Overview of Progent's Ransomware Settlement Negotiation Consulting
Progent has experience negotiating ransomware settlements with threat actors. Negotiating an optimum settlement is a complicated exercise that requires a mix of field experience, IT knowledge and business savvy. It also calls for close co-operation with the cyber-extortion target's IT staff and the cyber insurance carrier, if any. Because the number one priority of the ransomware target is operational continuity, it is critical to deploy recovery groups that operate effectively, in parallel, and with intimate collaboration. Progent offers the breadth of IT knowledge and the depth of experts to complement your network support team and recover your network rapidly and economically.
Services provided by Progent's ransomware settlement negotiation team include:
Concurrent with the ransom negotiations, Progent's ransomware team can assist with:
- Establishing the kind of ransomware involved in the attack
- identifying and contacting the hacker persona
- Evaluating the likelihood of recovery
- Validating the TA's decryption capabilities
- Agreeing on a settlement amount with the victim and the cyber insurance provider
- Negotiating a settlement amount and timeline with the threat actor
- Confirming accordance with anti-money laundering (AML) regulations
- Overseeing the crypto-currency payment to the hacker
- Receiving, learning, and operating the hacker's decryption tool
- If needed, contacting the TA for technical help with the decryption utility
Once the decryption utility has been mastered, Progent can assist you to restore computers and software services to their pre-arrack state. Progent can also assist you to perform a complete forensics analysis and generate a report to deliver to the cyber insurance provider. This document identifies cybersecurity gaps that need to be eliminated and suggests steps that can be taken to block subsequent ransomware attacks.
- Quarantining infected endpoints and data stores to arrest the progress of the attack
- Creating replicas of every breached device and data store in order to perform forensics without interfering with recovery
- Installing A/V protection to all virus-free endpoints
- Recovering files from offline restores or uncompromised machines
- Creating a pristine recovery environment
- Remapping and connecting datastores to match exactly their pre-attack state
Beyond demanding money for a decryption utility, modern variants of ransomware like Ryuk, Sodinokibi, Netwalker, and Egregor commonly try to steal (or "exfiltrate") files. TAs are then able to demand an extra ransom in exchange for not posting this information on the dark web. Sadly, there exists no way to guarantee that stolen data have been completely deleted by the TA. In fact, in many cases the TA has little control over where the information ends up. Settling an exfiltration ransom does not free you from the necessity of engaging the advice of privacy lawyers, conducting an inventory of data were taken, and carrying out the required alerts to impacted entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered online and on-premises IT services throughout the United States for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have earned advanced certifications in core technologies including Cisco networking, VMware, and popular Linux distros. Progent's data security consultants have earned internationally recognized certifications such as CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and ERP application software. This breadth of expertise allows Progent to identify and integrate the undamaged pieces of your IT environment after a ransomware intrusion and rebuild them rapidly into a viable network. Progent has collaborated with top insurance carriers like Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Crypto-Ransomware Settlement Negotiation Expertise
To get in touch with Progent about ransomware settlement negotiation expertise, phone Progent at 800-462-8800 or go to Contact Progent.