Progent's Ransomware Forensics Analysis and Reporting in Baltimore
Progent's ransomware forensics experts can preserve the system state after a ransomware assault and perform a comprehensive forensics investigation without impeding activity required for business continuity and data recovery. Your Baltimore business can use Progent's post-attack forensics documentation to combat future ransomware assaults, validate the restoration of lost data, and comply with insurance carrier and governmental reporting requirements.
Ransomware forensics investigation is aimed at discovering and documenting the ransomware attack's storyline across the targeted network from start to finish. This history of how a ransomware assault progressed through the network assists your IT staff to evaluate the impact and brings to light vulnerabilities in rules or processes that need to be corrected to prevent future break-ins. Forensics is usually given a top priority by the insurance provider and is often required by government and industry regulations. Because forensic analysis can be time consuming, it is vital that other key activities such as business resumption are executed concurrently. Progent has a large team of information technology and data security experts with the knowledge and experience required to carry out the work of containment, operational continuity, and data recovery without interfering with forensic analysis.
Ransomware forensics analysis is complicated and requires intimate interaction with the groups assigned to data restoration and, if necessary, payment talks with the ransomware hacker. Ransomware forensics typically involve the review of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to detect changes.
Services involved with forensics analysis include:
- Isolate but avoid shutting down all potentially affected devices from the network. This may require closing all RDP ports and Internet facing NAS storage, changing admin credentials and user PWs, and configuring two-factor authentication to protect backups.
- Create forensically complete digital images of all suspect devices so your file restoration team can proceed
- Preserve firewall, virtual private network, and other key logs as soon as possible
- Determine the strain of ransomware involved in the attack
- Inspect every machine and data store on the system including cloud-hosted storage for signs of compromise
- Catalog all encrypted devices
- Determine the type of ransomware involved in the assault
- Review logs and user sessions in order to determine the time frame of the ransomware assault and to spot any possible sideways migration from the first infected system
- Understand the attack vectors used to perpetrate the ransomware assault
- Look for the creation of executables surrounding the original encrypted files or network breach
- Parse Outlook PST files
- Analyze attachments
- Extract any URLs embedded in email messages and check to see if they are malware
- Provide extensive attack reporting to satisfy your insurance and compliance regulations
- Suggest recommendations to close security vulnerabilities and enforce workflows that reduce the risk of a future ransomware breach
Progent has provided remote and onsite network services across the U.S. for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have earned high-level certifications in foundation technologies including Cisco infrastructure, VMware, and major distributions of Linux. Progent's data security consultants have earned prestigious certifications including CISA, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial and Enterprise Resource Planning applications. This broad array of skills allows Progent to identify and integrate the surviving pieces of your network after a ransomware assault and rebuild them rapidly into a functioning network. Progent has worked with top cyber insurance carriers like Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Baltimore
To find out more about ways Progent can help your Baltimore organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.