Overview of Progent's Ransomware Forensics Analysis and Reporting in Addison
Progent's ransomware forensics experts can capture the system state after a ransomware attack and perform a comprehensive forensics investigation without disrupting activity related to operational resumption and data recovery. Your Addison business can utilize Progent's post-attack ransomware forensics report to block future ransomware attacks, validate the recovery of encrypted data, and meet insurance carrier and regulatory mandates.
Ransomware forensics investigation involves tracking and describing the ransomware assault's storyline across the targeted network from beginning to end. This audit trail of the way a ransomware assault travelled within the network helps you to assess the damage and uncovers vulnerabilities in rules or processes that need to be rectified to avoid future breaches. Forensics is typically assigned a high priority by the insurance provider and is often required by government and industry regulations. Since forensic analysis can take time, it is essential that other key activities like business resumption are performed concurrently. Progent maintains an extensive roster of IT and data security professionals with the knowledge and experience required to carry out the work of containment, operational resumption, and data restoration without interfering with forensics.
Ransomware forensics is time consuming and requires close interaction with the groups responsible for data recovery and, if necessary, settlement discussions with the ransomware Threat Actor (TA). Ransomware forensics can require the examination of logs, registry, GPO, AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to look for variations.
Services associated with forensics analysis include:
- Disconnect but avoid shutting off all potentially affected devices from the network. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user PWs, and implementing 2FA to guard your backups.
- Copy forensically complete digital images of all suspect devices so your data restoration team can get started
- Preserve firewall, VPN, and additional key logs as soon as possible
- Identify the type of ransomware used in the attack
- Inspect every computer and storage device on the system as well as cloud storage for indications of compromise
- Inventory all compromised devices
- Determine the kind of ransomware involved in the attack
- Review logs and user sessions to establish the timeline of the ransomware attack and to spot any potential lateral migration from the first compromised system
- Understand the security gaps exploited to perpetrate the ransomware attack
- Look for new executables associated with the first encrypted files or system breach
- Parse Outlook PST files
- Analyze attachments
- Extract URLs from messages and determine if they are malware
- Provide comprehensive attack reporting to satisfy your insurance and compliance regulations
- Document recommended improvements to shore up security gaps and improve workflows that lower the exposure to a future ransomware exploit
Progent has provided remote and onsite IT services across the U.S. for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have been awarded advanced certifications in core technology platforms such as Cisco infrastructure, VMware, and popular Linux distros. Progent's cybersecurity experts have earned prestigious certifications including CISA, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial management and Enterprise Resource Planning software. This breadth of expertise allows Progent to salvage and consolidate the surviving pieces of your network after a ransomware attack and reconstruct them quickly into an operational network. Progent has collaborated with leading insurance carriers like Chubb to assist organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Services in Addison
To learn more information about ways Progent can assist your Addison business with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.