Progent's Ransomware Settlement Negotiation Consulting
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an optimum settlement is a complicated exercise that requires a mix of real-word experience, IT knowledge and business savvy. It also requires close co-operation with the victim's IT staff and the cyber insurance carrier, if there is one. Because the top goal of the ransomware victim is fast recovery, it is critical to establish response teams that operate efficiently, concurrently, and with intimate collaboration. Progent has the breadth of technical skills and the deep bench of experts to supplement your network staff and recover your network rapidly and economically.
Support offered by Progent's ransomware settlement negotiation team include:
Concurrent with the ransom negotiations, Progent's ransomware team can assist with:
- Establishing the type of ransomware used in the attack
- identifying and contacting the hacker
- Evaluating the likelihood of recovery
- Verifying the hacker's decryption tool
- Agreeing on a settlement with the ransomware victim and the cyber insurance provider
- Negotiating a settlement amount and schedule with the TA
- Checking adherence to anti-money laundering regulations
- Overseeing the crypto-currency transfer to the hacker
- Acquiring, reviewing, and operating the TA's decryption utility
- If necessary, contacting the threat actor for technical help with the decryptor tool
After the decryption tool has been learned, Progent can help you to restore computers and services to their original condition. Progent can also help you to conduct a forensics investigation and generate a document to deliver to the cyber insurance carrier. This document identifies security gaps that need to be corrected and suggests actions to be taken to counter subsequent ransomware attacks.
- Isolating affected endpoints and data stores to prevent further progress of the attack
- Making replicas of each compromised server and endpoint and data store in order to perform forensics in parallel with restoration
- Adding anti-virus protection to all clean endpoints
- Recovering files from offline backups or uncompromised machines
- Creating a clean environment
- Remapping and connecting drives to reflect exactly their pre-attack condition
Paying Exfiltration Ransoms
Beyond extorting payment for a decryption tool, modern strains of ransomware like Ryuk, Maze, Netwalker, and Nephilim often attempt to steal (or "exfiltrate") files. Hackers can then demand a separate settlement for not publishing this data on the dark web. Unfortunately, there exists no method to prove that exfiltrated data have been totally erased by the threat actor. Actually, in many instances the threat actor has limited say over data custody. Paying an exfiltration ransom does not free you from the need for engaging the advice of legal counsel, performing an audit on which data were taken, and carrying out the mandated notifications to affected entities. Generally, paying an exfiltration ransom is a waste.
Progent has delivered online and onsite network services throughout the U.S. for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have earned high-level certifications in core technology platforms including Cisco infrastructure, VMware, and major distributions of Linux. Progent's data security experts have earned internationally recognized certifications such as CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also has guidance in financial management and Enterprise Resource Planning applications. This scope of skills gives Progent the ability to salvage and integrate the undamaged parts of your IT environment after a ransomware attack and rebuild them quickly into a viable network. Progent has worked with leading cyber insurance providers including Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Ransomware Settlement Expertise
To contact with Progent about ransomware settlement guidance, phone Progent at 800-462-8800 or go to Contact Progent.