Overview of Progent's Ransomware Forensics and Reporting in Akron
Progent's ransomware forensics experts can preserve the system state after a ransomware attack and carry out a detailed forensics analysis without disrupting the processes required for business continuity and data restoration. Your Akron organization can use Progent's ransomware forensics report to counter subsequent ransomware attacks, validate the recovery of encrypted data, and comply with insurance and governmental reporting requirements.
Ransomware forensics analysis is aimed at tracking and documenting the ransomware assault's progress across the network from start to finish. This history of the way a ransomware attack travelled through the network assists you to assess the damage and brings to light gaps in security policies or processes that should be corrected to avoid later breaches. Forensics is typically assigned a high priority by the cyber insurance provider and is often mandated by state and industry regulations. Because forensic analysis can be time consuming, it is critical that other important activities like operational resumption are performed concurrently. Progent has a large roster of IT and cybersecurity experts with the skills needed to carry out the work of containment, operational resumption, and data recovery without disrupting forensic analysis.
Ransomware forensics analysis is complex and requires close interaction with the groups responsible for data restoration and, if needed, settlement talks with the ransomware hacker. forensics can require the examination of all logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to check for anomalies.
Activities associated with forensics analysis include:
- Isolate without shutting off all potentially affected devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user passwords, and setting up 2FA to protect your backups.
- Capture forensically sound duplicates of all suspect devices so the file recovery group can proceed
- Save firewall, virtual private network, and additional key logs as quickly as possible
- Identify the version of ransomware involved in the attack
- Inspect every machine and storage device on the system as well as cloud-hosted storage for indications of encryption
- Inventory all encrypted devices
- Establish the type of ransomware involved in the attack
- Study log activity and user sessions in order to establish the timeline of the ransomware assault and to spot any potential lateral movement from the first compromised system
- Identify the security gaps used to perpetrate the ransomware attack
- Search for the creation of executables surrounding the first encrypted files or network breach
- Parse Outlook PST files
- Examine email attachments
- Separate any URLs from email messages and check to see if they are malicious
- Produce extensive attack documentation to meet your insurance and compliance mandates
- Document recommended improvements to shore up security gaps and enforce processes that reduce the risk of a future ransomware breach
Progent has provided remote and onsite network services across the United States for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have earned high-level certifications in core technology platforms such as Cisco infrastructure, VMware, and major Linux distros. Progent's data security consultants have earned prestigious certifications such as CISA, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning applications. This scope of skills allows Progent to identify and consolidate the surviving pieces of your network after a ransomware intrusion and reconstruct them rapidly into an operational network. Progent has collaborated with top insurance providers like Chubb to help organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Akron
To learn more about ways Progent can assist your Akron organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.