Overview of Progent's Ransomware Negotiation Services in Ribeirão Preto
Progent has experience negotiating ransomware settlements with hackers. Reaching an acceptable settlement is a complicated activity that requires a mix of field experience, technical knowledge and business acumen. It also requires close co-operation with the cyber-extortion target's IT staff and the insurance provider, if any. Because the number one priority of the ransomware victim is fast recovery, it is vital to establish response groups that operate effectively, concurrently, and in close communication. Progent has the breadth of technical skills and the deep bench of experts to complement your IT staff and recover your network rapidly and economically.
Services available from Progent's ransomware settlement experts include:
Concurrent with the ransom negotiations, Progent's ransomware staff can help with:
- Determining the type of ransomware used in the attack
- identifying and contacting the hacker persona
- Evaluating the recovery risk
- Verifying the TA's decryption tool
- Budgeting a settlement range with the ransomware victim and the insurance provider
- Establishing a settlement and schedule with the threat actor
- Checking accordance with anti-money laundering laws
- Carrying out the crypto-currency payment to the TA
- Acquiring, reviewing, and operating the hacker's decryption utility
- If necessary, contacting the hacker for technical help with the decryption tool
Once the decryption utility has been learned, Progent can assist you to restore machines and software services to their pre-arrack state. Progent can also assist you to perform a full forensic review and create a report to share with the cyber insurance carrier. This document helps you to understand cybersecurity gaps that need to be eliminated and suggests steps that should be taken to combat future ransomware attacks.
- Quarantining affected endpoints and data stores to prevent further progress of the attack
- Creating digital copies of every compromised server and endpoint and data store to allow forensics without interfering with cleanup
- Adding A/V agents to all virus-free endpoints
- Recovering data from offline backups or uncompromised machines
- Building a pristine environment
- Mapping and connecting drives to match exactly their pre-attack condition
Settling Exfiltration Ransoms
Beyond extorting money for a decryption tool, modern variants of crypto-ransomware like Ryuk, Maze, Netwalker, and Egregor commonly attempt to exfiltrate information. Hackers can then require an extra payment in exchange for not publishing this data on the dark web. Sadly, there exists no method to be certain that stolen files have been completely erased by the threat actor. In fact, in many cases the TA has limited say over the disposition of the data. Settling an exfiltration ransom does not eliminate the necessity of seeking the advice of privacy lawyers, conducting an inventory of files were stolen, and performing the required notifications to affected entities. In general, paying an exfiltration ransom is not recommended.
Progent has delivered remote and onsite network services across the U.S. for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have earned advanced certifications in foundation technology platforms such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned industry-recognized certifications including CISA, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and ERP application software. This breadth of skills allows Progent to identify and integrate the surviving pieces of your information system following a ransomware intrusion and reconstruct them rapidly into a functioning system. Progent has collaborated with top insurance providers like Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Crypto-Ransomware Settlement Negotiation Guidance in Ribeirão Preto
To get in touch with Progent about crypto-ransomware settlement negotiation services in Ribeirão Preto, phone Progent at 800-462-8800 or go to Contact Progent.