Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Baltimore
Progent's ransomware forensics experts can capture the system state after a ransomware assault and carry out a comprehensive forensics investigation without interfering with the processes required for operational continuity and data restoration. Your Baltimore business can utilize Progent's forensics documentation to block future ransomware attacks, assist in the cleanup of encrypted data, and comply with insurance and regulatory mandates.
Ransomware forensics involves discovering and describing the ransomware assault's storyline across the network from start to finish. This audit trail of how a ransomware attack travelled within the network assists your IT staff to assess the damage and highlights vulnerabilities in rules or work habits that should be corrected to avoid later breaches. Forensic analysis is typically assigned a high priority by the insurance carrier and is typically mandated by state and industry regulations. Since forensics can be time consuming, it is critical that other important activities such as operational continuity are executed concurrently. Progent has a large team of information technology and data security professionals with the skills needed to carry out the work of containment, business continuity, and data recovery without disrupting forensic analysis.
Ransomware forensics analysis is time consuming and requires close interaction with the groups assigned to data recovery and, if needed, payment talks with the ransomware Threat Actor (TA). Ransomware forensics typically involve the review of logs, registry, GPO, Active Directory, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to detect changes.
Activities associated with forensics analysis include:
- Disconnect but avoid shutting down all potentially impacted devices from the system. This can require closing all RDP ports and Internet facing network-attached storage, changing admin credentials and user PWs, and setting up two-factor authentication to guard your backups.
- Create forensically valid duplicates of all suspect devices so your file recovery team can get started
- Save firewall, VPN, and other critical logs as quickly as feasible
- Identify the strain of ransomware involved in the assault
- Examine each computer and storage device on the system including cloud storage for signs of compromise
- Catalog all encrypted devices
- Determine the kind of ransomware used in the assault
- Study log activity and sessions in order to determine the time frame of the attack and to identify any potential sideways migration from the originally infected system
- Identify the attack vectors used to carry out the ransomware assault
- Search for the creation of executables surrounding the first encrypted files or system breach
- Parse Outlook web archives
- Examine attachments
- Extract URLs embedded in messages and determine if they are malware
- Produce detailed incident reporting to satisfy your insurance and compliance requirements
- Suggest recommended improvements to shore up security vulnerabilities and enforce processes that lower the exposure to a future ransomware exploit
Progent has delivered remote and onsite IT services across the U.S. for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SBEs includes consultants who have earned advanced certifications in foundation technology platforms including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned industry-recognized certifications such as CISA, CISSP, and CRISC. (Refer to Progent's certifications). Progent also offers top-tier support in financial management and ERP application software. This scope of skills gives Progent the ability to salvage and integrate the undamaged pieces of your network following a ransomware assault and rebuild them quickly into a functioning network. Progent has collaborated with leading insurance carriers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Baltimore
To find out more information about ways Progent can assist your Baltimore business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.