Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Aurora
Progent's ransomware forensics experts can preserve the system state after a ransomware assault and perform a detailed forensics investigation without impeding activity related to operational resumption and data recovery. Your Aurora organization can utilize Progent's forensics report to combat future ransomware attacks, assist in the recovery of encrypted data, and meet insurance carrier and governmental mandates.
Ransomware forensics is aimed at tracking and documenting the ransomware assault's storyline across the targeted network from start to finish. This audit trail of how a ransomware assault travelled through the network assists you to assess the damage and brings to light shortcomings in policies or work habits that should be rectified to avoid later break-ins. Forensic analysis is commonly given a high priority by the cyber insurance carrier and is typically required by government and industry regulations. Since forensics can be time consuming, it is essential that other important recovery processes such as operational continuity are executed concurrently. Progent has a large team of IT and cybersecurity professionals with the knowledge and experience required to perform activities for containment, operational continuity, and data restoration without interfering with forensics.
Ransomware forensics analysis is complex and requires close cooperation with the groups assigned to file restoration and, if necessary, settlement discussions with the ransomware hacker. Ransomware forensics typically involve the review of logs, registry, Group Policy Object, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and core Windows systems to check for anomalies.
Services associated with forensics investigation include:
- Disconnect without shutting down all possibly affected devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, modifying admin credentials and user passwords, and configuring two-factor authentication to guard backups.
- Preserve forensically complete digital images of all suspect devices so your data restoration team can proceed
- Save firewall, virtual private network, and additional key logs as quickly as possible
- Identify the type of ransomware involved in the assault
- Examine every machine and data store on the network including cloud storage for indications of encryption
- Inventory all encrypted devices
- Establish the kind of ransomware involved in the attack
- Study log activity and user sessions in order to establish the timeline of the ransomware attack and to identify any potential lateral movement from the first infected machine
- Identify the security gaps exploited to perpetrate the ransomware attack
- Look for new executables surrounding the original encrypted files or system compromise
- Parse Outlook PST files
- Analyze attachments
- Extract URLs from messages and determine whether they are malware
- Produce extensive attack documentation to meet your insurance carrier and compliance regulations
- List recommended improvements to close security vulnerabilities and enforce workflows that lower the exposure to a future ransomware exploit
Progent's Background
Progent has delivered online and onsite IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes professionals who have earned advanced certifications in foundation technologies including Cisco networking, VMware virtualization, and major distributions of Linux. Progent's data security experts have earned industry-recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and Enterprise Resource Planning application software. This broad array of skills gives Progent the ability to identify and integrate the undamaged pieces of your information system following a ransomware attack and rebuild them quickly into a functioning system. Progent has worked with top cyber insurance carriers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Aurora
To learn more information about how Progent can help your Aurora organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.