Overview of Progent's Ransomware Settlement Negotiation Consulting in Birmingham
Progent is experienced in negotiating ransomware settlements with threat actors. Negotiating an acceptable settlement is a complicated activity that requires a combination of real-word experience, IT knowledge and business savvy. It also demands close co-operation with the ransomware victim's IT team and the cyber insurance carrier, if any. Since the number one priority of the ransomware target is operational continuity, it is vital to deploy recovery groups that work effectively, in parallel, and with intimate collaboration. Progent offers the breadth of technical knowledge and the deep bench of experts to supplement your network support team and recover your network rapidly and economically.
Services offered by Progent's ransomware settlement experts include:
Concurrent with the settlement negotiations, Progent's ransomware staff can assist with:
- Establishing the type of ransomware involved in the assault
- making contact with the hacker
- Assessing the likelihood of recovery
- Testing the TA's decryption tool
- Determining a settlement with the ransomware victim and the insurance carrier
- Negotiating a settlement amount and timeline with the threat actor
- Verifying accordance with anti-money laundering (AML) regulations
- Carrying out the crypto-currency payment to the hacker
- Acquiring, learning, and using the threat actor's decryption tool
- If necessary, contacting the threat actor for technical help with the decryption tool
After the decryption utility has been mastered, Progent can help you to recover physical and virtual devices and services to their original condition. Progent can also assist you to conduct comprehensive forensics and generate a document to deliver to the cyber insurance provider. This document identifies security vulnerabilities that must be corrected and suggests steps that can be performed to block subsequent ransomware assaults.
- Quarantining infected endpoints to arrest the spread of the assault
- Making replicas of each compromised device and data store in order to perform forensics in parallel with restoration
- Adding A/V agents to all clean endpoints
- Salvaging files from air-gapped restores or uncompromised machines
- Creating a clean recovery environment
- Remapping and reconnecting datastores to reflect exactly their pre-encryption condition
Settling Exfiltration Ransoms
Beyond demanding money for a decryption utility, modern variants of ransomware such as Ryuk, Maze, DopplePaymer, and Nephilim commonly try to exfiltrate information. TAs are then able to demand a separate settlement in exchange for not divulging this data or selling it. Unfortunately, there exists no method to be certain that exfiltrated data have been completely erased by the threat actor. In fact, in many instances the TA has limited control about the disposition of the data. Settling an exfiltration ransom does not free you from the necessity of seeking the guidance of legal counsel, conducting an inventory of files were stolen, and performing the required alerts to impacted entities. In general, paying an exfiltration ransom is not recommended.
Progent has delivered online and on-premises network services throughout the United States for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes consultants who have been awarded advanced certifications in core technologies such as Cisco infrastructure, VMware, and major Linux distros. Progent's data security experts have earned industry-recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP applications. This breadth of expertise allows Progent to salvage and integrate the surviving pieces of your network following a ransomware assault and rebuild them rapidly into a viable network. Progent has collaborated with top insurance carriers like Chubb to help businesses recover from ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Services in Birmingham
To get in touch with Progent about crypto-ransomware settlement expertise in Birmingham, call Progent at 800-462-8800 or go to Contact Progent.