Progent's Ransomware Settlement Negotiation Consulting
Progent is experienced in negotiating ransomware settlements with threat actors (TAs). Reaching an acceptable settlement is a complex activity that calls for a combination of real-word experience, technical skills and business savvy. It also demands working closely with the cyber-extortion target's IT team and the insurance carrier, if any. Because the number one priority of the ransomware target is operational continuity, it is vital to establish recovery groups that operate efficiently, concurrently, and in close communication. Progent offers the breadth of IT skills and the deep bench of experts to complement your network support team and restore your network rapidly and affordably.
Services provided by Progent's ransomware negotiation team include:
In parallel with the settlement negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware used in the attack
- Identifying and communicating with the hacker
- Evaluating the likelihood of recovery
- Validating the TA's decryption tool
- Agreeing on a settlement payment with the victim and the insurance carrier
- Establishing a settlement and schedule with the threat actor
- Confirming adherence to anti-money laundering sanctions
- Overseeing the crypto-currency payment to the hacker
- Acquiring, reviewing, and using the TA's decryptor tool
- If necessary, contacting the TA for assistance with the decryptor utility
After the decryption utility has been mastered, Progent can assist you to recover computers and software services to their original state. Progent can also assist you to perform comprehensive forensics and create a document to deliver to the cyber insurance carrier. This report helps you to understand security vulnerabilities that must be eliminated and recommends steps to be taken to counter subsequent ransomware assaults.
- Isolating affected endpoints and data stores to arrest the progress of the attack
- Creating digital copies of every infected server and endpoint and data store to allow forensics in parallel with cleanup
- Installing A/V agents to all clean endpoints
- Salvaging files from offline restores or uncompromised machines
- Creating a pristine environment
- Mapping and reconnecting datastores to match precisely their pre-encryption state
Settling Exfiltration Ransoms
Beyond extorting payment for a decryption utility, current strains of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Nephilim commonly attempt to steal (or "exfiltrate") files. Hackers are then able to require an additional payment for not posting this data or selling it. Unfortunately, there exists no way to prove that exfiltrated files have been completely deleted by the threat actor. Actually, in numerous cases the threat actor has little say over the disposition of the data. Settling an exfiltration ransom does not free you from the need for seeking the guidance of privacy attorneys, conducting an audit on which data were taken, and carrying out the mandated notifications to impacted entities. In general, paying an exfiltration ransom is a waste.
Progent has delivered online and onsite IT services throughout the United States for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have been awarded high-level certifications in foundation technologies including Cisco networking, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISSP, and CRISC. (Refer to Progent's certifications). Progent also has guidance in financial and ERP software. This breadth of expertise gives Progent the ability to salvage and consolidate the undamaged parts of your IT environment after a ransomware intrusion and rebuild them quickly into a viable system. Progent has worked with top insurance carriers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Services
To get in touch with Progent about crypto-ransomware settlement negotiation expertise, call Progent at 800-462-8800 or go to Contact Progent.