Overview of Progent's Ransomware Forensics and Reporting Services in Calgary
Progent's ransomware forensics experts can save the system state after a ransomware assault and perform a detailed forensics analysis without interfering with activity related to business continuity and data restoration. Your Calgary organization can use Progent's ransomware forensics documentation to counter subsequent ransomware attacks, assist in the restoration of lost data, and comply with insurance and regulatory requirements.
Ransomware forensics analysis is aimed at discovering and documenting the ransomware assault's progress across the network from beginning to end. This audit trail of the way a ransomware assault travelled through the network helps your IT staff to evaluate the damage and brings to light gaps in rules or work habits that should be rectified to avoid later breaches. Forensics is commonly given a high priority by the insurance carrier and is often mandated by state and industry regulations. Because forensic analysis can take time, it is essential that other key activities like operational continuity are performed in parallel. Progent has an extensive team of information technology and security professionals with the knowledge and experience needed to perform the work of containment, operational resumption, and data restoration without disrupting forensic analysis.
Ransomware forensics investigation is complicated and calls for intimate interaction with the groups responsible for data recovery and, if needed, settlement talks with the ransomware hacker. forensics typically require the examination of all logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, schedulers, and basic Windows systems to look for anomalies.
Services associated with forensics investigation include:
- Detach without shutting down all possibly impacted devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user passwords, and implementing 2FA to guard backups.
- Capture forensically sound images of all exposed devices so your file recovery team can get started
- Preserve firewall, VPN, and additional critical logs as quickly as possible
- Identify the kind of ransomware involved in the assault
- Examine every computer and storage device on the network as well as cloud-hosted storage for signs of encryption
- Catalog all compromised devices
- Establish the type of ransomware involved in the assault
- Review logs and user sessions to establish the time frame of the ransomware attack and to spot any possible sideways migration from the first compromised system
- Identify the security gaps exploited to perpetrate the ransomware attack
- Look for new executables associated with the original encrypted files or network compromise
- Parse Outlook PST files
- Examine attachments
- Separate any URLs from messages and determine whether they are malware
- Produce extensive attack documentation to meet your insurance carrier and compliance requirements
- Document recommended improvements to close security gaps and enforce workflows that lower the risk of a future ransomware breach
Progent has provided online and on-premises IT services across the United States for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have earned advanced certifications in foundation technologies including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned internationally recognized certifications including CISM, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP software. This breadth of expertise allows Progent to salvage and consolidate the surviving pieces of your IT environment after a ransomware assault and reconstruct them quickly into an operational system. Progent has collaborated with leading cyber insurance providers including Chubb to assist organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Calgary
To learn more information about how Progent can assist your Calgary organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.