Overview of Progent's Ransomware Settlement Negotiation Consulting
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an optimum settlement is a complicated exercise that calls for a combination of real-word experience, IT skills and business savvy. It also demands working closely with the victim's IT staff and the insurance carrier, if there is one. Because the top goal of the ransomware target is fast recovery, it is vital to deploy response groups that work effectively, concurrently, and in close communication. Progent offers the breadth of technical knowledge and the deep bench of personnel to complement your network staff and recover your network environment quickly and economically.
Support available from Progent's ransomware settlement negotiation experts include:
Concurrent with the ransom negotiations, Progent's ransomware team can assist with:
- Establishing the kind of ransomware used in the assault
- identifying and contacting the hacker persona
- Assessing the recovery risk
- Verifying the TA's decryption tool
- Agreeing on a settlement payment with the ransomware victim and the cyber insurance carrier
- Negotiating a settlement and schedule with the hacker
- Checking adherence to anti-money laundering (AML) laws
- Overseeing the crypto-currency payment to the hacker
- Receiving, learning, and operating the threat actor's decryption tool
- If necessary, contacting the hacker for technical help with the decryptor utility
Once the decryption tool has been learned, Progent can help you to recover machines and services to their original state. Progent can also help you to perform a full forensic review and create a document to deliver to the insurance carrier. This report helps you to understand security vulnerabilities that need to be corrected and suggests actions to be taken to combat future ransomware attacks.
- Isolating infected endpoints to prevent further progress of the attack
- Creating digital copies of every infected server and endpoint and data store to allow forensics in parallel with cleanup
- Installing A/V agents to all virus-free endpoints
- Recovering data from offline restores or unscathed machines
- Building a clean recovery environment
- Mapping and connecting datastores to match exactly their pre-attack condition
Paying Exfiltration Ransoms
In addition to demanding money for a decryption utility, modern strains of crypto-ransomware like Ryuk, Sodinokibi, DopplePaymer, and Egregor often attempt to exfiltrate files. TAs are then able to require an extra ransom in exchange for not divulging this information on the dark web. Unfortunately, there exists no method to be certain that stolen files have been completely erased by the hacker. Actually, in numerous instances the threat actor has limited say about data custody. Settling an exfiltration ransom does not eliminate the need for seeking the advice of privacy lawyers, conducting an audit on which files were compromised, and sending the necessary notifications to impacted entities. In general, paying an exfiltration ransom is a waste.
Progent has provided online and on-premises IT services throughout the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SBEs includes professionals who have been awarded advanced certifications in core technology platforms including Cisco networking, VMware virtualization, and major Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and ERP application software. This breadth of skills allows Progent to salvage and integrate the undamaged parts of your information system following a ransomware assault and reconstruct them quickly into an operational network. Progent has collaborated with leading insurance providers including Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Ransomware Settlement Services
To contact with Progent about ransomware settlement services, phone Progent at 800-462-8800 or go to Contact Progent.