Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Addison
Progent's ransomware forensics experts can capture the system state after a ransomware assault and perform a comprehensive forensics investigation without disrupting the processes required for operational continuity and data restoration. Your Addison organization can utilize Progent's ransomware forensics documentation to combat future ransomware attacks, assist in the recovery of encrypted data, and meet insurance carrier and governmental reporting requirements.
Ransomware forensics involves tracking and describing the ransomware assault's progress throughout the network from start to finish. This audit trail of how a ransomware attack progressed within the network assists your IT staff to assess the damage and uncovers weaknesses in rules or work habits that need to be corrected to avoid later break-ins. Forensic analysis is usually assigned a high priority by the insurance carrier and is typically mandated by government and industry regulations. Because forensics can be time consuming, it is vital that other important activities like operational continuity are performed concurrently. Progent maintains an extensive roster of information technology and cybersecurity experts with the skills needed to perform the work of containment, operational resumption, and data recovery without interfering with forensics.
Ransomware forensics is complicated and calls for intimate interaction with the teams focused on data recovery and, if necessary, settlement discussions with the ransomware Threat Actor (TA). forensics can require the examination of all logs, registry, Group Policy Object, AD, DNS, routers, firewalls, schedulers, and basic Windows systems to check for changes.
Activities associated with forensics analysis include:
- Isolate without shutting down all potentially suspect devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, changing admin credentials and user passwords, and configuring two-factor authentication to secure your backups.
- Capture forensically complete duplicates of all suspect devices so your data restoration group can proceed
- Preserve firewall, virtual private network, and additional key logs as quickly as possible
- Identify the version of ransomware involved in the attack
- Survey every machine and storage device on the network including cloud storage for indications of encryption
- Catalog all encrypted devices
- Determine the type of ransomware used in the attack
- Study logs and user sessions to determine the time frame of the ransomware assault and to identify any possible sideways movement from the originally compromised system
- Understand the attack vectors used to perpetrate the ransomware assault
- Search for the creation of executables associated with the first encrypted files or network breach
- Parse Outlook PST files
- Examine email attachments
- Extract any URLs embedded in messages and check to see whether they are malicious
- Produce detailed attack documentation to satisfy your insurance and compliance mandates
- Suggest recommendations to shore up security gaps and improve processes that reduce the risk of a future ransomware exploit
Progent has provided online and onsite network services across the U.S. for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have earned high-level certifications in foundation technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's data security consultants have earned prestigious certifications including CISA, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial management and ERP applications. This breadth of skills gives Progent the ability to salvage and integrate the undamaged parts of your IT environment following a ransomware intrusion and reconstruct them quickly into a functioning network. Progent has worked with leading cyber insurance carriers including Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Addison
To learn more about ways Progent can assist your Addison business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.