Progent's Ransomware Negotiation Consulting in Denver
Progent is experienced in negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complex exercise that calls for a mix of real-word experience, IT knowledge and business savvy. It also demands working closely with the cyber-extortion target's IT staff and the insurance provider, if there is one. Since the number one priority of the ransomware victim is operational continuity, it is critical to deploy response teams that operate effectively, concurrently, and in close communication. Progent has the scope of IT skills and the deep bench of personnel to complement your network staff and recover your network rapidly and affordably.
Services offered by Progent's ransomware negotiation experts include:
In parallel with the settlement negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware involved in the attack
- identifying and contacting the hacker
- Assessing the recovery risk
- Testing the threat actor's decryption tool
- Agreeing on a settlement with the ransomware victim and the cyber insurance provider
- Negotiating a settlement amount and schedule with the TA
- Confirming accordance with anti-money laundering regulations
- Overseeing the crypto-currency transfer to the hacker
- Acquiring, reviewing, and using the threat actor's decryption utility
- If necessary, contacting the TA for technical assistance with the decryption utility
Once the decryption tool has been learned, Progent can help you to recover physical and virtual devices and services to their original state. Progent can also assist you to conduct a complete forensics analysis and create a document to share with the insurance carrier. This document identifies security vulnerabilities that must be corrected and suggests steps to be taken to counter subsequent ransomware assaults.
- Quarantining affected endpoints to arrest the progress of the assault
- Creating digital copies of each compromised device and data store in order to perform forensics without interfering with cleanup
- Installing anti-virus agents to all clean endpoints
- Salvaging data from offline backups or uncompromised endpoints
- Creating a clean recovery environment
- Remapping and connecting datastores to reflect precisely their pre-attack state
In addition to demanding payment for a decryption utility, modern variants of crypto-ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor commonly attempt to steal (or "exfiltrate") files. Hackers are then able to demand a separate payment in exchange for not divulging this information on the dark web. Sadly, there exists no way to guarantee that stolen data have been totally deleted by the hacker. In fact, in many instances the hacker has little say about the disposition of the data. Settling an exfiltration ransom does not free you from the need for getting the advice of privacy lawyers, performing an inventory of data were taken, and sending the mandated notifications to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided remote and on-premises IT services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes professionals who have earned advanced certifications in foundation technologies such as Cisco infrastructure, VMware, and major Linux distros. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial management and Enterprise Resource Planning application software. This scope of skills gives Progent the ability to salvage and consolidate the undamaged pieces of your network after a ransomware assault and rebuild them rapidly into a functioning system. Progent has worked with top cyber insurance providers like Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Expertise in Denver
To get in touch with Progent about ransomware settlement guidance in Denver, call Progent at 800-462-8800 or go to Contact Progent.