Overview of Progent's Ransomware Negotiation Services in Seattle
Progent is experienced in negotiating ransomware settlements with threat actors. Reaching an acceptable settlement is a complex activity that requires a combination of real-word experience, IT skills and business savvy. It also calls for close co-operation with the ransomware victim's IT team and the cyber insurance carrier, if there is one. Because the number one priority of the ransomware victim is fast recovery, it is critical to establish recovery groups that operate effectively, concurrently, and with intimate collaboration. Progent offers the scope of technical knowledge and the deep bench of personnel to complement your IT support team and recover your network rapidly and economically.
Support provided by Progent's ransomware settlement negotiation team include:
In parallel with the ransom negotiations, Progent's ransomware staff can help with:
- Establishing the kind of ransomware used in the assault
- identifying and contacting the hacker
- Assessing the recovery risk
- Validating the TA's decryption tool
- Agreeing on a settlement amount with the victim and the insurance carrier
- Establishing a settlement amount and timeline with the hacker
- Confirming accordance with anti-money laundering laws
- Managing the crypto-currency transfer to the TA
- Receiving, learning, and operating the threat actor's decryptor utility
- If necessary, contacting the TA for technical help with the decryption utility
Once the decryption tool has been learned, Progent can assist you to recover machines and software services to their original state. Progent can also assist you to perform comprehensive forensics and generate a report to share with the cyber insurance carrier. This report helps you to understand security gaps that need to be fixed and suggests steps to be taken to counter future ransomware assaults.
- Quarantining infected endpoints and data stores to prevent further spread of the attack
- Making digital copies of each breached device and data store to allow forensics in parallel with recovery
- Adding anti-virus agents to all virus-free endpoints
- Restoring files from offline restores or unscathed machines
- Creating a clean environment
- Remapping and reconnecting datastores to reflect exactly their pre-attack state
Paying Exfiltration Ransoms
Beyond extorting money for a decryption utility, current variants of crypto-ransomware such as Ryuk, Maze, DopplePaymer, and Nephilim commonly try to steal (or "exfiltrate") files. Hackers can then require an additional settlement for not divulging this data on the dark web. Sadly, there exists no method to be certain that stolen data have been completely deleted by the threat actor. In fact, in many cases the hacker has little control over who can access the stolen files. Paying an exfiltration ransom does not eliminate the necessity of engaging the advice of legal counsel, performing an audit on which files were stolen, and carrying out the required notifications to affected entities. In general, paying an exfiltration ransom is a waste.
Progent has provided remote and onsite network services across the U.S. for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have earned advanced certifications in foundation technology platforms including Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's data security experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and ERP application software. This scope of skills allows Progent to identify and integrate the undamaged parts of your IT environment after a ransomware attack and reconstruct them quickly into a viable system. Progent has worked with top cyber insurance carriers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Settlement Services in Seattle
To get in touch with Progent about crypto-ransomware settlement negotiation expertise in Seattle, call Progent at 800-462-8800 or go to Contact Progent.