Progent's Ransomware Forensics Investigation and Reporting Services in Cambridge
Progent's ransomware forensics consultants can save the system state after a ransomware attack and perform a comprehensive forensics investigation without slowing down activity required for business continuity and data restoration. Your Cambridge organization can use Progent's post-attack forensics documentation to block subsequent ransomware attacks, assist in the recovery of encrypted data, and comply with insurance and regulatory requirements.
Ransomware forensics investigation is aimed at tracking and describing the ransomware assault's storyline throughout the targeted network from start to finish. This audit trail of the way a ransomware attack progressed through the network assists you to assess the impact and highlights shortcomings in security policies or work habits that should be corrected to avoid later breaches. Forensics is typically given a high priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Since forensics can take time, it is vital that other key recovery processes like business continuity are performed in parallel. Progent has a large team of IT and data security experts with the knowledge and experience needed to carry out activities for containment, business continuity, and data recovery without interfering with forensics.
Ransomware forensics analysis is time consuming and requires close interaction with the groups focused on file restoration and, if needed, payment discussions with the ransomware Threat Actor. Ransomware forensics can require the examination of all logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, schedulers, and basic Windows systems to detect changes.
Services associated with forensics include:
- Detach but avoid shutting off all possibly impacted devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and setting up two-factor authentication to guard your backups.
- Copy forensically complete digital images of all exposed devices so the file restoration group can get started
- Preserve firewall, virtual private network, and additional key logs as soon as feasible
- Identify the type of ransomware involved in the attack
- Inspect each machine and data store on the network as well as cloud storage for signs of compromise
- Catalog all encrypted devices
- Establish the type of ransomware used in the attack
- Review log activity and user sessions in order to establish the time frame of the ransomware attack and to spot any possible lateral movement from the originally compromised machine
- Identify the security gaps exploited to perpetrate the ransomware attack
- Look for new executables associated with the first encrypted files or network breach
- Parse Outlook PST files
- Examine attachments
- Extract any URLs embedded in messages and check to see whether they are malicious
- Provide comprehensive incident reporting to meet your insurance carrier and compliance regulations
- Suggest recommended improvements to shore up security vulnerabilities and enforce processes that reduce the exposure to a future ransomware exploit
Progent has delivered remote and on-premises IT services across the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of SBEs includes consultants who have been awarded advanced certifications in core technologies including Cisco networking, VMware virtualization, and major Linux distros. Progent's data security consultants have earned industry-recognized certifications such as CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also has top-tier support in financial management and Enterprise Resource Planning software. This broad array of skills gives Progent the ability to salvage and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them rapidly into a functioning system. Progent has worked with leading cyber insurance providers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Services in Cambridge
To learn more about ways Progent can assist your Cambridge organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.