Progent's Ransomware Forensics Analysis and Reporting in Aurora
Progent's ransomware forensics consultants can capture the evidence of a ransomware assault and carry out a detailed forensics investigation without impeding the processes required for business continuity and data restoration. Your Aurora organization can utilize Progent's post-attack forensics documentation to combat subsequent ransomware attacks, assist in the cleanup of lost data, and comply with insurance and regulatory mandates.
Ransomware forensics analysis involves determining and describing the ransomware assault's progress throughout the network from beginning to end. This history of the way a ransomware attack progressed through the network assists your IT staff to assess the damage and uncovers vulnerabilities in security policies or work habits that need to be rectified to prevent later break-ins. Forensics is usually given a high priority by the cyber insurance carrier and is typically required by state and industry regulations. Because forensics can take time, it is vital that other important recovery processes such as business resumption are pursued concurrently. Progent maintains a large team of information technology and cybersecurity experts with the skills required to carry out the work of containment, business continuity, and data restoration without disrupting forensics.
Ransomware forensics is arduous and calls for intimate cooperation with the groups assigned to file restoration and, if needed, payment talks with the ransomware Threat Actor (TA). forensics typically require the examination of logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and core Windows systems to look for variations.
Activities associated with forensics include:
- Disconnect without shutting off all possibly affected devices from the system. This may require closing all RDP ports and Internet connected network-attached storage, changing admin credentials and user PWs, and implementing 2FA to guard your backups.
- Copy forensically complete duplicates of all exposed devices so the file restoration group can proceed
- Preserve firewall, VPN, and additional critical logs as soon as feasible
- Determine the kind of ransomware used in the assault
- Survey each machine and storage device on the system including cloud-hosted storage for indications of compromise
- Inventory all encrypted devices
- Establish the type of ransomware used in the assault
- Study logs and sessions to determine the timeline of the ransomware assault and to spot any potential lateral movement from the first compromised machine
- Identify the attack vectors used to carry out the ransomware assault
- Look for new executables surrounding the first encrypted files or system compromise
- Parse Outlook PST files
- Examine attachments
- Extract any URLs embedded in messages and check to see whether they are malware
- Provide extensive attack documentation to satisfy your insurance carrier and compliance requirements
- Suggest recommended improvements to shore up cybersecurity gaps and enforce workflows that reduce the exposure to a future ransomware breach
Progent's Qualifications
Progent has provided remote and on-premises IT services throughout the United States for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes consultants who have earned high-level certifications in core technology platforms including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security experts have earned industry-recognized certifications such as CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial and ERP applications. This breadth of expertise allows Progent to identify and integrate the undamaged parts of your information system after a ransomware assault and rebuild them quickly into a viable system. Progent has collaborated with leading cyber insurance providers like Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Aurora
To find out more about how Progent can help your Aurora organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.