Progent's Ransomware Forensics Analysis and Reporting in Akron
Progent's ransomware forensics consultants can preserve the evidence of a ransomware assault and carry out a comprehensive forensics analysis without interfering with activity required for business continuity and data recovery. Your Akron business can utilize Progent's post-attack ransomware forensics report to block future ransomware attacks, assist in the restoration of encrypted data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics is aimed at tracking and describing the ransomware assault's storyline across the targeted network from beginning to end. This history of the way a ransomware attack progressed through the network assists you to assess the damage and brings to light shortcomings in security policies or work habits that need to be rectified to avoid later breaches. Forensic analysis is commonly given a top priority by the cyber insurance provider and is typically mandated by government and industry regulations. Because forensic analysis can take time, it is vital that other important recovery processes like operational resumption are performed concurrently. Progent has an extensive team of information technology and cybersecurity experts with the knowledge and experience required to carry out the work of containment, business continuity, and data restoration without interfering with forensics.
Ransomware forensics analysis is complex and requires intimate interaction with the teams responsible for data restoration and, if needed, settlement discussions with the ransomware hacker. forensics typically involve the review of logs, registry, GPO, Active Directory, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to look for variations.
Activities associated with forensics investigation include:
- Detach without shutting off all possibly suspect devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user passwords, and setting up two-factor authentication to protect backups.
- Create forensically complete duplicates of all suspect devices so your data restoration group can get started
- Preserve firewall, virtual private network, and other critical logs as soon as possible
- Establish the strain of ransomware involved in the attack
- Inspect each machine and data store on the network including cloud storage for signs of compromise
- Catalog all compromised devices
- Establish the type of ransomware used in the attack
- Study log activity and sessions in order to determine the timeline of the ransomware attack and to spot any possible sideways movement from the first compromised system
- Identify the security gaps exploited to carry out the ransomware assault
- Search for the creation of executables surrounding the original encrypted files or system compromise
- Parse Outlook PST files
- Analyze attachments
- Separate any URLs from messages and check to see if they are malware
- Provide extensive attack reporting to meet your insurance carrier and compliance regulations
- Suggest recommendations to shore up security vulnerabilities and improve workflows that reduce the risk of a future ransomware exploit
Progent has delivered remote and on-premises network services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have been awarded advanced certifications in foundation technology platforms such as Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications including CISA, CISSP, and CRISC. (See Progent's certifications). Progent also offers top-tier support in financial management and Enterprise Resource Planning application software. This broad array of skills gives Progent the ability to salvage and integrate the surviving parts of your information system following a ransomware assault and rebuild them rapidly into a functioning network. Progent has collaborated with leading cyber insurance providers including Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Services in Akron
To learn more information about how Progent can assist your Akron business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.