Overview of Progent's Ransomware Forensics Investigation and Reporting in Cambridge
Progent's ransomware forensics experts can capture the system state after a ransomware attack and perform a detailed forensics investigation without disrupting the processes required for operational continuity and data recovery. Your Cambridge organization can utilize Progent's post-attack ransomware forensics report to block future ransomware assaults, assist in the restoration of encrypted data, and meet insurance carrier and regulatory reporting requirements.
Ransomware forensics analysis is aimed at determining and describing the ransomware attack's progress throughout the network from start to finish. This history of how a ransomware attack progressed within the network assists you to evaluate the impact and uncovers vulnerabilities in security policies or processes that should be rectified to prevent future breaches. Forensics is commonly given a top priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Because forensics can take time, it is essential that other important recovery processes like operational continuity are executed concurrently. Progent has a large team of information technology and data security experts with the skills needed to carry out the work of containment, operational continuity, and data restoration without disrupting forensic analysis.
Ransomware forensics is time consuming and calls for intimate cooperation with the teams assigned to data restoration and, if needed, payment negotiation with the ransomware hacker. Ransomware forensics can involve the review of all logs, registry, Group Policy Object (GPO), AD, DNS servers, routers, firewalls, schedulers, and core Windows systems to check for variations.
Services involved with forensics analysis include:
- Detach without shutting off all possibly impacted devices from the network. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user passwords, and configuring 2FA to secure your backups.
- Create forensically valid images of all exposed devices so the file recovery group can proceed
- Preserve firewall, VPN, and other critical logs as quickly as feasible
- Establish the variety of ransomware used in the assault
- Survey every machine and storage device on the system as well as cloud storage for signs of encryption
- Inventory all compromised devices
- Establish the kind of ransomware used in the assault
- Review log activity and user sessions to establish the timeline of the attack and to spot any potential lateral migration from the first compromised system
- Identify the attack vectors exploited to perpetrate the ransomware assault
- Look for the creation of executables surrounding the original encrypted files or system compromise
- Parse Outlook PST files
- Analyze email attachments
- Extract URLs from messages and determine if they are malware
- Provide detailed attack reporting to satisfy your insurance carrier and compliance mandates
- Document recommendations to shore up security vulnerabilities and enforce workflows that reduce the risk of a future ransomware exploit
Progent has provided online and on-premises network services across the United States for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes professionals who have been awarded high-level certifications in core technologies including Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP application software. This breadth of skills gives Progent the ability to identify and consolidate the undamaged pieces of your information system after a ransomware intrusion and rebuild them quickly into a viable system. Progent has collaborated with leading insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Cambridge
To learn more about ways Progent can help your Cambridge business with ransomware forensics analysis, call 1-800-993-9400 or visit Contact Progent.