Overview of Progent's Ransomware Forensics and Reporting in Anaheim
Progent's ransomware forensics experts can capture the evidence of a ransomware attack and perform a detailed forensics investigation without impeding the processes related to business resumption and data recovery. Your Anaheim organization can use Progent's post-attack forensics documentation to counter subsequent ransomware assaults, assist in the restoration of encrypted data, and meet insurance and regulatory mandates.
Ransomware forensics investigation is aimed at discovering and describing the ransomware assault's progress throughout the targeted network from beginning to end. This audit trail of the way a ransomware assault progressed through the network assists your IT staff to assess the impact and highlights gaps in rules or processes that should be rectified to avoid later breaches. Forensics is usually given a top priority by the insurance provider and is typically mandated by state and industry regulations. Because forensic analysis can take time, it is vital that other key recovery processes like operational resumption are executed in parallel. Progent maintains an extensive team of information technology and security experts with the skills required to perform the work of containment, business continuity, and data restoration without interfering with forensics.
Ransomware forensics analysis is time consuming and requires intimate interaction with the groups assigned to file recovery and, if necessary, settlement discussions with the ransomware threat actor. Ransomware forensics typically involve the review of all logs, registry, Group Policy Object, AD, DNS, routers, firewalls, scheduled tasks, and core Windows systems to detect changes.
Services associated with forensics investigation include:
- Isolate without shutting off all possibly affected devices from the network. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, changing admin credentials and user passwords, and configuring two-factor authentication to guard your backups.
- Capture forensically complete images of all suspect devices so the file recovery group can proceed
- Preserve firewall, virtual private network, and additional critical logs as quickly as feasible
- Establish the kind of ransomware involved in the attack
- Inspect each computer and data store on the system including cloud storage for signs of encryption
- Catalog all compromised devices
- Determine the kind of ransomware involved in the assault
- Review logs and user sessions to determine the time frame of the ransomware assault and to identify any potential lateral migration from the originally infected machine
- Understand the security gaps exploited to perpetrate the ransomware assault
- Look for the creation of executables associated with the first encrypted files or system compromise
- Parse Outlook PST files
- Analyze email attachments
- Separate any URLs embedded in messages and check to see whether they are malware
- Produce detailed attack documentation to satisfy your insurance carrier and compliance mandates
- Document recommendations to shore up security vulnerabilities and enforce workflows that reduce the risk of a future ransomware breach
Progent's Background
Progent has provided remote and onsite network services across the United States for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes consultants who have earned advanced certifications in foundation technologies including Cisco networking, VMware, and major Linux distros. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and ERP applications. This breadth of skills allows Progent to identify and integrate the undamaged parts of your IT environment following a ransomware assault and rebuild them quickly into a viable system. Progent has worked with top cyber insurance carriers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Services in Anaheim
To learn more about how Progent can assist your Anaheim organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.