Overview of Progent's Ransomware Forensics Investigation and Reporting in Birmingham
Progent's ransomware forensics experts can save the system state after a ransomware assault and perform a comprehensive forensics investigation without impeding activity required for operational continuity and data recovery. Your Birmingham organization can utilize Progent's forensics report to block future ransomware attacks, validate the cleanup of lost data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics involves determining and describing the ransomware assault's progress throughout the network from beginning to end. This history of how a ransomware assault travelled within the network helps you to evaluate the damage and uncovers weaknesses in security policies or work habits that need to be corrected to prevent future breaches. Forensics is commonly given a high priority by the cyber insurance carrier and is typically required by state and industry regulations. Because forensics can be time consuming, it is vital that other key activities such as business resumption are pursued concurrently. Progent has a large team of IT and cybersecurity experts with the skills required to carry out the work of containment, operational resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics is arduous and calls for intimate cooperation with the groups responsible for data restoration and, if needed, settlement negotiation with the ransomware Threat Actor (TA). Ransomware forensics can involve the examination of logs, registry, Group Policy Object, AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for anomalies.
Services involved with forensics investigation include:
- Disconnect without shutting down all possibly affected devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, changing admin credentials and user passwords, and configuring two-factor authentication to secure your backups.
- Preserve forensically sound digital images of all suspect devices so your data recovery team can proceed
- Preserve firewall, VPN, and other key logs as soon as feasible
- Establish the variety of ransomware used in the attack
- Examine every machine and storage device on the system as well as cloud storage for signs of compromise
- Inventory all encrypted devices
- Establish the kind of ransomware used in the attack
- Review logs and user sessions to determine the time frame of the attack and to identify any potential lateral movement from the first compromised system
- Identify the security gaps used to perpetrate the ransomware attack
- Search for new executables associated with the original encrypted files or network breach
- Parse Outlook PST files
- Examine email attachments
- Separate any URLs from email messages and determine if they are malware
- Provide comprehensive incident reporting to satisfy your insurance and compliance requirements
- Suggest recommended improvements to shore up cybersecurity gaps and improve processes that reduce the risk of a future ransomware exploit
Progent's Background
Progent has delivered online and onsite network services throughout the U.S. for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded advanced certifications in core technology platforms such as Cisco infrastructure, VMware, and popular Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISSP, and GIAC. (See Progent's certifications). Progent also has top-tier support in financial and ERP applications. This scope of skills gives Progent the ability to salvage and consolidate the undamaged pieces of your information system after a ransomware assault and rebuild them rapidly into a viable network. Progent has worked with leading cyber insurance carriers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Birmingham
To learn more information about ways Progent can help your Birmingham organization with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.