Progent's Ransomware Negotiation Services in Detroit
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complicated activity that requires a combination of real-word experience, technical skills and business savvy. It also demands working closely with the victim's IT team and the insurance carrier, if any. Because the number one priority of the ransomware victim is fast recovery, it is critical to deploy response groups that work effectively, concurrently, and with intimate collaboration. Progent offers the breadth of IT skills and the deep bench of experts to complement your IT staff and recover your network environment rapidly and affordably.
Services available from Progent's ransomware settlement experts include:
In parallel with the settlement negotiations, Progent's ransomware team can assist with:
- Establishing the kind of ransomware involved in the assault
- making contact with the hacker
- Evaluating the likelihood of recovery
- Verifying the threat actor's decryption capabilities
- Agreeing on a settlement with the ransomware victim and the insurance carrier
- Establishing a settlement amount and timeline with the threat actor
- Verifying accordance with anti-money laundering (AML) regulations
- Carrying out the crypto-currency transfer to the TA
- Receiving, reviewing, and operating the threat actor's decryption utility
- If needed, contacting the threat actor for technical assistance with the decryptor utility
Once the decryption tool has been mastered, Progent can help you to restore machines and services to their original state. Progent can also help you to conduct comprehensive forensics and create a document to deliver to the insurance provider. This report identifies security gaps that must be eliminated and recommends actions that should be taken to combat subsequent ransomware attacks.
- Isolating infected endpoints to arrest the progress of the assault
- Making replicas of each infected server and endpoint and data store to allow forensics in parallel with recovery
- Adding anti-virus agents to all virus-free endpoints
- Salvaging files from air-gapped restores or uncompromised machines
- Building a pristine recovery environment
- Remapping and connecting datastores to match precisely their pre-encryption state
Beyond extorting money for a decryption tool, modern strains of ransomware such as Ryuk, Sodinokibi, DopplePaymer, and Nephilim often attempt to steal (or "exfiltrate") files. Hackers are then able to demand an extra settlement in exchange for not divulging this information or selling it. Sadly, there exists no method to be certain that exfiltrated files have been completely erased by the hacker. In fact, in numerous instances the threat actor has little control about data custody. Paying an exfiltration ransom does not eliminate the need for seeking the guidance of privacy attorneys, performing an investigation into which data were stolen, and carrying out the mandated notifications to affected entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has provided online and onsite network services across the United States for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes professionals who have earned advanced certifications in foundation technologies such as Cisco networking, VMware virtualization, and major distributions of Linux. Progent's cybersecurity experts have earned prestigious certifications such as CISA, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and ERP software. This scope of expertise allows Progent to salvage and consolidate the undamaged parts of your IT environment following a ransomware attack and reconstruct them quickly into a viable network. Progent has collaborated with top cyber insurance providers like Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Settlement Expertise in Detroit
To get in touch with Progent about ransomware settlement negotiation expertise in Detroit, phone Progent at 800-462-8800 or go to Contact Progent.