Progent's Ransomware Negotiation Services
Progent has experience negotiating ransomware settlements with hackers. Reaching an acceptable settlement is a complex activity that requires a mix of real-word experience, IT knowledge and business acumen. It also demands close co-operation with the cyber-extortion target's IT team and the insurance provider, if any. Since the number one priority of the ransomware victim is operational continuity, it is critical to deploy response groups that work efficiently, in parallel, and in close communication. Progent has the breadth of IT knowledge and the depth of experts to supplement your IT staff and restore your network rapidly and affordably.
Support provided by Progent's ransomware negotiation experts include:
Concurrent with the settlement negotiations, Progent's ransomware team can assist with:
- Establishing the kind of ransomware involved in the attack
- Identifying and communicating with the hacker persona
- Evaluating the recovery risk
- Validating the threat actor's decryption tool
- Agreeing on a settlement payment with the victim and the cyber insurance carrier
- Negotiating a settlement amount and schedule with the threat actor
- Checking compliance with anti-money laundering sanctions
- Carrying out the crypto-currency transfer to the TA
- Receiving, learning, and using the threat actor's decryptor utility
- If necessary, contacting the threat actor for assistance with the decryptor tool
After the decryption tool has been learned, Progent can help you to restore physical and virtual devices and services to their pre-arrack condition. Progent can also help you to perform a forensics investigation and generate a report to deliver to the cyber insurance provider. This document helps you to understand cybersecurity gaps that need to be eliminated and suggests steps to be taken to combat subsequent ransomware attacks.
- Quarantining infected endpoints and data stores to prevent further spread of the assault
- Making digital copies of every breached device and data store to allow forensics in parallel with restoration
- Installing A/V agents to all clean endpoints
- Salvaging data from offline restores or uncompromised machines
- Building a clean recovery environment
- Remapping and reconnecting drives to match precisely their pre-encryption state
Settling Exfiltration Ransoms
Beyond extorting payment for a decryption tool, current strains of crypto-ransomware such as Ryuk, Maze, Netwalker, and Egregor commonly try to steal (or "exfiltrate") files. Hackers can then demand an extra ransom for not divulging this data on the dark web. Unfortunately, there exists no way to prove that stolen data have been totally erased by the threat actor. In fact, in many cases the TA has limited control over data custody. Settling an exfiltration ransom does not eliminate the necessity of engaging the guidance of legal counsel, performing an audit on which files were stolen, and carrying out the required notifications to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has provided online and onsite network services across the U.S. for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have earned advanced certifications in core technology platforms including Cisco networking, VMware, and major Linux distros. Progent's data security experts have earned prestigious certifications such as CISM, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also has guidance in financial and Enterprise Resource Planning application software. This broad array of skills allows Progent to salvage and integrate the undamaged parts of your IT environment after a ransomware attack and reconstruct them rapidly into a viable system. Progent has collaborated with top cyber insurance providers like Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Settlement Negotiation Guidance
To contact with Progent about ransomware settlement negotiation services, phone Progent at 800-462-8800 or go to Contact Progent.