Overview of Progent's Ransomware Forensics Analysis and Reporting in Addison
Progent's ransomware forensics experts can capture the evidence of a ransomware assault and perform a comprehensive forensics analysis without disrupting activity related to business continuity and data recovery. Your Addison organization can use Progent's post-attack ransomware forensics report to block subsequent ransomware assaults, validate the recovery of encrypted data, and meet insurance carrier and governmental requirements.
Ransomware forensics is aimed at tracking and documenting the ransomware assault's progress throughout the targeted network from start to finish. This audit trail of the way a ransomware attack travelled through the network helps you to evaluate the damage and brings to light gaps in security policies or processes that need to be corrected to prevent later break-ins. Forensic analysis is commonly given a high priority by the insurance provider and is typically mandated by state and industry regulations. Because forensics can be time consuming, it is critical that other important recovery processes such as operational resumption are pursued concurrently. Progent maintains an extensive roster of IT and security professionals with the skills needed to carry out activities for containment, operational resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics analysis is arduous and requires intimate cooperation with the groups focused on data recovery and, if needed, payment talks with the ransomware attacker. forensics typically involve the review of logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and basic Windows systems to look for variations.
Services associated with forensics include:
- Isolate but avoid shutting off all potentially impacted devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and configuring 2FA to protect your backups.
- Capture forensically valid images of all exposed devices so the data recovery team can get started
- Save firewall, virtual private network, and other critical logs as quickly as possible
- Identify the variety of ransomware used in the attack
- Survey every machine and storage device on the system as well as cloud storage for signs of encryption
- Inventory all compromised devices
- Determine the kind of ransomware involved in the assault
- Review logs and sessions in order to determine the time frame of the attack and to spot any potential lateral migration from the first infected system
- Identify the security gaps exploited to perpetrate the ransomware assault
- Look for the creation of executables surrounding the original encrypted files or network breach
- Parse Outlook web archives
- Examine email attachments
- Separate URLs from messages and determine whether they are malware
- Provide extensive incident documentation to satisfy your insurance carrier and compliance requirements
- List recommendations to shore up cybersecurity gaps and enforce processes that lower the exposure to a future ransomware breach
Progent's Qualifications
Progent has provided online and on-premises network services across the U.S. for more than two decades and has earned Microsoft's Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes consultants who have earned advanced certifications in foundation technologies such as Cisco infrastructure, VMware, and popular Linux distros. Progent's data security experts have earned prestigious certifications including CISA, CISSP-ISSAP, and GIAC. (Refer to Progent's certifications). Progent also offers top-tier support in financial management and ERP applications. This breadth of expertise gives Progent the ability to identify and consolidate the surviving parts of your IT environment after a ransomware assault and rebuild them quickly into an operational system. Progent has collaborated with leading cyber insurance carriers like Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Addison
To learn more about how Progent can assist your Addison organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.