Progent's Ransomware Negotiation Consulting
Progent is experienced in negotiating ransomware settlements with threat actors. Reaching an optimum settlement is a complicated exercise that calls for a combination of real-word experience, technical skills and business acumen. It also calls for close co-operation with the ransomware victim's IT staff and the cyber insurance carrier, if there is one. Since the number one priority of the ransomware victim is operational continuity, it is critical to establish recovery teams that work efficiently, concurrently, and with intimate collaboration. Progent has the scope of IT knowledge and the deep bench of personnel to supplement your network staff and recover your network quickly and affordably.
Support provided by Progent's ransomware negotiation team include:
In parallel with the settlement negotiations, Progent's ransomware staff can assist with:
- Establishing the kind of ransomware involved in the assault
- Identifying and communicating with the hacker
- Evaluating the likelihood of recovery
- Testing the TA's decryption tool
- Deciding on an acceptable settlement amount with the ransomware victim and the cyber insurance provider
- Negotiating a settlement amount and timeline with the threat actor
- Checking accordance with anti-money laundering sanctions
- Carrying out the crypto-currency disbursement to the hacker
- Receiving, learning, and using the TA's decryptor mechanism
- If needed, contacting the threat actor for technical assistance with the decryptor tool
After the decryption utility has been learned, Progent can help you to restore physical and virtual devices and software services to their pre-arrack state. Progent can also help you to conduct a complete forensics analysis and create a document to share with the cyber insurance carrier. This document helps you to understand cybersecurity vulnerabilities that need to be corrected and recommends actions that can be taken to combat subsequent ransomware assaults.
- Isolating affected endpoints and data stores to prevent further spread of the attack
- Creating replicas of every breached server and endpoint and data store in order to perform forensics in parallel with recovery
- Adding anti-virus agents to all clean endpoints
- Recovering files from offline restores or uncompromised machines
- Creating a pristine recovery environment
- Remapping and connecting datastores to match exactly their pre-attack state
Paying Exfiltration Ransoms
Beyond demanding payment for a decryption utility, modern strains of ransomware like Ryuk, Sodinokibi, Netwalker, and Nephilim often try to exfiltrate information. TAs are then able to demand a separate payment for not divulging this information on the dark web. Unfortunately, there exists no method to guarantee that stolen files have been totally deleted by the TA. Actually, in many instances the hacker has little say over where the information ends up. Paying an exfiltration ransom does not eliminate the necessity of seeking the advice of privacy lawyers, performing an inventory of data were taken, and performing the required notifications to impacted entities. In general, paying an exfiltration ransom is a waste.
Progent has provided online and on-premises network services throughout the U.S. for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes consultants who have earned high-level certifications in foundation technologies including Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity experts have earned prestigious certifications such as CISA, CISSP, and GIAC. (Refer to Progent's certifications). Progent also has top-tier support in financial and Enterprise Resource Planning software. This broad array of expertise allows Progent to salvage and integrate the undamaged pieces of your information system after a ransomware intrusion and reconstruct them rapidly into an operational system. Progent has collaborated with top cyber insurance providers including Chubb to help businesses recover from ransomware assaults.
To get in touch with Progent about ransomware settlement negotiation services, phone Progent at 800-993-9400 or go to Contact Progent.