Overview of Progent's Ransomware Forensics and Reporting in Akron
Progent's ransomware forensics consultants can capture the system state after a ransomware assault and carry out a detailed forensics investigation without interfering with activity required for business continuity and data recovery. Your Akron business can use Progent's forensics report to counter subsequent ransomware attacks, validate the cleanup of lost data, and comply with insurance carrier and governmental requirements.
Ransomware forensics analysis is aimed at tracking and documenting the ransomware assault's progress throughout the network from start to finish. This history of the way a ransomware attack progressed through the network helps you to evaluate the impact and brings to light gaps in rules or processes that should be corrected to prevent later breaches. Forensics is typically given a top priority by the insurance carrier and is often mandated by government and industry regulations. Because forensics can be time consuming, it is critical that other important activities such as business continuity are pursued in parallel. Progent has a large roster of IT and security experts with the knowledge and experience required to perform activities for containment, business resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics analysis is arduous and calls for intimate interaction with the teams responsible for data restoration and, if needed, settlement talks with the ransomware hacker. forensics can involve the examination of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to check for anomalies.
Services involved with forensics include:
- Isolate without shutting off all potentially affected devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user PWs, and configuring two-factor authentication to secure your backups.
- Capture forensically complete duplicates of all exposed devices so your data restoration group can proceed
- Preserve firewall, VPN, and other critical logs as quickly as possible
- Identify the variety of ransomware involved in the attack
- Examine every computer and data store on the network including cloud storage for indications of encryption
- Inventory all encrypted devices
- Establish the kind of ransomware used in the assault
- Study log activity and sessions in order to determine the timeline of the ransomware assault and to spot any potential sideways movement from the first infected system
- Identify the security gaps used to perpetrate the ransomware attack
- Search for the creation of executables associated with the original encrypted files or network compromise
- Parse Outlook PST files
- Examine attachments
- Separate any URLs from email messages and determine whether they are malware
- Provide detailed attack reporting to meet your insurance and compliance requirements
- Document recommendations to shore up security vulnerabilities and improve workflows that lower the risk of a future ransomware breach
Progent has delivered remote and on-premises IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes consultants who have been awarded advanced certifications in core technologies including Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's cybersecurity consultants have earned industry-recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and ERP software. This breadth of expertise gives Progent the ability to salvage and integrate the undamaged pieces of your network after a ransomware attack and reconstruct them rapidly into an operational network. Progent has worked with leading cyber insurance carriers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Services in Akron
To find out more about how Progent can help your Akron organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.