Overview of Progent's Ransomware Forensics and Reporting in Brooklyn
Progent's ransomware forensics consultants can save the evidence of a ransomware attack and perform a detailed forensics analysis without impeding activity required for operational resumption and data restoration. Your Brooklyn business can use Progent's post-attack forensics report to counter future ransomware assaults, assist in the restoration of encrypted data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics is aimed at discovering and describing the ransomware attack's progress across the targeted network from start to finish. This audit trail of how a ransomware attack travelled through the network assists your IT staff to evaluate the impact and highlights gaps in rules or work habits that should be rectified to prevent future break-ins. Forensics is typically assigned a top priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Because forensic analysis can be time consuming, it is critical that other key recovery processes such as operational resumption are pursued in parallel. Progent maintains a large team of information technology and cybersecurity experts with the skills needed to perform the work of containment, business continuity, and data recovery without disrupting forensics.
Ransomware forensics is complex and calls for close cooperation with the teams focused on data restoration and, if needed, settlement discussions with the ransomware Threat Actor. Ransomware forensics typically involve the review of all logs, registry, Group Policy Object (GPO), Active Directory, DNS servers, routers, firewalls, schedulers, and basic Windows systems to check for anomalies.
Services associated with forensics analysis include:
- Detach without shutting down all potentially suspect devices from the network. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, changing admin credentials and user PWs, and implementing two-factor authentication to protect your backups.
- Copy forensically complete duplicates of all exposed devices so your data restoration group can get started
- Preserve firewall, VPN, and additional key logs as soon as possible
- Establish the type of ransomware involved in the attack
- Survey each computer and data store on the system as well as cloud storage for signs of encryption
- Inventory all compromised devices
- Determine the kind of ransomware used in the attack
- Review logs and sessions to establish the time frame of the ransomware attack and to identify any potential sideways movement from the first compromised system
- Understand the attack vectors exploited to perpetrate the ransomware attack
- Look for the creation of executables surrounding the first encrypted files or network breach
- Parse Outlook PST files
- Examine attachments
- Separate any URLs embedded in email messages and determine if they are malicious
- Produce comprehensive incident documentation to satisfy your insurance and compliance mandates
- Suggest recommended improvements to shore up cybersecurity gaps and improve workflows that reduce the exposure to a future ransomware exploit
Progent has delivered remote and on-premises IT services throughout the United States for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SBEs) includes professionals who have been awarded advanced certifications in core technology platforms including Cisco infrastructure, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned prestigious certifications including CISM, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also offers guidance in financial management and ERP application software. This broad array of skills gives Progent the ability to identify and consolidate the surviving parts of your IT environment after a ransomware attack and reconstruct them quickly into an operational network. Progent has worked with top insurance providers like Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Services in Brooklyn
To learn more information about how Progent can help your Brooklyn business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.