Overview of Progent's Ransomware Forensics Investigation and Reporting in Baltimore
Progent's ransomware forensics consultants can capture the system state after a ransomware assault and perform a detailed forensics investigation without impeding activity required for business continuity and data restoration. Your Baltimore business can use Progent's forensics report to block future ransomware attacks, assist in the recovery of encrypted data, and meet insurance carrier and governmental reporting requirements.
Ransomware forensics analysis is aimed at tracking and documenting the ransomware attack's storyline across the network from beginning to end. This audit trail of the way a ransomware attack travelled within the network helps your IT staff to evaluate the damage and highlights gaps in security policies or processes that need to be rectified to prevent future breaches. Forensic analysis is usually assigned a high priority by the cyber insurance provider and is often mandated by government and industry regulations. Because forensic analysis can be time consuming, it is essential that other key activities like operational resumption are performed in parallel. Progent has a large roster of information technology and data security professionals with the knowledge and experience required to carry out activities for containment, business continuity, and data restoration without interfering with forensic analysis.
Ransomware forensics investigation is complex and requires close interaction with the teams assigned to file restoration and, if necessary, payment discussions with the ransomware Threat Actor (TA). forensics can involve the examination of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and basic Windows systems to detect changes.
Services involved with forensics investigation include:
- Disconnect but avoid shutting down all potentially impacted devices from the network. This may involve closing all RDP ports and Internet connected NAS storage, modifying admin credentials and user passwords, and setting up two-factor authentication to guard your backups.
- Create forensically complete images of all suspect devices so the data recovery team can get started
- Save firewall, virtual private network, and other critical logs as quickly as feasible
- Identify the variety of ransomware involved in the attack
- Survey each machine and data store on the network including cloud-hosted storage for signs of compromise
- Catalog all compromised devices
- Determine the type of ransomware used in the assault
- Study log activity and sessions in order to determine the timeline of the ransomware assault and to identify any potential lateral migration from the originally infected machine
- Identify the attack vectors exploited to carry out the ransomware assault
- Search for the creation of executables surrounding the original encrypted files or system breach
- Parse Outlook web archives
- Analyze attachments
- Extract any URLs embedded in email messages and check to see if they are malware
- Produce detailed incident documentation to satisfy your insurance carrier and compliance mandates
- Document recommendations to close cybersecurity vulnerabilities and improve processes that reduce the exposure to a future ransomware breach
Progent has delivered online and on-premises IT services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of SBEs includes professionals who have been awarded advanced certifications in core technologies including Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's data security experts have earned prestigious certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also has top-tier support in financial and ERP applications. This breadth of expertise allows Progent to identify and consolidate the undamaged parts of your information system after a ransomware attack and rebuild them quickly into a viable network. Progent has collaborated with leading insurance providers like Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Baltimore
To find out more about how Progent can help your Baltimore organization with ransomware forensics investigation, call 1-800-993-9400 or visit Contact Progent.