Progent's Ransomware Forensics Analysis and Reporting in Aurora
Progent's ransomware forensics consultants can preserve the system state after a ransomware assault and perform a detailed forensics investigation without interfering with activity required for business continuity and data recovery. Your Aurora business can utilize Progent's ransomware forensics documentation to counter subsequent ransomware attacks, validate the cleanup of lost data, and comply with insurance and regulatory mandates.
Ransomware forensics analysis involves determining and documenting the ransomware assault's progress throughout the network from start to finish. This history of how a ransomware attack travelled through the network assists your IT staff to evaluate the damage and brings to light weaknesses in security policies or processes that should be corrected to prevent future breaches. Forensic analysis is commonly given a top priority by the cyber insurance carrier and is often required by state and industry regulations. Since forensics can take time, it is vital that other important activities like business continuity are executed concurrently. Progent has a large roster of information technology and cybersecurity professionals with the skills required to perform activities for containment, business resumption, and data restoration without disrupting forensics.
Ransomware forensics is arduous and calls for intimate interaction with the groups focused on file restoration and, if needed, settlement discussions with the ransomware Threat Actor. Ransomware forensics typically require the examination of all logs, registry, Group Policy Object (GPO), AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to look for changes.
Activities associated with forensics include:
- Disconnect but avoid shutting down all potentially affected devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, changing admin credentials and user PWs, and implementing 2FA to protect backups.
- Copy forensically valid duplicates of all exposed devices so your file restoration team can proceed
- Preserve firewall, virtual private network, and additional critical logs as soon as possible
- Establish the variety of ransomware involved in the assault
- Survey each machine and data store on the system as well as cloud storage for indications of compromise
- Inventory all compromised devices
- Establish the kind of ransomware involved in the attack
- Study logs and sessions in order to determine the timeline of the ransomware assault and to spot any potential lateral movement from the originally compromised system
- Understand the security gaps exploited to perpetrate the ransomware assault
- Look for the creation of executables associated with the original encrypted files or system compromise
- Parse Outlook PST files
- Examine attachments
- Extract URLs from email messages and determine if they are malware
- Produce comprehensive incident reporting to satisfy your insurance and compliance regulations
- Document recommended improvements to shore up cybersecurity gaps and enforce processes that lower the exposure to a future ransomware exploit
Progent has provided online and onsite network services throughout the U.S. for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes professionals who have been awarded advanced certifications in core technology platforms such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's data security experts have earned industry-recognized certifications including CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also offers guidance in financial and ERP applications. This scope of expertise allows Progent to salvage and consolidate the undamaged pieces of your information system after a ransomware attack and reconstruct them rapidly into an operational network. Progent has collaborated with top cyber insurance carriers including Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Services in Aurora
To find out more information about ways Progent can assist your Aurora organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.