Overview of Progent's Ransomware Negotiation Services in Detroit
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an acceptable settlement is a complicated exercise that requires a mix of real-word experience, technical knowledge and business acumen. It also demands close co-operation with the ransomware victim's IT team and the insurance provider, if there is one. Because the top priority of the ransomware target is operational continuity, it is vital to establish recovery teams that work effectively, concurrently, and with intimate collaboration. Progent has the scope of IT skills and the deep bench of experts to supplement your network staff and recover your network environment rapidly and affordably.
Services available from Progent's ransomware settlement team include:
Concurrent with the settlement negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware involved in the attack
- making contact with the hacker persona
- Assessing the likelihood of recovery
- Testing the hacker's decryption tool
- Budgeting a settlement amount with the ransomware victim and the cyber insurance provider
- Negotiating a settlement amount and timeline with the TA
- Checking accordance with anti-money laundering (AML) laws
- Managing the crypto-currency payment to the TA
- Receiving, reviewing, and operating the threat actor's decryptor utility
- If necessary, contacting the threat actor for assistance with the decryptor tool
Once the decryption utility has been mastered, Progent can help you to recover machines and services to their pre-arrack state. Progent can also help you to conduct a forensics investigation and generate a report to share with the cyber insurance carrier. This document identifies security vulnerabilities that must be corrected and suggests actions that should be taken to counter subsequent ransomware attacks.
- Isolating infected endpoints and data stores to prevent further progress of the attack
- Creating digital copies of every compromised server and endpoint and data store to allow forensics without interfering with recovery
- Installing A/V agents to all clean endpoints
- Salvaging data from offline restores or unscathed machines
- Creating a pristine environment
- Mapping and connecting datastores to match precisely their pre-attack state
Paying Exfiltration Ransoms
In addition to extorting money for a decryption tool, current variants of crypto-ransomware like Ryuk, Maze, Netwalker, and Egregor often try to steal (or "exfiltrate") files. Hackers can then require an additional payment for not posting this information on the dark web. Unfortunately, there exists no method to prove that stolen data have been completely deleted by the TA. Actually, in many instances the threat actor has limited say about the disposition of the data. Paying an exfiltration ransom does not free you from the need for engaging the guidance of legal counsel, conducting an inventory of data were compromised, and carrying out the required notifications to affected entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered online and on-premises network services throughout the United States for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SBEs includes professionals who have been awarded high-level certifications in foundation technologies including Cisco infrastructure, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications including CISA, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning applications. This scope of expertise gives Progent the ability to identify and integrate the undamaged pieces of your information system after a ransomware intrusion and rebuild them quickly into an operational network. Progent has collaborated with leading insurance providers like Chubb to assist businesses recover from ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services in Detroit
To contact with Progent about crypto-ransomware settlement negotiation services in Detroit, phone Progent at 800-462-8800 or go to Contact Progent.