Overview of Progent's Ransomware Settlement Negotiation Consulting in Eugene
Progent has experience negotiating ransomware settlements with threat actors (TAs). Negotiating an acceptable settlement is a complex exercise that requires a mix of real-word experience, technical knowledge and business savvy. It also requires working closely with the cyber-extortion target's IT team and the insurance carrier, if any. Because the number one goal of the ransomware victim is operational continuity, it is vital to establish recovery teams that work effectively, concurrently, and in close communication. Progent has the scope of technical skills and the depth of personnel to complement your network support team and recover your network quickly and affordably.
Support available from Progent's ransomware settlement negotiation team include:
In parallel with the ransom negotiations, Progent's ransomware staff can help with:
- Determining the type of ransomware involved in the attack
- identifying and contacting the hacker persona
- Evaluating the likelihood of recovery
- Validating the threat actor's decryption capabilities
- Determining a settlement with the victim and the insurance provider
- Negotiating a settlement amount and timeline with the hacker
- Verifying adherence to anti-money laundering (AML) sanctions
- Managing the crypto-currency disbursement to the hacker
- Acquiring, reviewing, and using the hacker's decryption utility
- If necessary, contacting the threat actor for technical help with the decryptor tool
After the decryption utility has been learned, Progent can assist you to restore machines and services to their pre-arrack condition. Progent can also assist you to perform comprehensive forensics and create a document to share with the cyber insurance provider. This report helps you to understand security gaps that must be eliminated and suggests steps that can be taken to combat future ransomware assaults.
- Quarantining infected endpoints and data stores to prevent further progress of the attack
- Creating replicas of every breached server and endpoint and data store to allow forensics in parallel with cleanup
- Installing A/V agents to all clean endpoints
- Restoring files from air-gapped backups or unscathed endpoints
- Building a pristine recovery environment
- Mapping and reconnecting datastores to match precisely their pre-attack condition
Paying Exfiltration Ransoms
In addition to demanding payment for a decryption utility, modern variants of crypto-ransomware such as Ryuk, Maze, Netwalker, and Egregor commonly attempt to exfiltrate information. TAs can then demand an extra settlement for not publishing this data on the dark web. Sadly, there is no way to guarantee that stolen data have been totally erased by the TA. In fact, in many cases the TA has little say over data custody. Paying an exfiltration ransom does not eliminate the need for engaging the advice of legal counsel, performing an audit on which data were compromised, and carrying out the required notifications to impacted entities. In almost all cases, paying an exfiltration ransom is a waste.
Progent has delivered remote and onsite network services across the U.S. for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have been awarded high-level certifications in foundation technologies such as Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also has top-tier support in financial and Enterprise Resource Planning application software. This scope of skills allows Progent to salvage and integrate the undamaged pieces of your information system following a ransomware assault and rebuild them quickly into a viable system. Progent has worked with top insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Settlement Services in Eugene
To contact with Progent about crypto-ransomware settlement negotiation guidance in Eugene, call Progent at 800-462-8800 or go to Contact Progent.