Progent's Ransomware Negotiation Services in Des Moines
Progent has experience negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complex activity that requires a mix of real-word experience, technical knowledge and business savvy. It also requires working closely with the ransomware victim's IT staff and the cyber insurance carrier, if any. Since the top priority of the ransomware victim is fast recovery, it is critical to establish response teams that operate effectively, in parallel, and with intimate collaboration. Progent offers the scope of technical knowledge and the deep bench of personnel to supplement your network support team and recover your network rapidly and economically.
Support offered by Progent's ransomware negotiation experts include:
Concurrent with the settlement negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware involved in the attack
- making contact with the hacker
- Assessing the likelihood of recovery
- Validating the TA's decryption tool
- Determining a settlement payment with the ransomware victim and the cyber insurance carrier
- Negotiating a settlement and timeline with the TA
- Checking accordance with anti-money laundering regulations
- Carrying out the crypto-currency transfer to the hacker
- Acquiring, learning, and operating the threat actor's decryption mechanism
- If necessary, contacting the hacker for assistance with the decryption utility
After the decryption utility has been mastered, Progent can help you to recover machines and software services to their original condition. Progent can also help you to perform comprehensive forensics and generate a document to share with the cyber insurance carrier. This document identifies security gaps that need to be eliminated and suggests steps that can be performed to block subsequent ransomware assaults.
- Quarantining infected endpoints to arrest the spread of the assault
- Making digital copies of each breached server and endpoint and data store in order to perform forensics without interfering with recovery
- Adding A/V protection to all clean endpoints
- Restoring files from air-gapped restores or uncompromised endpoints
- Creating a clean environment
- Mapping and connecting datastores to match precisely their pre-encryption state
Beyond demanding money for a decryption utility, current strains of ransomware like Ryuk, Sodinokibi, DopplePaymer, and Egregor commonly attempt to exfiltrate files. Hackers are then able to require an additional payment for not posting this information on the dark web. Sadly, there exists no method to be certain that exfiltrated files have been completely deleted by the TA. Actually, in many cases the TA has little control over the disposition of the data. Paying an exfiltration ransom does not free you from the need for engaging the advice of privacy attorneys, performing an investigation into which data were stolen, and carrying out the required alerts to affected entities. In general, paying an exfiltration ransom is a waste.
Progent has provided online and onsite network services across the United States for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SBEs) includes consultants who have earned advanced certifications in core technology platforms including Cisco networking, VMware virtualization, and major distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial and ERP applications. This breadth of expertise allows Progent to identify and integrate the surviving pieces of your IT environment after a ransomware assault and reconstruct them rapidly into an operational network. Progent has collaborated with top insurance carriers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Settlement Negotiation Expertise in Des Moines
To contact with Progent about crypto-ransomware settlement expertise in Des Moines, call Progent at 800-993-9400 or go to Contact Progent.