Overview of Progent's Ransomware Forensics Analysis and Reporting in Broomfield
Progent's ransomware forensics experts can preserve the evidence of a ransomware attack and carry out a detailed forensics analysis without slowing down activity related to operational continuity and data restoration. Your Broomfield organization can use Progent's forensics report to counter future ransomware attacks, validate the restoration of encrypted data, and comply with insurance carrier and regulatory reporting requirements.
Ransomware forensics is aimed at discovering and documenting the ransomware assault's storyline across the network from beginning to end. This history of how a ransomware attack travelled through the network assists you to evaluate the damage and uncovers shortcomings in security policies or processes that should be corrected to avoid later break-ins. Forensic analysis is usually given a top priority by the insurance carrier and is often mandated by government and industry regulations. Because forensics can be time consuming, it is critical that other important activities such as operational continuity are performed concurrently. Progent maintains a large roster of information technology and security experts with the skills required to perform activities for containment, operational continuity, and data recovery without interfering with forensics.
Ransomware forensics analysis is complex and calls for close interaction with the groups focused on file recovery and, if necessary, payment talks with the ransomware attacker. Ransomware forensics can require the review of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, schedulers, and basic Windows systems to detect changes.
Activities involved with forensics include:
- Disconnect but avoid shutting off all possibly affected devices from the system. This can involve closing all RDP ports and Internet facing NAS storage, modifying admin credentials and user passwords, and implementing 2FA to secure backups.
- Create forensically sound images of all exposed devices so the data recovery team can get started
- Save firewall, VPN, and additional key logs as quickly as possible
- Identify the version of ransomware used in the attack
- Examine every machine and data store on the network as well as cloud-hosted storage for signs of compromise
- Inventory all compromised devices
- Determine the type of ransomware used in the assault
- Study log activity and sessions to establish the time frame of the assault and to identify any possible lateral movement from the first infected system
- Identify the security gaps exploited to perpetrate the ransomware assault
- Search for new executables associated with the first encrypted files or system compromise
- Parse Outlook PST files
- Analyze attachments
- Separate URLs from messages and check to see if they are malicious
- Provide detailed attack documentation to meet your insurance carrier and compliance regulations
- Suggest recommended improvements to close security vulnerabilities and improve workflows that lower the risk of a future ransomware breach
Progent's Qualifications
Progent has delivered online and on-premises IT services across the United States for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have earned high-level certifications in foundation technology platforms including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security experts have earned internationally recognized certifications including CISA, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP software. This broad array of expertise gives Progent the ability to salvage and integrate the surviving pieces of your network after a ransomware intrusion and rebuild them rapidly into a viable system. Progent has worked with leading insurance carriers like Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Services in Broomfield
To learn more information about ways Progent can assist your Broomfield organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.