Overview of Progent's Ransomware Negotiation Services in Stockton
Progent is experienced in negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complex exercise that calls for a combination of field experience, IT skills and business acumen. It also requires close co-operation with the victim's IT team and the insurance provider, if any. Since the number one goal of the ransomware target is fast recovery, it is critical to deploy recovery groups that work effectively, in parallel, and with intimate collaboration. Progent has the breadth of IT skills and the deep bench of personnel to supplement your network staff and recover your network quickly and economically.
Support provided by Progent's ransomware negotiation experts include:
Concurrent with the settlement negotiations, Progent's ransomware team can help with:
- Establishing the type of ransomware involved in the attack
- identifying and contacting the hacker persona
- Evaluating the recovery risk
- Testing the hacker's decryption tool
- Deciding on an acceptable settlement with the victim and the cyber insurance carrier
- Establishing a settlement and timeline with the threat actor
- Verifying accordance with anti-money laundering (AML) regulations
- Managing the crypto-currency disbursement to the TA
- Acquiring, learning, and using the threat actor's decryptor utility
- If needed, contacting the threat actor for technical assistance with the decryptor tool
After the decryption tool has been mastered, Progent can assist you to restore physical and virtual devices and software services to their pre-arrack condition. Progent can also assist you to conduct a forensics investigation and create a document to share with the cyber insurance provider. This report helps you to understand cybersecurity vulnerabilities that must be fixed and recommends actions that should be taken to counter subsequent ransomware attacks.
- Isolating affected endpoints to arrest the progress of the assault
- Making digital copies of each compromised device and data store to allow forensics in parallel with cleanup
- Installing A/V agents to all clean endpoints
- Restoring data from air-gapped restores or unscathed endpoints
- Building a clean environment
- Remapping and reconnecting drives to match precisely their pre-encryption condition
Beyond demanding money for a decryption tool, modern variants of ransomware like Ryuk, Maze, DopplePaymer, and Egregor commonly try to steal (or "exfiltrate") information. TAs can then demand an extra payment in exchange for not posting this data or selling it. Unfortunately, there is no method to prove that stolen data have been completely erased by the threat actor. In fact, in many cases the hacker has limited control over data custody. Paying an exfiltration ransom does not eliminate the need for getting the guidance of privacy lawyers, conducting an audit on which files were stolen, and performing the required alerts to affected entities. Generally, paying an exfiltration ransom is not recommended.
Progent has delivered remote and on-premises IT services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have earned high-level certifications in foundation technology platforms including Cisco infrastructure, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications including CISM, CISSP, and GIAC. (See Progent's certifications). Progent also has top-tier support in financial management and Enterprise Resource Planning software. This breadth of skills allows Progent to identify and integrate the surviving pieces of your IT environment after a ransomware assault and rebuild them quickly into a functioning system. Progent has worked with top cyber insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Settlement Services in Stockton
To get in touch with Progent about ransomware settlement expertise in Stockton, call Progent at 800-462-8800 or go to Contact Progent.