Progent's Ransomware Forensics Investigation and Reporting Services in Baltimore
Progent's ransomware forensics consultants can preserve the evidence of a ransomware assault and perform a detailed forensics analysis without disrupting activity required for operational resumption and data recovery. Your Baltimore organization can utilize Progent's post-attack forensics documentation to combat future ransomware assaults, validate the recovery of lost data, and meet insurance carrier and governmental requirements.
Ransomware forensics investigation involves determining and describing the ransomware attack's storyline across the targeted network from beginning to end. This audit trail of the way a ransomware assault progressed through the network helps your IT staff to assess the damage and highlights vulnerabilities in policies or processes that need to be rectified to avoid later breaches. Forensics is usually assigned a top priority by the cyber insurance provider and is often mandated by government and industry regulations. Since forensics can be time consuming, it is essential that other key recovery processes such as operational continuity are executed concurrently. Progent has an extensive team of IT and security professionals with the skills required to perform the work of containment, operational continuity, and data recovery without interfering with forensics.
Ransomware forensics investigation is complex and calls for close interaction with the groups assigned to file recovery and, if needed, settlement discussions with the ransomware hacker. forensics typically involve the review of all logs, registry, GPO, AD, DNS, routers, firewalls, schedulers, and basic Windows systems to check for changes.
Services involved with forensics investigation include:
- Detach without shutting down all possibly affected devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user passwords, and implementing 2FA to guard backups.
- Preserve forensically valid duplicates of all suspect devices so the data restoration group can get started
- Save firewall, VPN, and other key logs as soon as feasible
- Establish the type of ransomware involved in the assault
- Inspect each machine and storage device on the network including cloud storage for signs of encryption
- Catalog all compromised devices
- Determine the kind of ransomware used in the assault
- Study logs and sessions in order to establish the time frame of the assault and to identify any potential sideways migration from the originally compromised machine
- Understand the security gaps used to perpetrate the ransomware attack
- Search for new executables surrounding the first encrypted files or system breach
- Parse Outlook PST files
- Examine attachments
- Extract any URLs embedded in email messages and determine whether they are malware
- Provide comprehensive attack documentation to meet your insurance and compliance requirements
- Suggest recommended improvements to close security gaps and improve workflows that reduce the exposure to a future ransomware breach
Progent has delivered remote and onsite network services across the United States for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have been awarded advanced certifications in core technology platforms such as Cisco infrastructure, VMware, and popular distributions of Linux. Progent's data security consultants have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial and Enterprise Resource Planning application software. This breadth of expertise allows Progent to salvage and consolidate the undamaged parts of your IT environment following a ransomware assault and rebuild them quickly into an operational network. Progent has worked with leading insurance carriers like Chubb to assist businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Baltimore
To learn more about how Progent can help your Baltimore organization with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.