Overview of Progent's Ransomware Forensics and Reporting in Calgary
Progent's ransomware forensics experts can capture the system state after a ransomware assault and carry out a detailed forensics analysis without interfering with the processes required for operational continuity and data restoration. Your Calgary organization can utilize Progent's forensics report to block future ransomware attacks, assist in the recovery of lost data, and comply with insurance carrier and governmental mandates.
Ransomware forensics is aimed at tracking and documenting the ransomware attack's storyline throughout the targeted network from beginning to end. This audit trail of how a ransomware attack travelled through the network helps you to assess the impact and uncovers weaknesses in security policies or work habits that should be corrected to avoid future break-ins. Forensics is commonly assigned a top priority by the insurance carrier and is typically mandated by government and industry regulations. Because forensic analysis can take time, it is vital that other important recovery processes such as business resumption are pursued concurrently. Progent maintains a large team of IT and security experts with the skills required to perform activities for containment, operational continuity, and data recovery without interfering with forensic analysis.
Ransomware forensics is complex and calls for intimate cooperation with the groups assigned to file restoration and, if necessary, settlement discussions with the ransomware Threat Actor. Ransomware forensics can involve the review of all logs, registry, GPO, AD, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to detect changes.
Services associated with forensics analysis include:
- Disconnect without shutting down all potentially affected devices from the network. This can require closing all RDP ports and Internet facing network-attached storage, changing admin credentials and user passwords, and configuring 2FA to secure your backups.
- Create forensically valid images of all exposed devices so your file restoration group can get started
- Save firewall, virtual private network, and other critical logs as quickly as feasible
- Establish the kind of ransomware used in the assault
- Inspect every computer and storage device on the network including cloud-hosted storage for signs of compromise
- Inventory all compromised devices
- Determine the type of ransomware involved in the assault
- Study log activity and user sessions in order to determine the timeline of the attack and to identify any potential lateral migration from the first infected machine
- Understand the security gaps exploited to perpetrate the ransomware attack
- Look for the creation of executables surrounding the original encrypted files or network breach
- Parse Outlook web archives
- Analyze attachments
- Separate URLs from email messages and determine if they are malicious
- Provide detailed incident documentation to satisfy your insurance carrier and compliance regulations
- Document recommendations to shore up cybersecurity gaps and enforce processes that lower the risk of a future ransomware exploit
Progent has delivered remote and on-premises network services across the U.S. for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes professionals who have earned advanced certifications in foundation technology platforms such as Cisco networking, VMware, and major Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has guidance in financial and ERP software. This broad array of skills gives Progent the ability to salvage and consolidate the surviving pieces of your information system following a ransomware attack and reconstruct them quickly into an operational network. Progent has worked with leading cyber insurance providers like Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Calgary
To find out more about ways Progent can help your Calgary business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.