Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Birmingham
Progent's ransomware forensics consultants can capture the evidence of a ransomware assault and perform a comprehensive forensics investigation without disrupting activity related to business resumption and data recovery. Your Birmingham organization can utilize Progent's forensics report to block subsequent ransomware attacks, validate the cleanup of encrypted data, and meet insurance carrier and governmental requirements.
Ransomware forensics investigation involves determining and describing the ransomware assault's progress throughout the targeted network from beginning to end. This history of the way a ransomware assault progressed through the network assists you to evaluate the damage and highlights shortcomings in security policies or processes that should be rectified to prevent later breaches. Forensic analysis is typically given a top priority by the insurance provider and is typically required by state and industry regulations. Since forensics can take time, it is essential that other important recovery processes such as operational continuity are performed concurrently. Progent has an extensive roster of information technology and data security experts with the knowledge and experience required to perform activities for containment, operational resumption, and data recovery without disrupting forensic analysis.
Ransomware forensics investigation is time consuming and requires close interaction with the teams focused on file cleanup and, if needed, settlement discussions with the ransomware Threat Actor (TA). forensics typically require the review of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS servers, routers, firewalls, schedulers, and core Windows systems to detect changes.
Activities associated with forensics investigation include:
- Disconnect but avoid shutting off all possibly impacted devices from the system. This may involve closing all RDP ports and Internet connected NAS storage, modifying admin credentials and user PWs, and configuring two-factor authentication to secure your backups.
- Create forensically sound digital images of all exposed devices so your file restoration team can proceed
- Preserve firewall, virtual private network, and other critical logs as quickly as feasible
- Identify the variety of ransomware involved in the attack
- Examine each machine and data store on the system including cloud-hosted storage for signs of compromise
- Inventory all encrypted devices
- Establish the type of ransomware involved in the attack
- Review log activity and sessions in order to establish the time frame of the ransomware attack and to identify any possible lateral migration from the originally infected machine
- Identify the security gaps exploited to carry out the ransomware assault
- Look for the creation of executables surrounding the original encrypted files or network breach
- Parse Outlook web archives
- Examine attachments
- Separate any URLs from email messages and determine whether they are malicious
- Produce detailed incident documentation to satisfy your insurance carrier and compliance requirements
- List recommendations to shore up security gaps and enforce workflows that reduce the risk of a future ransomware exploit
Progent's Background
Progent has delivered online and on-premises network services across the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes professionals who have earned high-level certifications in foundation technologies such as Cisco networking, VMware virtualization, and major Linux distros. Progent's data security experts have earned prestigious certifications such as CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning applications. This breadth of skills gives Progent the ability to salvage and integrate the surviving parts of your IT environment following a ransomware attack and rebuild them rapidly into a viable system. Progent has collaborated with leading cyber insurance carriers like Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Services in Birmingham
To learn more information about how Progent can assist your Birmingham business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.