Overview of Progent's Ransomware Negotiation Consulting in Des Moines
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an optimum settlement is a complicated activity that requires a combination of field experience, technical skills and business acumen. It also calls for working closely with the victim's IT team and the cyber insurance provider, if there is one. Since the top priority of the ransomware target is fast recovery, it is critical to deploy response teams that work efficiently, in parallel, and in close communication. Progent offers the breadth of technical knowledge and the depth of experts to complement your IT staff and restore your network quickly and economically.
Services available from Progent's ransomware settlement negotiation team include:
In parallel with the ransom negotiations, Progent's ransomware team can assist with:
- Establishing the type of ransomware used in the assault
- making contact with the hacker
- Assessing the recovery risk
- Testing the threat actor's decryption tool
- Agreeing on a settlement with the victim and the cyber insurance carrier
- Establishing a settlement amount and timeline with the threat actor
- Checking adherence to anti-money laundering regulations
- Overseeing the crypto-currency payment to the hacker
- Receiving, learning, and operating the threat actor's decryption tool
- If needed, contacting the threat actor for assistance with the decryptor tool
After the decryption utility has been mastered, Progent can help you to recover machines and services to their original condition. Progent can also help you to perform comprehensive forensics and generate a report to share with the insurance provider. This document helps you to understand security gaps that must be fixed and suggests actions that should be performed to block subsequent ransomware attacks.
- Quarantining affected endpoints and data stores to prevent further progress of the assault
- Creating replicas of each infected server and endpoint and data store in order to perform forensics in parallel with cleanup
- Adding A/V protection to all clean endpoints
- Salvaging data from offline backups or unscathed machines
- Creating a pristine recovery environment
- Mapping and connecting drives to reflect precisely their pre-attack condition
In addition to extorting money for a decryption tool, current variants of crypto-ransomware such as Ryuk, Sodinokibi, Netwalker, and Nephilim often attempt to steal (or "exfiltrate") information. Hackers are then able to demand a separate settlement in exchange for not divulging this data on the dark web. Unfortunately, there exists no method to guarantee that exfiltrated data have been totally erased by the TA. Actually, in many cases the TA has limited control over the disposition of the data. Paying an exfiltration ransom does not eliminate the need for seeking the advice of privacy lawyers, conducting an audit on which data were stolen, and sending the required alerts to affected entities. In general, paying an exfiltration ransom is a waste.
Progent has provided online and on-premises IT services across the U.S. for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have earned high-level certifications in foundation technology platforms such as Cisco networking, VMware virtualization, and popular Linux distros. Progent's data security consultants have earned prestigious certifications including CISM, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also has guidance in financial management and ERP application software. This broad array of skills gives Progent the ability to identify and integrate the surviving pieces of your IT environment following a ransomware attack and rebuild them quickly into a functioning network. Progent has collaborated with leading cyber insurance providers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services in Des Moines
To contact with Progent about crypto-ransomware settlement negotiation guidance in Des Moines, call Progent at 800-462-8800 or go to Contact Progent.