to all clean endpoints
- Recovering files from air-gapped restores or uncompromised endpoints
- Building a pristine environment
- Mapping and connecting datastores to reflect exactly their pre-encryption state
Paying Exfiltration Ransoms
In addition to demanding payment for a decryption utility, current variants of ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly attempt to exfiltrate information. TAs can then require an extra settlement in exchange for not publishing this information on the dark web. Unfortunately, there exists no method to be certain that stolen data have been completely erased by the threat actor. Actually, in many instances the TA has little say over where the information ends up. Paying an exfiltration ransom does not eliminate the need for getting the advice of legal counsel, performing an inventory of files were taken, and performing the necessary alerts to impacted entities. In general, paying an exfiltration ransom is a waste.
Progent has provided online and onsite IT services across the United States for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes professionals who have been awarded advanced certifications in foundation technologies including Cisco infrastructure, VMware, and major Linux distros. Progent's data security experts have earned internationally recognized certifications including CISA, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial management and Enterprise Resource Planning applications. This scope of expertise gives Progent the ability to identify and integrate the undamaged pieces of your network following a ransomware assault and rebuild them quickly into a functioning network. Progent has worked with leading cyber insurance providers like Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Expertise in Allen
To get in touch with Progent about ransomware settlement guidance in Allen, call Progent at 800-462-8800 or go to Contact Progent.