Overview of Progent's Ransomware Settlement Negotiation Services in Manchester
Progent has experience negotiating ransomware settlements with threat actors (TAs). Reaching an optimum settlement is a complex activity that requires a mix of real-word experience, IT knowledge and business savvy. It also calls for working closely with the ransomware victim's IT staff and the cyber insurance carrier, if there is one. Since the number one goal of the ransomware victim is fast recovery, it is vital to deploy recovery groups that operate effectively, in parallel, and with intimate collaboration. Progent has the breadth of IT skills and the deep bench of personnel to complement your network support team and recover your network environment rapidly and affordably.
Services provided by Progent's ransomware negotiation team include:
Concurrent with the settlement negotiations, Progent's ransomware team can help with:
- Establishing the type of ransomware involved in the attack
- making contact with the hacker
- Evaluating the likelihood of recovery
- Validating the hacker's decryption tool
- Determining a settlement with the victim and the insurance carrier
- Negotiating a settlement amount and schedule with the TA
- Checking compliance with anti-money laundering (AML) sanctions
- Overseeing the crypto-currency payment to the TA
- Receiving, reviewing, and operating the threat actor's decryption tool
- If necessary, contacting the TA for technical assistance with the decryption utility
After the decryption utility has been mastered, Progent can assist you to recover computers and services to their pre-arrack condition. Progent can also help you to perform a complete forensics analysis and create a document to deliver to the cyber insurance carrier. This document helps you to understand cybersecurity gaps that need to be corrected and recommends actions that should be performed to counter subsequent ransomware attacks.
- Quarantining infected endpoints to arrest the spread of the attack
- Making replicas of every infected server and endpoint and data store to allow forensics without interfering with cleanup
- Adding A/V protection to all clean endpoints
- Recovering data from air-gapped restores or unscathed machines
- Creating a clean recovery environment
- Remapping and connecting drives to match exactly their pre-encryption condition
Paying Exfiltration Ransoms
In addition to extorting payment for a decryption tool, modern strains of ransomware such as Ryuk, Sodinokibi, Netwalker, and Egregor often try to steal (or "exfiltrate") information. TAs are then able to demand an extra settlement for not divulging this data on the dark web. Unfortunately, there is no way to prove that exfiltrated files have been totally erased by the TA. Actually, in many instances the hacker has limited control about data custody. Settling an exfiltration ransom does not free you from the need for getting the advice of privacy lawyers, performing an investigation into which files were taken, and sending the necessary alerts to affected entities. In almost all cases, paying an exfiltration ransom is not recommended.
Progent has provided online and on-premises IT services throughout the U.S. for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have earned advanced certifications in core technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial and Enterprise Resource Planning software. This breadth of skills allows Progent to identify and consolidate the undamaged parts of your information system after a ransomware intrusion and reconstruct them quickly into a functioning network. Progent has collaborated with top insurance carriers like Chubb to assist businesses recover from ransomware assaults.
Contact Progent about Ransomware Settlement Guidance in Manchester
To contact with Progent about ransomware settlement negotiation services in Manchester, call Progent at 800-462-8800 or go to Contact Progent.