Progent's Ransomware Negotiation Services
Progent has experience negotiating ransomware settlements with hackers. Reaching an acceptable settlement is a complex exercise that requires a combination of field experience, technical knowledge and business acumen. It also requires working closely with the ransomware victim's IT team and the insurance carrier, if any. Because the top priority of the ransomware target is operational continuity, it is critical to deploy recovery teams that operate effectively, in parallel, and with intimate collaboration. Progent offers the breadth of IT knowledge and the depth of personnel to complement your IT staff and restore your network environment rapidly and affordably.
Services available from Progent's ransomware settlement experts include:
Concurrent with the settlement negotiations, Progent's ransomware staff can help with:
- Establishing the type of ransomware involved in the attack
- identifying and contacting the hacker
- Evaluating the likelihood of recovery
- Validating the threat actor's decryption tool
- Determining a settlement range with the victim and the cyber insurance carrier
- Establishing a settlement amount and timeline with the TA
- Verifying adherence to anti-money laundering (AML) laws
- Managing the crypto-currency payment to the hacker
- Receiving, learning, and using the TA's decryptor mechanism
- If necessary, contacting the hacker for technical help with the decryption tool
After the decryption tool has been learned, Progent can help you to recover computers and software services to their original condition. Progent can also help you to perform a full forensic review and create a document to share with the cyber insurance carrier. This report helps you to understand cybersecurity gaps that must be fixed and recommends steps that should be taken to block future ransomware assaults.
- Isolating infected endpoints and data stores to arrest the spread of the attack
- Making digital copies of every infected server and endpoint and data store in order to perform forensics without interfering with restoration
- Adding anti-virus agents to all clean endpoints
- Salvaging data from offline restores or uncompromised endpoints
- Creating a clean environment
- Remapping and reconnecting datastores to match precisely their pre-encryption condition
Settling Exfiltration Ransoms
In addition to extorting payment for a decryption tool, current strains of ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor commonly attempt to steal (or "exfiltrate") files. TAs are then able to demand an extra settlement for not posting this data or selling it. Unfortunately, there exists no way to be certain that exfiltrated files have been completely deleted by the threat actor. In fact, in many cases the hacker has little say over where the information ends up. Paying an exfiltration ransom does not free you from the need for seeking the guidance of legal counsel, performing an investigation into which data were compromised, and performing the necessary alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has provided remote and onsite network services throughout the United States for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded advanced certifications in foundation technologies such as Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity experts have earned industry-recognized certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial management and Enterprise Resource Planning application software. This broad array of expertise gives Progent the ability to identify and consolidate the undamaged parts of your information system following a ransomware attack and rebuild them rapidly into a viable network. Progent has collaborated with top insurance providers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Services
To get in touch with Progent about crypto-ransomware settlement negotiation services, phone Progent at 800-462-8800 or go to Contact Progent.