Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Allentown
Progent's ransomware forensics experts can save the system state after a ransomware attack and carry out a detailed forensics analysis without impeding the processes related to business continuity and data recovery. Your Allentown organization can utilize Progent's forensics report to block future ransomware attacks, validate the recovery of lost data, and meet insurance and governmental reporting requirements.
Ransomware forensics investigation involves tracking and describing the ransomware assault's progress across the network from start to finish. This history of the way a ransomware attack travelled through the network helps you to assess the damage and uncovers gaps in policies or work habits that need to be rectified to avoid later breaches. Forensics is typically assigned a high priority by the cyber insurance carrier and is often mandated by state and industry regulations. Since forensic analysis can be time consuming, it is vital that other important recovery processes such as business continuity are pursued in parallel. Progent maintains an extensive roster of information technology and data security experts with the knowledge and experience required to carry out the work of containment, business continuity, and data restoration without disrupting forensic analysis.
Ransomware forensics analysis is complicated and requires close cooperation with the teams responsible for data recovery and, if needed, payment discussions with the ransomware Threat Actor. forensics typically require the review of all logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to detect variations.
Activities involved with forensics investigation include:
- Disconnect without shutting down all potentially impacted devices from the network. This may require closing all RDP ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and configuring two-factor authentication to secure your backups.
- Copy forensically sound digital images of all exposed devices so the file restoration team can get started
- Save firewall, VPN, and additional key logs as soon as possible
- Determine the version of ransomware involved in the attack
- Inspect every computer and storage device on the system including cloud storage for indications of encryption
- Inventory all compromised devices
- Establish the kind of ransomware involved in the attack
- Review log activity and sessions in order to determine the time frame of the ransomware assault and to spot any possible sideways movement from the first infected machine
- Identify the security gaps used to perpetrate the ransomware assault
- Search for new executables surrounding the first encrypted files or network breach
- Parse Outlook web archives
- Examine attachments
- Extract URLs from messages and determine whether they are malware
- Provide detailed incident reporting to meet your insurance carrier and compliance mandates
- Document recommendations to close security gaps and enforce workflows that lower the risk of a future ransomware exploit
Progent has provided online and on-premises IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SBEs) includes consultants who have earned advanced certifications in foundation technology platforms such as Cisco networking, VMware virtualization, and major Linux distros. Progent's cybersecurity consultants have earned prestigious certifications such as CISA, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP software. This breadth of skills gives Progent the ability to identify and consolidate the undamaged pieces of your information system after a ransomware assault and reconstruct them quickly into an operational network. Progent has collaborated with leading cyber insurance carriers like Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Allentown
To find out more information about how Progent can help your Allentown organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.