Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Addison
Progent's ransomware forensics consultants can capture the system state after a ransomware assault and perform a comprehensive forensics analysis without slowing down the processes required for business resumption and data restoration. Your Addison business can utilize Progent's post-attack forensics documentation to combat subsequent ransomware attacks, assist in the cleanup of lost data, and meet insurance and governmental mandates.
Ransomware forensics involves discovering and describing the ransomware attack's progress across the network from start to finish. This history of how a ransomware attack travelled within the network assists your IT staff to assess the damage and brings to light weaknesses in security policies or work habits that should be corrected to prevent later breaches. Forensics is commonly given a top priority by the insurance carrier and is often mandated by state and industry regulations. Because forensic analysis can be time consuming, it is essential that other key activities such as business resumption are performed concurrently. Progent has a large team of IT and security professionals with the skills needed to perform the work of containment, operational resumption, and data recovery without interfering with forensics.
Ransomware forensics investigation is complex and calls for intimate interaction with the groups responsible for data restoration and, if necessary, settlement talks with the ransomware adversary. forensics can involve the review of logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to look for changes.
Activities involved with forensics analysis include:
- Disconnect but avoid shutting off all potentially affected devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user PWs, and implementing two-factor authentication to secure backups.
- Capture forensically valid duplicates of all exposed devices so the data restoration team can get started
- Preserve firewall, virtual private network, and additional critical logs as quickly as possible
- Identify the version of ransomware used in the assault
- Survey every computer and data store on the system as well as cloud storage for indications of compromise
- Catalog all encrypted devices
- Determine the type of ransomware used in the assault
- Study log activity and sessions in order to determine the time frame of the ransomware assault and to spot any potential sideways migration from the originally infected machine
- Identify the security gaps exploited to perpetrate the ransomware attack
- Look for new executables associated with the original encrypted files or network breach
- Parse Outlook web archives
- Examine email attachments
- Separate any URLs from email messages and check to see if they are malicious
- Produce extensive incident documentation to meet your insurance carrier and compliance mandates
- List recommendations to close cybersecurity gaps and enforce workflows that reduce the exposure to a future ransomware breach
Progent's Qualifications
Progent has provided online and on-premises network services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have earned advanced certifications in core technologies including Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's data security experts have earned internationally recognized certifications such as CISA, CISSP, and GIAC. (See Progent's certifications). Progent also has top-tier support in financial management and ERP applications. This broad array of expertise gives Progent the ability to identify and integrate the surviving parts of your network after a ransomware assault and reconstruct them quickly into an operational system. Progent has worked with leading cyber insurance providers like Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Expertise in Addison
To find out more information about how Progent can assist your Addison organization with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.