Progent's Ransomware Forensics and Reporting in Arlington
Progent's ransomware forensics consultants can preserve the evidence of a ransomware assault and carry out a detailed forensics investigation without slowing down the processes related to business resumption and data restoration. Your Arlington business can use Progent's forensics documentation to block subsequent ransomware attacks, assist in the restoration of lost data, and meet insurance and governmental requirements.
Ransomware forensics involves discovering and describing the ransomware assault's storyline across the network from beginning to end. This audit trail of how a ransomware assault progressed within the network assists your IT staff to evaluate the impact and uncovers gaps in policies or processes that should be corrected to prevent later break-ins. Forensics is typically given a high priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Because forensics can take time, it is vital that other important recovery processes like business resumption are pursued concurrently. Progent has a large roster of information technology and data security professionals with the skills required to carry out the work of containment, business continuity, and data restoration without disrupting forensics.
Ransomware forensics analysis is time consuming and requires close interaction with the teams responsible for data recovery and, if necessary, payment talks with the ransomware hacker. Ransomware forensics typically involve the review of logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to detect variations.
Services associated with forensics include:
- Disconnect without shutting off all potentially impacted devices from the network. This can require closing all RDP ports and Internet connected NAS storage, changing admin credentials and user PWs, and setting up 2FA to guard backups.
- Create forensically complete images of all suspect devices so the data recovery group can proceed
- Preserve firewall, VPN, and additional key logs as soon as feasible
- Establish the kind of ransomware involved in the assault
- Examine every machine and data store on the network including cloud-hosted storage for indications of encryption
- Catalog all compromised devices
- Establish the type of ransomware used in the assault
- Review log activity and user sessions in order to determine the time frame of the assault and to spot any potential lateral migration from the originally compromised machine
- Understand the security gaps exploited to carry out the ransomware attack
- Look for new executables surrounding the original encrypted files or network compromise
- Parse Outlook web archives
- Analyze email attachments
- Separate URLs embedded in messages and determine if they are malware
- Produce extensive incident documentation to satisfy your insurance and compliance requirements
- Suggest recommendations to close security vulnerabilities and improve processes that lower the risk of a future ransomware breach
Progent has delivered online and onsite IT services across the United States for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have been awarded high-level certifications in core technology platforms such as Cisco networking, VMware, and popular distributions of Linux. Progent's data security experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also has top-tier support in financial and Enterprise Resource Planning application software. This broad array of expertise gives Progent the ability to salvage and consolidate the surviving pieces of your network following a ransomware intrusion and reconstruct them rapidly into a viable network. Progent has worked with leading cyber insurance carriers like Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Arlington
To learn more information about how Progent can assist your Arlington organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.