Overview of Progent's Ransomware Forensics and Reporting Services in Cambridge
Progent's ransomware forensics consultants can save the evidence of a ransomware attack and carry out a comprehensive forensics investigation without impeding activity required for business resumption and data restoration. Your Cambridge business can utilize Progent's post-attack ransomware forensics report to combat future ransomware assaults, assist in the recovery of encrypted data, and comply with insurance and governmental requirements.
Ransomware forensics analysis involves tracking and describing the ransomware assault's progress across the targeted network from start to finish. This audit trail of how a ransomware assault travelled within the network assists you to evaluate the impact and brings to light weaknesses in policies or processes that need to be corrected to prevent future breaches. Forensics is typically given a high priority by the cyber insurance provider and is typically mandated by state and industry regulations. Since forensics can take time, it is critical that other key recovery processes such as operational continuity are pursued in parallel. Progent has a large roster of IT and cybersecurity professionals with the knowledge and experience required to perform activities for containment, operational resumption, and data recovery without disrupting forensics.
Ransomware forensics investigation is complex and requires close cooperation with the teams assigned to data recovery and, if needed, payment negotiation with the ransomware threat actor. Ransomware forensics can involve the examination of logs, registry, GPO, Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to detect anomalies.
Activities associated with forensics investigation include:
- Isolate but avoid shutting off all potentially impacted devices from the network. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and implementing two-factor authentication to guard backups.
- Create forensically valid digital images of all suspect devices so your data restoration team can proceed
- Preserve firewall, virtual private network, and other key logs as quickly as feasible
- Identify the type of ransomware involved in the attack
- Inspect every computer and data store on the network including cloud storage for signs of compromise
- Inventory all encrypted devices
- Establish the type of ransomware involved in the assault
- Study logs and user sessions in order to determine the time frame of the ransomware attack and to spot any possible sideways movement from the first infected machine
- Understand the attack vectors used to perpetrate the ransomware attack
- Look for new executables associated with the original encrypted files or system compromise
- Parse Outlook web archives
- Examine attachments
- Extract any URLs from messages and determine if they are malware
- Provide detailed incident reporting to meet your insurance and compliance requirements
- Document recommended improvements to shore up security vulnerabilities and enforce processes that lower the risk of a future ransomware breach
Progent's Background
Progent has delivered remote and onsite IT services across the United States for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes professionals who have been awarded advanced certifications in foundation technologies including Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned industry-recognized certifications including CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial and Enterprise Resource Planning software. This broad array of skills allows Progent to salvage and consolidate the undamaged parts of your information system following a ransomware intrusion and reconstruct them rapidly into a viable system. Progent has collaborated with top insurance providers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Expertise in Cambridge
To learn more information about ways Progent can assist your Cambridge organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.